Styra API (2.0.0)
Download OpenAPI specification:Download
Styra DAS is entirely API-driven.
Access to the APIs requires authentication that should be provided as an Authorization HTTP header including a Styra DAS-issued token:
Authorization: Bearer <YOURTOKENHERE>
To request a token you need to have an Styra account, and create a token via the API Tokens menu.
Retrieve activity log
At most 256 entries returned per request. If only start_time or end_time is provided by the caller then the request defaults to 1 hour range
Request Body schema: application/jsonrequired
class_type | string audit or activity |
count | integer <int32> Default: 256 max count of records to return: max(4096) |
end_time | string <date-time> filter time range end_time |
forward | boolean Default: false search from start(true) or end(false) of table |
request_id | string filter on matching request_id |
start_time | string <date-time> filter time range start_time |
Responses
Request samples
- Payload
{- "class_type": "string",
- "count": 256,
- "end_time": "2019-08-24T14:15:22Z",
- "forward": false,
- "request_id": "string",
- "start_time": "2019-08-24T14:15:22Z"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "decision": {
- "input": {
- "body": { },
- "method": "string",
- "path": "string",
- "user": "string",
- "user_claims": { }
}, - "output": {
- "allow": true,
- "status": {
- "reason": "string"
}
}
}, - "duration": 0,
- "request": {
- "class": "string",
- "errors": {
- "evaluation": "string"
}, - "host": "string",
- "id": "string",
- "method": "string",
- "path": "string",
- "request_body": "string",
- "requested_by": "string",
- "requested_through": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}, - "response": {
- "errors": {
- "processing": "string"
}, - "status_code": 0,
- "timestamp": "2019-08-24T14:15:22Z"
}
}
]
}
}
Retrieve activity records
query Parameters
cursor | string continue from cursor position of previous query |
start_time | string minimum request time |
end_time | string maximum request time |
query | string search query |
limit | integer maximum number of activity records to return |
class | string filter response to given activity class |
outcome | string filter by outcome type. One of (all, allowed, denied, error) |
order | string ASC, DESC (default) |
default_timezone | string client time zone offset e.g. -07:00, +3:00, Z. Local time expressions in query are adjusted with this offset |
compact | boolean return only essential decision fields |
Responses
Response samples
- 200
- 400
{- "cursor": "string",
- "request_id": "string",
- "results": [
- {
- "decision": {
- "input": {
- "body": { },
- "method": "string",
- "path": "string",
- "user": "string",
- "user_claims": { }
}, - "output": {
- "allow": true,
- "status": {
- "reason": "string"
}
}
}, - "duration": 0,
- "request": {
- "class": "string",
- "errors": {
- "evaluation": "string"
}, - "host": "string",
- "id": "string",
- "method": "string",
- "path": "string",
- "request_body": "string",
- "requested_by": "string",
- "requested_through": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}, - "response": {
- "errors": {
- "processing": "string"
}, - "status_code": 0,
- "timestamp": "2019-08-24T14:15:22Z"
}
}
]
}
Retrieve activity record for given request UD
path Parameters
id required | string.* request ID |
Responses
Response samples
- 200
- 400
{- "request_id": "string",
- "results": {
- "decision": {
- "input": {
- "body": { },
- "method": "string",
- "path": "string",
- "user": "string",
- "user_claims": { }
}, - "output": {
- "allow": true,
- "status": {
- "reason": "string"
}
}
}, - "duration": 0,
- "request": {
- "class": "string",
- "errors": {
- "evaluation": "string"
}, - "host": "string",
- "id": "string",
- "method": "string",
- "path": "string",
- "request_body": "string",
- "requested_by": "string",
- "requested_through": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}, - "response": {
- "errors": {
- "processing": "string"
}, - "status_code": 0,
- "timestamp": "2019-08-24T14:15:22Z"
}
}
}
Get current agent statuses
path Parameters
kind required | string agent kind such as "agents", "datasources", "datasources-agents", "slps", "exporters" |
query Parameters
system | string return only statuses for one or more system ID |
id | string return only statuses for one or more agent ID |
excludes | string filters keys from agent statuses (separate keys by comma, nest keys using dot notation (e.g. parentKey.nestedKey,parentKey2). lists unsupported |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": {
- "property1": { },
- "property2": { }
}
}
Post agent status
path Parameters
kind required | string agent kind such as "agents", "datasources", "datasources-agents", "slps", "exporters" |
Request Body schema: application/jsonrequired
Responses
Request samples
- Payload
{ }
Response samples
- 200
{- "request_id": "string"
}
Update agent status
path Parameters
kind required | string agent kind such as "agents", "datasources", "datasources-agents", "slps", "exporters" |
id required | string.* agent id |
Request Body schema: application/jsonrequired
Responses
Request samples
- Payload
{ }
Response samples
- 200
{- "request_id": "string"
}
Evaluate a list of permissions
Request Body schema: application/jsonrequired
action required | string |
body required | object |
check_option required | string |
operation required | string |
path required | string |
Responses
Request samples
- Payload
[- {
- "action": "string",
- "body": { },
- "check_option": "string",
- "operation": "string",
- "path": "string"
}
]
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "allowed": true,
- "body": { },
- "check_option": "string",
- "eval_error": true,
- "operation": "string",
- "path": "string"
}
]
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "property1": {
- "property1": [
- {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "role_name": "string",
- "subjects": [
- "string"
]
}
], - "property2": [
- {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "role_name": "string",
- "subjects": [
- "string"
]
}
]
}, - "property2": {
- "property1": [
- {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "role_name": "string",
- "subjects": [
- "string"
]
}
], - "property2": [
- {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "role_name": "string",
- "subjects": [
- "string"
]
}
]
}
}
}
List role bindings
path Parameters
resourcetype required | string.* resource type |
resource required | string.* resource id |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "role_name": "string",
- "subjects": [
- "string"
]
}
]
}
Delete a resource role binding
path Parameters
resourcetype required | string.* resource type |
resource required | string.* resource id |
rolebinding required | string.* role binding id |
query Parameters
recursive | string if set to 'false', only deletes the role binding configuration and does not delete associated objects |
Responses
Response samples
- 200
- 404
{- "request_id": "string"
}
Get a role binding
path Parameters
resourcetype required | string.* resource type |
resource required | string.* resource id |
rolebinding required | string.* role binding id |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "role_name": "string",
- "subjects": [
- "string"
]
}
}
Update a role binding
path Parameters
resourcetype required | string.* resource type |
resource required | string.* resource id |
rolebinding required | string.* role binding id |
Request Body schema: application/jsonrequired
description required | string |
id required | string |
role_name required | string |
subjects required | Array of strings |
Responses
Request samples
- Payload
{- "description": "string",
- "id": "string",
- "role_name": "string",
- "subjects": [
- "string"
]
}
Response samples
- 200
- 404
{- "request_id": "string"
}
List role bindings
query Parameters
resource_kind | string if set returns only rolebindings involving the specified resource kind (if supplied multiple times will return rolebindings that match any of the specified resource kinds) |
resource_id | string if set returns only rolebindings involving the specified resource id (if supplied multiple times will return rolebindings that match any of the specified resource ids) |
role_id | string if set returns only rolebindings involving the specified role id (if supplied multiple times will return rolebindings that match any of the specified role ids) |
subject_kind | string if set returns only rolebindings involving the specified subject kind (if supplied multiple times will return rolebindings that match any of the specified subject kinds) |
subject_id | string if set returns only rolebindings involving the specified subject id (if supplied multiple times will return rolebindings that match any of the specified subject ids) |
internal | boolean if set to 'true', returns only internal rolebindings |
limit | integer maximum number of rolebindings to return. If no limit is specified, the default is to return all results. |
offset | integer controls the starting point within the list of rolebindings. Note that the first item is retrieved by setting a zero offset. |
Responses
Response samples
- 200
{- "Offset": 0,
- "request_id": "string",
- "rolebindings": [
- {
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "resource_filter": {
- "id": "string",
- "kind": "string"
}, - "role_id": "string",
- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
]
}
Create or update rolebinding
header Parameters
If-None-Match | string if set to '*', will not update existing rolebinding |
Request Body schema: application/jsonrequired
id | string if present, implies updating existing rolebinding in its entirety, otherwise create new |
required | object (authz.v2.ResourceFilter) |
role_id required | string role ID e.g., SystemOwner |
required | Array of objects (authz.v2.Subject) list of subjects |
Responses
Request samples
- Payload
{- "id": "string",
- "resource_filter": {
- "id": "string",
- "kind": "string"
}, - "role_id": "string",
- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
Response samples
- 200
- 400
- 404
- 409
{- "request_id": "string",
- "rolebinding": {
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "resource_filter": {
- "id": "string",
- "kind": "string"
}, - "role_id": "string",
- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
}
Response samples
- 200
- 404
{- "request_id": "string",
- "rolebinding": {
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "resource_filter": {
- "id": "string",
- "kind": "string"
}, - "role_id": "string",
- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
}
Delete rolebinding subjects
path Parameters
id required | string.* rolebinding ID |
Request Body schema: application/jsonrequired
required | Array of objects (authz.v2.Subject) | ||||||
Array
|
Responses
Request samples
- Payload
{- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
Response samples
- 200
- 400
- 404
{- "request_id": "string",
- "rolebinding": {
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "resource_filter": {
- "id": "string",
- "kind": "string"
}, - "role_id": "string",
- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
}
Update rolebinding subjects
path Parameters
id required | string.* rolebinding ID |
Request Body schema: application/jsonrequired
required | Array of objects (authz.v2.Subject) | ||||||
Array
|
Responses
Request samples
- Payload
{- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
Response samples
- 200
- 400
- 404
{- "request_id": "string",
- "rolebinding": {
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "resource_filter": {
- "id": "string",
- "kind": "string"
}, - "role_id": "string",
- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
}
Merge rolebinding subjects
path Parameters
id required | string.* rolebinding ID |
Request Body schema: application/jsonrequired
required | Array of objects (authz.v2.Subject) | ||||||
Array
|
Responses
Request samples
- Payload
{- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
Response samples
- 200
- 400
- 404
{- "request_id": "string",
- "rolebinding": {
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "resource_filter": {
- "id": "string",
- "kind": "string"
}, - "role_id": "string",
- "subjects": [
- {
- "claim_config": {
- "identity_provider": "string",
- "key": "string",
- "value": "string"
}, - "id": "string",
- "kind": "string"
}
]
}
}
List roles
query Parameters
resource_kind | string if set returns only roles applicable to specific resource kind |
Responses
Response samples
- 200
{- "request_id": "string",
- "roles": [
- {
- "description": "string",
- "id": "string",
- "inherit_roles": [
- {
- "action": "string",
- "resource_kind": "string",
- "role": "string"
}
], - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "resource_kind": "string"
}
]
}
Execute a blueprint.
path Parameters
name required | string.* The blueprint name. |
Request Body schema: */*required
Responses
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "blueprint": "string",
- "resources": [
- {
- "id": "string",
- "type": "string"
}
]
}
}
Get a policy bundle
query Parameters
policy | string policy name |
eval_path | string path to partial evaluation |
kind | string Default: "Plain" Enum: "Plain" "BJson" Kind of a bundle |
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Responses
Response samples
- 200
Get a policy bundle
path Parameters
policy required | string.* policy name |
query Parameters
eval_path | string path to partial evaluation |
kind | string Default: "Plain" Enum: "Plain" "BJson" Kind of a bundle |
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Responses
Response samples
- 200
- 404
List data
Data (whether the result of evaluating policy or the data gathered by datasources) is arranged into a tree. List the locations within the tree that data exists.
query Parameters
rego | string Rego query to be executed for the documents |
jsonpath | string Json Path expression to extract portions of documents |
sandbox | boolean Only used explicitly provided policies and data. Do not load anything from DAS |
strict | boolean Enable strict Rego compilation mode |
data | string Initial data object in JSON format |
download | boolean Default: false Download data as data.json file |
limit | string Returns '413 Payload Too Large' response if the body size is greater than given limit. The units KB, MB and etc can be used. Example: 10 MB; 28 kilobytes; 2000 |
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Responses
Response samples
- 200
- 404
- 413
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": null,
- "type_env": null
}
Check size of data
query Parameters
rego | string Rego query to be executed for the documents |
jsonpath | string Json Path expression to extract portions of documents |
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Responses
Response samples
- 404
{- "code": "string",
- "errors": [
- "string"
], - "message": "string",
- "request_id": "string"
}
Show all data
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Request Body schema: required
data | object Initial data object |
input | object |
jsonpath | string Json Path expression to extract portions of documents |
object (data.v1.BuiltinMocks) | |
object Cache containing results of non-deterministic built-in functions | |
query_package | string The package name to be used with query in case of multiple rego modules |
rego | string Rego query to be executed for the documents |
object List of rego modules to be loaded and executed for the documents | |
replay | boolean Inject STYRA_DAS_REPLAY environment variable into opa.runtime().env |
sandbox | boolean Only used explicitly provided policies and data. Do not load anything from DAS |
strict | boolean Enable strict Rego compilation mode |
Responses
Request samples
- Payload
{- "data": { },
- "input": { },
- "jsonpath": "string",
- "mocks": {
- "dynamodb.get": {
- "data": [
- {
- "key": { },
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "dynamodb.query": {
- "data": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "http.send": {
- "data": [
- {
- "method": "string",
- "result": { },
- "url": "string"
}
]
}, - "mongodb.find": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "data": [
- {
- "parameters": { },
- "query": "string",
- "result": { },
- "uri": "string"
}
]
}, - "opa.runtime": {
- "result": { }
}, - "redis.query": {
- "data": [
- {
- "addr": "string",
- "args": [
- null
], - "command": "string",
- "db": 0,
- "result": { }
}
]
}, - "sql.send": {
- "data": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string",
- "result": { }
}
]
}, - "vault.send": {
- "data": [
- {
- "mount_path": "string",
- "path": "string",
- "result": { }
}
]
}
}, - "nd_builtin_cache": {
- "property1": { },
- "property2": { }
}, - "query_package": "string",
- "rego": "string",
- "rego_modules": {
- "property1": "string",
- "property2": "string"
}, - "replay": true,
- "sandbox": true,
- "strict": true
}
Response samples
- 200
- 404
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": null,
- "type_env": null
}
Get data
Show data at the given name
. The name
must be an extension of one of the locations of data as returned by GET v1/data
path Parameters
name required | string.* Data name |
query Parameters
rego | string Rego query to be executed for the documents |
jsonpath | string JSONPath expression to extract portions of documents |
sandbox | boolean Only used explicitly provided policies and data. Do not load anything from DAS |
strict | boolean Enable strict Rego compilation mode |
data | string Initial data object in JSON format |
download | boolean Default: false Download data as |
limit | string Returns '413 Payload Too Large' response if the body size is greater than given limit. The units KB, MB and etc can be used. Example: 10 MB; 28 kilobytes; 2000 |
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Responses
Response samples
- 200
- 404
- 413
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": null,
- "type_env": null
}
Check the size of the data
path Parameters
name required | string.* data name |
query Parameters
rego | string Rego query to be executed for the documents |
jsonpath | string Json Path expression to extract portions of documents |
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Responses
Response samples
- 404
{- "code": "string",
- "errors": [
- "string"
], - "message": "string",
- "request_id": "string"
}
Patch data
Modify the data of the push datasource registered at <path>
by applying a JSON patch to the JSON document. The content type for the patch is application/json-patch+json
. The operation returns the modified data.
path Parameters
name required | string.* data name |
header Parameters
If-Match | string etag |
Request Body schema: required
Responses
Request samples
- Payload
{ }
Response samples
- 200
- 404
- 413
{- "request_id": "string",
- "result": null
}
Show data
Show data at the given name
. The name
must be an extension of one of the locations of data as returned by GET v1/data
.
path Parameters
name required | string.* data name |
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Request Body schema: required
data | object Initial data object |
input | object |
jsonpath | string Json Path expression to extract portions of documents |
object (data.v1.BuiltinMocks) | |
object Cache containing results of non-deterministic built-in functions | |
query_package | string The package name to be used with query in case of multiple rego modules |
rego | string Rego query to be executed for the documents |
object List of rego modules to be loaded and executed for the documents | |
replay | boolean Inject STYRA_DAS_REPLAY environment variable into opa.runtime().env |
sandbox | boolean Only used explicitly provided policies and data. Do not load anything from DAS |
strict | boolean Enable strict Rego compilation mode |
Responses
Request samples
- Payload
{- "data": { },
- "input": { },
- "jsonpath": "string",
- "mocks": {
- "dynamodb.get": {
- "data": [
- {
- "key": { },
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "dynamodb.query": {
- "data": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "http.send": {
- "data": [
- {
- "method": "string",
- "result": { },
- "url": "string"
}
]
}, - "mongodb.find": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "data": [
- {
- "parameters": { },
- "query": "string",
- "result": { },
- "uri": "string"
}
]
}, - "opa.runtime": {
- "result": { }
}, - "redis.query": {
- "data": [
- {
- "addr": "string",
- "args": [
- null
], - "command": "string",
- "db": 0,
- "result": { }
}
]
}, - "sql.send": {
- "data": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string",
- "result": { }
}
]
}, - "vault.send": {
- "data": [
- {
- "mount_path": "string",
- "path": "string",
- "result": { }
}
]
}
}, - "nd_builtin_cache": {
- "property1": { },
- "property2": { }
}, - "query_package": "string",
- "rego": "string",
- "rego_modules": {
- "property1": "string",
- "property2": "string"
}, - "replay": true,
- "sandbox": true,
- "strict": true
}
Response samples
- 200
- 404
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": null,
- "type_env": null
}
Publish data
Set the data for the datasource registered at <name>
to an arbitrary JSON document. This data can be read by doing GET v1/data/<path>
path Parameters
name required | string.* data name |
header Parameters
If-Match | string etag |
Request Body schema: required
Responses
Request samples
- Payload
{ }
Response samples
- 200
- 404
- 413
{- "request_id": "string"
}
Execute or Preview a data source
path Parameters
datasource required | string.* Data source ID |
query Parameters
execute | boolean Execute data source |
preview | boolean Preview data source |
download | boolean Default: false This is part of preview workflow. Download preview data as data.json file. |
limit | string This is part of preview workflow. Returns '413 Payload Too Large' response if the body size is greater than given limit. The units KB, MB and etc can be used. Example: 10 MB; 28 kilobytes; 2000 |
Request Body schema: */*required
category required | string Must be |
description | string |
enabled | boolean Default: true |
on_premises | boolean Default: false |
rate_limit | number Default: 3 requests per second |
polling_interval | string Default: "30s" |
policy_filter | string Policy Filter (if set, then policy_query must be set as well) |
policy_query | string Policy Query (if set, then policy_filter must be set as well) |
credentials required | string Secret ID with AWS credentials |
region required | string AWS region |
RegistryId | string Registry ID |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": null
}
Upsert a data source
path Parameters
datasource required | string.* Data source ID |
header Parameters
If-None-Match | string The server will return the requested resource, with a 200 status, only if it doesn't have an ETag matching the given ones. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match documentation. |
Request Body schema: */*required
category required | string Must be |
description | string |
enabled | boolean Default: true |
on_premises | boolean Default: false |
rate_limit | number Default: 3 requests per second |
polling_interval | string Default: "30s" |
policy_filter | string Policy Filter (if set, then policy_query must be set as well) |
policy_query | string Policy Query (if set, then policy_filter must be set as well) |
credentials required | string Secret ID with AWS credentials |
region required | string AWS region |
RegistryId | string Registry ID |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": {
- "category": "aws/ecr",
- "credentials": "aws_creds",
- "on_premises": false,
- "region": "us-east-1",
- "executed": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "resources": [
- { }
], - "status": { }
}
}
Search decision logs
query Parameters
input_max_size | string input_max_size will remove specified subfield from response if it exceeds the size specified |
result_max_size | string result_max_size will remove specified subfield from response if it exceeds the size specified |
cursor | string continue from cursor position of previous query |
start_time | string <date-time> minimum decision time |
end_time | string <date-time> maximum decision time |
search | string search query |
system | string system ID |
stack | string stack ID |
limit | integer Default: 100 maximum number of decisions to return |
result_kind | string Default: "ALL" comma-separated list of ALL, UNKNOWN, ADVICE, ALLOWED, DENIED, ERROR |
order | string Default: "DESC" ASC, DESC |
default_timezone | string client time zone offset e.g. -07:00, +3:00, Z. Local time expressions in query are adjusted with this offset |
compact | boolean return only essential decision fields |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": {
- "cursor": "string",
- "items": [
- {
- "agent_id": "string",
- "allowed": {
- "error": "string",
- "value": true
}, - "batch_decision_id": "string",
- "bundles": {
- "property1": {
- "revision": "string"
}, - "property2": {
- "revision": "string"
}
}, - "columns": [
- {
- "error": "string",
- "key": "string",
- "type": "string",
- "value": null
}
], - "cursor": "string",
- "decision_id": "string",
- "decision_type": 0,
- "erased": [
- "string"
], - "error": null,
- "filtered_fields": [
- "string"
], - "input": null,
- "kafka_topic": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "metrics": { },
- "nd_builtin_cache": {
- "property1": { },
- "property2": { }
}, - "path": "string",
- "policy_type": "string",
- "processed": "2019-08-24T14:15:22Z",
- "query": "string",
- "reason": {
- "error": "string",
- "value": "string"
}, - "received": "2019-08-24T14:15:22Z",
- "req_id": 0,
- "request_context": {
- "http": {
- "headers": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
}, - "requested_by": "string",
- "result": null,
- "revision": "string",
- "stacks": [
- "string"
], - "system_id": "string",
- "system_type": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
Search decision logs
query Parameters
input_max_size | string input_max_size will remove specified subfield from response if it exceeds the size specified |
result_max_size | string result_max_size will remove specified subfield from response if it exceeds the size specified |
Request Body schema: application/jsonrequired
compact | boolean Default: false return only essential decision fields |
cursor | string continue from cursor position of previous query |
default_timezone | string client time zone offset. Local time expressions in query are adjusted with this offset |
end_time | string <date-time> maximum decision time |
limit | integer <int64> Default: 100 maximum number of decisions to return |
order | string Default: "DESC" ASC, DESC |
result_kind | string Default: "ALL" comma-separated list of ALL, UNKNOWN, ADVICE, ALLOWED, DENIED, ERROR |
search | string search query |
stack | string stack ID |
start_time | string <date-time> minimum decision time |
system | string system ID |
Responses
Request samples
- Payload
{- "compact": false,
- "cursor": "string",
- "default_timezone": "-07:00, +3:00, Z",
- "end_time": "2019-08-24T14:15:22Z",
- "limit": 100,
- "order": "DESC",
- "result_kind": "ALL",
- "search": "string",
- "stack": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "cursor": "string",
- "items": [
- {
- "agent_id": "string",
- "allowed": {
- "error": "string",
- "value": true
}, - "batch_decision_id": "string",
- "bundles": {
- "property1": {
- "revision": "string"
}, - "property2": {
- "revision": "string"
}
}, - "columns": [
- {
- "error": "string",
- "key": "string",
- "type": "string",
- "value": null
}
], - "cursor": "string",
- "decision_id": "string",
- "decision_type": 0,
- "erased": [
- "string"
], - "error": null,
- "filtered_fields": [
- "string"
], - "input": null,
- "kafka_topic": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "metrics": { },
- "nd_builtin_cache": {
- "property1": { },
- "property2": { }
}, - "path": "string",
- "policy_type": "string",
- "processed": "2019-08-24T14:15:22Z",
- "query": "string",
- "reason": {
- "error": "string",
- "value": "string"
}, - "received": "2019-08-24T14:15:22Z",
- "req_id": 0,
- "request_context": {
- "http": {
- "headers": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
}, - "requested_by": "string",
- "result": null,
- "revision": "string",
- "stacks": [
- "string"
], - "system_id": "string",
- "system_type": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
Get a single decision
path Parameters
cursor required | string decision cursor value |
query Parameters
input_max_size | string input_max_size will remove specified subfield from response if it exceeds the size specified |
result_max_size | string result_max_size will remove specified subfield from response if it exceeds the size specified |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": {
- "agent_id": "string",
- "allowed": {
- "error": "string",
- "value": true
}, - "batch_decision_id": "string",
- "bundles": {
- "property1": {
- "revision": "string"
}, - "property2": {
- "revision": "string"
}
}, - "columns": [
- {
- "error": "string",
- "key": "string",
- "type": "string",
- "value": null
}
], - "cursor": "string",
- "decision_id": "string",
- "decision_type": 0,
- "erased": [
- "string"
], - "error": null,
- "filtered_fields": [
- "string"
], - "input": null,
- "kafka_topic": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "metrics": { },
- "nd_builtin_cache": {
- "property1": { },
- "property2": { }
}, - "path": "string",
- "policy_type": "string",
- "processed": "2019-08-24T14:15:22Z",
- "query": "string",
- "reason": {
- "error": "string",
- "value": "string"
}, - "received": "2019-08-24T14:15:22Z",
- "req_id": 0,
- "request_context": {
- "http": {
- "headers": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
}, - "requested_by": "string",
- "result": null,
- "revision": "string",
- "stacks": [
- "string"
], - "system_id": "string",
- "system_type": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "allow_idp_initiated": true,
- "allowed_domains": [
- "string"
], - "auth_url": "string",
- "certificate": "string",
- "client_id": "string",
- "client_secret": "string",
- "effective_client_secret": "string",
- "email_attribute": "string",
- "enabled": true,
- "id": "string",
- "issuer_url": "string",
- "jit": true,
- "key_certificate": "string",
- "metadata": "string",
- "override_discovery_issuer_url": "string",
- "private_key": "string",
- "proxy_url": "string",
- "redirect_url": "string",
- "response_mode": "string",
- "scopes": [
- "string"
], - "skip_token_issuer_check": true,
- "token_url": "string",
- "type": "string",
- "unique_claim": "string",
- "user_info_url": "string"
}
]
}
Create provider
Request Body schema: application/jsonrequired
allow_idp_initiated required | boolean |
allowed_domains required | Array of strings allow users from domains |
auth_url required | string |
certificate required | string send instead of KeyCertificate for new configs |
client_id required | string |
client_secret required | string |
effective_client_secret required | string send instead of ClientSecret for new configs |
email_attribute required | string |
enabled required | boolean whether it can be used as a provider or not |
id required | string |
issuer_url required | string |
jit required | boolean True, if users are provisioned on-demand |
key_certificate required | string |
metadata required | string |
override_discovery_issuer_url | string |
private_key required | string send instead of KeyCertificate for new configs |
proxy_url required | string |
redirect_url required | string |
response_mode required | string |
scopes required | Array of strings |
skip_token_issuer_check | boolean |
token_url required | string |
type required | string OIDC (default) or SAML |
unique_claim required | string claim to be used as the unique id for users |
user_info_url required | string |
Responses
Request samples
- Payload
{- "allow_idp_initiated": true,
- "allowed_domains": [
- "string"
], - "auth_url": "string",
- "certificate": "string",
- "client_id": "string",
- "client_secret": "string",
- "effective_client_secret": "string",
- "email_attribute": "string",
- "enabled": true,
- "id": "string",
- "issuer_url": "string",
- "jit": true,
- "key_certificate": "string",
- "metadata": "string",
- "override_discovery_issuer_url": "string",
- "private_key": "string",
- "proxy_url": "string",
- "redirect_url": "string",
- "response_mode": "string",
- "scopes": [
- "string"
], - "skip_token_issuer_check": true,
- "token_url": "string",
- "type": "string",
- "unique_claim": "string",
- "user_info_url": "string"
}
Response samples
- 200
- 404
{- "request_id": "string"
}
Validate provider
Request Body schema: application/jsonrequired
allow_idp_initiated required | boolean |
allowed_domains required | Array of strings allow users from domains |
auth_url required | string |
certificate required | string send instead of KeyCertificate for new configs |
client_id required | string |
client_secret required | string |
effective_client_secret required | string send instead of ClientSecret for new configs |
email_attribute required | string |
enabled required | boolean whether it can be used as a provider or not |
id required | string |
issuer_url required | string |
jit required | boolean True, if users are provisioned on-demand |
key_certificate required | string |
metadata required | string |
override_discovery_issuer_url | string |
private_key required | string send instead of KeyCertificate for new configs |
proxy_url required | string |
redirect_url required | string |
response_mode required | string |
scopes required | Array of strings |
skip_token_issuer_check | boolean |
token_url required | string |
type required | string OIDC (default) or SAML |
unique_claim required | string claim to be used as the unique id for users |
user_info_url required | string |
Responses
Request samples
- Payload
{- "allow_idp_initiated": true,
- "allowed_domains": [
- "string"
], - "auth_url": "string",
- "certificate": "string",
- "client_id": "string",
- "client_secret": "string",
- "effective_client_secret": "string",
- "email_attribute": "string",
- "enabled": true,
- "id": "string",
- "issuer_url": "string",
- "jit": true,
- "key_certificate": "string",
- "metadata": "string",
- "override_discovery_issuer_url": "string",
- "private_key": "string",
- "proxy_url": "string",
- "redirect_url": "string",
- "response_mode": "string",
- "scopes": [
- "string"
], - "skip_token_issuer_check": true,
- "token_url": "string",
- "type": "string",
- "unique_claim": "string",
- "user_info_url": "string"
}
Response samples
- 200
- 400
- 404
{- "request_id": "string",
- "result": {
- "redirect_url": "string"
}
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "allow_idp_initiated": true,
- "allowed_domains": [
- "string"
], - "auth_url": "string",
- "certificate": "string",
- "client_id": "string",
- "client_secret": "string",
- "effective_client_secret": "string",
- "email_attribute": "string",
- "enabled": true,
- "id": "string",
- "issuer_url": "string",
- "jit": true,
- "key_certificate": "string",
- "metadata": "string",
- "override_discovery_issuer_url": "string",
- "private_key": "string",
- "proxy_url": "string",
- "redirect_url": "string",
- "response_mode": "string",
- "scopes": [
- "string"
], - "skip_token_issuer_check": true,
- "token_url": "string",
- "type": "string",
- "unique_claim": "string",
- "user_info_url": "string"
}
}
Create or update provider
path Parameters
providerId required | string.+ provider ID |
header Parameters
If-None-Match | string if set to '*' then creates a new provider with type-specific related objects |
Request Body schema: application/jsonrequired
allow_idp_initiated required | boolean |
allowed_domains required | Array of strings allow users from domains |
auth_url required | string |
certificate required | string send instead of KeyCertificate for new configs |
client_id required | string |
client_secret required | string |
effective_client_secret required | string send instead of ClientSecret for new configs |
email_attribute required | string |
enabled required | boolean whether it can be used as a provider or not |
id required | string |
issuer_url required | string |
jit required | boolean True, if users are provisioned on-demand |
key_certificate required | string |
metadata required | string |
override_discovery_issuer_url | string |
private_key required | string send instead of KeyCertificate for new configs |
proxy_url required | string |
redirect_url required | string |
response_mode required | string |
scopes required | Array of strings |
skip_token_issuer_check | boolean |
token_url required | string |
type required | string OIDC (default) or SAML |
unique_claim required | string claim to be used as the unique id for users |
user_info_url required | string |
Responses
Request samples
- Payload
{- "allow_idp_initiated": true,
- "allowed_domains": [
- "string"
], - "auth_url": "string",
- "certificate": "string",
- "client_id": "string",
- "client_secret": "string",
- "effective_client_secret": "string",
- "email_attribute": "string",
- "enabled": true,
- "id": "string",
- "issuer_url": "string",
- "jit": true,
- "key_certificate": "string",
- "metadata": "string",
- "override_discovery_issuer_url": "string",
- "private_key": "string",
- "proxy_url": "string",
- "redirect_url": "string",
- "response_mode": "string",
- "scopes": [
- "string"
], - "skip_token_issuer_check": true,
- "token_url": "string",
- "type": "string",
- "unique_claim": "string",
- "user_info_url": "string"
}
Response samples
- 200
- 404
{- "request_id": "string"
}
Invite user
query Parameters
boolean set to false to avoid sending an email |
Request Body schema: application/jsonrequired
roles required | Array of strings list of roles for the invited user |
user_id required | string user ID to create invitation for |
Responses
Request samples
- Payload
{- "roles": [
- "string"
], - "user_id": "string"
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "url": "string"
}
}
Accept invitation
path Parameters
token required | string.+ token from the invitation URL |
Request Body schema: application/jsonrequired
password required | string new user password |
user_id required | string new user ID |
Responses
Request samples
- Payload
{- "password": "string",
- "user_id": "string"
}
Response samples
- 200
- 404
{- "request_id": "string"
}
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "read_only": true,
- "source_control": {
- "library_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}
}
]
}
Verify git access
Verifies that the repository can be accessed with the provided credentials
Request Body schema: application/jsonrequired
commit required | string Commit SHA. Only one of reference or commit can be set at any time |
credentials required | string Credentials are looked under the key |
id required | string id of the entity so that the config can be checked for duplicates |
path required | string Path to limit the import to |
reference required | string Remote reference. Only one of reference or commit can be set at any time |
object (git.v1.SSHCredentials) | |
url required | string Repository URL |
Responses
Request samples
- Payload
{- "commit": "string",
- "credentials": "string",
- "id": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "sha": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}
Get a library
path Parameters
id required | string.* id |
query Parameters
policies | boolean set to 'false' to omit policies from the output |
modules | boolean set to 'false' to omit modules from the output |
datasources | boolean set to 'false' to omit datasources from the output |
rule_counts | boolean set to 'false' to omit policy rule counts in the output |
dependant_bundles | string level of report for bundles depending on the library. One of (none, active, all). "active" is the default |
Responses
Response samples
- 200
{- "result": {
- "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": true,
- "source_control": {
- "library_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}, - "used_by": [
- {
- "bundles": [
- {
- "bundle_id": "string",
- "version": 0
}
], - "system_id": "string"
}
]
}
}
Upsert a new library
path Parameters
id required | string.* id |
Request Body schema: application/jsonrequired
description required | string |
read_only required | boolean |
object (libraries.v1.SourceControlConfig) |
Responses
Request samples
- Payload
{- "description": "string",
- "read_only": true,
- "source_control": {
- "library_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}
}
Response samples
- 200
{- "result": {
- "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": true,
- "source_control": {
- "library_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}, - "used_by": [
- {
- "bundles": [
- {
- "bundle_id": "string",
- "version": 0
}
], - "system_id": "string"
}
]
}
}
List files in Styra DAS-created branch.
Gets the list of files for the branch that the Styra DAS creates when modifying rego in the Styra DAS UI and pushing the changes to GitHub in a branch for review.
path Parameters
id required | string.* library id |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "branch": "string",
- "changed_files": [
- "string"
], - "deleted_files": [
- "string"
], - "files": {
- "property1": "string",
- "property2": "string"
}
}
}
Commit files to library source control
Commit files to source control associated with a library
path Parameters
id required | string.* library id |
Request Body schema: application/jsonrequired
author required | string |
email required | string |
required | object Map of filenames to file contents |
files_to_delete required | Array of strings List of filenames to delete from the repo |
message required | string |
Responses
Request samples
- Payload
{- "author": "string",
- "email": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}, - "files_to_delete": [
- "string"
], - "message": "string"
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "author": "string",
- "branch": "string",
- "email": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}, - "files_to_delete": [
- "string"
], - "message": "string"
}
}
List files in current branch.
Gets the list of files in the currently chosen branch.
path Parameters
id required | string.* library id |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "branch": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}
}
}
Validate library unit tests
path Parameters
id required | string.* id |
Request Body schema: application/jsonrequired
object draft policies to be used for 'new' violations computation (path => rego) | |
mode | string Default: "delta" validation mode. One of (delta, all, delta-count, all-count) |
policy_type | string policy type to narrow the monitor policy search (e.g. validating, mutating). Default (empty string or missing) is to run all monitoring policies |
Responses
Request samples
- Payload
{- "drafts": {
- "property1": "string",
- "property2": "string"
}, - "mode": "delta",
- "policy_type": "string"
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "property1": {
- "all": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "all_count": 0,
- "all_errors_count": 0,
- "all_failed_count": 0,
- "new": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "new_count": 0,
- "new_errors_count": 0,
- "new_failed_count": 0,
- "resolved": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "resolved_count": 0,
- "resolved_errors_count": 0,
- "resolved_failed_count": 0,
- "unchanged": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "unchanged_count": 0,
- "unchanged_errors_count": 0,
- "unchanged_failed_count": 0
}, - "property2": {
- "all": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "all_count": 0,
- "all_errors_count": 0,
- "all_failed_count": 0,
- "new": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "new_count": 0,
- "new_errors_count": 0,
- "new_failed_count": 0,
- "resolved": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "resolved_count": 0,
- "resolved_errors_count": 0,
- "resolved_failed_count": 0,
- "unchanged": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "unchanged_count": 0,
- "unchanged_errors_count": 0,
- "unchanged_failed_count": 0
}
}
}
log-replay
is a service that re-evaluates past decision logs in order to estimate what would change if one of the policies
would be different. log-replay
is used as an analysis tool to analyze the impact of a policy change.
Run log-replay
Request Body schema: application/jsonrequired
compare_full_results | boolean Default: false do not compare decisions by system-type-dependent significant fields |
data_patches | Array of objects (logreplay.v1.ReplayRequest.data_patches) [ items ] list of JSON Patches to apply to the data namespace |
decision_patches | Array of objects (logreplay.v1.ReplayRequest.decision_patches) [ items ] list of JSON Patches to apply to the decisions before they evaluated |
deterministic_policies | boolean Default: true signals that decisions having the same inputs, data and revision always evaluate to the same result and therefore can be cached |
duration | string maximum replay duration (e.g. "20s") |
max_samples | integer <int32> maximum number of samples to return |
object (data.v1.BuiltinMocks) | |
object modified rego policies (path => rego content) | |
Array of objects (logreplay.v1.ReplayScope) list of scopes to narrow the decision search | |
skip_batches | Array of strings list of batch IDs to skip |
Responses
Request samples
- Payload
{- "compare_full_results": false,
- "data_patches": [
- [
- { }
]
], - "decision_patches": [
- [
- { }
]
], - "deterministic_policies": true,
- "duration": "string",
- "max_samples": 0,
- "mocks": {
- "dynamodb.get": {
- "data": [
- {
- "key": { },
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "dynamodb.query": {
- "data": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "http.send": {
- "data": [
- {
- "method": "string",
- "result": { },
- "url": "string"
}
]
}, - "mongodb.find": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "data": [
- {
- "parameters": { },
- "query": "string",
- "result": { },
- "uri": "string"
}
]
}, - "opa.runtime": {
- "result": { }
}, - "redis.query": {
- "data": [
- {
- "addr": "string",
- "args": [
- null
], - "command": "string",
- "db": 0,
- "result": { }
}
]
}, - "sql.send": {
- "data": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string",
- "result": { }
}
]
}, - "vault.send": {
- "data": [
- {
- "mount_path": "string",
- "path": "string",
- "result": { }
}
]
}
}, - "policies": {
- "property1": "string",
- "property2": "string"
}, - "scope": [
- {
- "max_age": "string",
- "max_revisions": 1,
- "min_age": "string",
- "path": "string"
}
], - "skip_batches": [
- "string"
]
}
Response samples
- 200
{- "analyzed_batches": [
- "string"
], - "duration": 0,
- "samples": [
- {
- "batch_decision_id": "string",
- "bundles": {
- "property1": {
- "revision": "string"
}, - "property2": {
- "revision": "string"
}
}, - "count": 0,
- "decision_id": "string",
- "erased": [
- "string"
], - "error": "string",
- "input": null,
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "metrics": { },
- "nd_builtin_cache": {
- "property1": { },
- "property2": { }
}, - "new_result": null,
- "path": "string",
- "query": "string",
- "req_id": 0,
- "request_context": {
- "http": {
- "headers": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
}, - "requested_by": "string",
- "result": null,
- "revision": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "started": "2019-08-24T14:15:22Z",
- "stats": {
- "analysis_errors": 0,
- "batches_analyzed": 0,
- "batches_download_errors": 0,
- "batches_downloaded": 0,
- "batches_from_cache": 0,
- "batches_observed": 0,
- "batches_scheduled": 0,
- "batches_skipped": 0,
- "entries_evaluated": 0,
- "entries_failed": 0,
- "entries_observed": 0,
- "entries_scheduled": 0,
- "results_changed": 0
}
}
Run log-replay
Request Body schema: application/jsonrequired
object system ID -> bundle filter mapping specifying which bundles to consider for each system. Use empty string or '*' to provide default filter | |
compare_full_results | boolean Default: false do not compare decisions by system-type-dependent significant fields |
decision_patches | Array of objects (logreplay.v2.ReplayRequest.decision_patches) [ items ] list of JSON Patches to apply to the decisions before they evaluated |
object modifications to make to policies or data | |
duration | string maximum replay duration (e.g. "20s") |
max_samples | integer <int32> maximum number of samples to return |
object (data.v1.BuiltinMocks) | |
path_filters | Array of strings list of path filters. Each entry is either a path prefix that the decision path must begin with or the decision path must be prefix of the entry |
skip_batches | Array of strings list of batch IDs to skip |
systems | Array of strings list of system IDs. If provided, systems that are not in the list won't be replayed even if affected by one of the drafts' |
Responses
Request samples
- Payload
{- "bundle_filters": {
- "property1": {
- "active_from": 0,
- "active_to": 0,
- "bundle_id": "string",
- "created_from": "2019-08-24T14:15:22Z",
- "created_to": "2019-08-24T14:15:22Z",
- "last_deployed_from": "2019-08-24T14:15:22Z",
- "last_deployed_to": "2019-08-24T14:15:22Z",
- "reverse_versioning": true,
- "version_from": 0,
- "version_to": 0
}, - "property2": {
- "active_from": 0,
- "active_to": 0,
- "bundle_id": "string",
- "created_from": "2019-08-24T14:15:22Z",
- "created_to": "2019-08-24T14:15:22Z",
- "last_deployed_from": "2019-08-24T14:15:22Z",
- "last_deployed_to": "2019-08-24T14:15:22Z",
- "reverse_versioning": true,
- "version_from": 0,
- "version_to": 0
}
}, - "compare_full_results": false,
- "decision_patches": [
- [
- { }
]
], - "drafts": {
- "property1": {
- "contents": null,
- "datasources": true,
- "patches": [
- [
- { }
]
], - "policy": {
- "context": "string",
- "overlays": [
- "string"
]
}
}, - "property2": {
- "contents": null,
- "datasources": true,
- "patches": [
- [
- { }
]
], - "policy": {
- "context": "string",
- "overlays": [
- "string"
]
}
}
}, - "duration": "string",
- "max_samples": 0,
- "mocks": {
- "dynamodb.get": {
- "data": [
- {
- "key": { },
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "dynamodb.query": {
- "data": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "http.send": {
- "data": [
- {
- "method": "string",
- "result": { },
- "url": "string"
}
]
}, - "mongodb.find": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "data": [
- {
- "parameters": { },
- "query": "string",
- "result": { },
- "uri": "string"
}
]
}, - "opa.runtime": {
- "result": { }
}, - "redis.query": {
- "data": [
- {
- "addr": "string",
- "args": [
- null
], - "command": "string",
- "db": 0,
- "result": { }
}
]
}, - "sql.send": {
- "data": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string",
- "result": { }
}
]
}, - "vault.send": {
- "data": [
- {
- "mount_path": "string",
- "path": "string",
- "result": { }
}
]
}
}, - "path_filters": [
- "string"
], - "skip_batches": [
- "string"
], - "systems": [
- "string"
]
}
Response samples
- 200
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": {
- "analyzed_batches": [
- "string"
], - "duration": 0,
- "samples": [
- {
- "batch_decision_id": "string",
- "bundles": {
- "property1": {
- "revision": "string"
}, - "property2": {
- "revision": "string"
}
}, - "count": 0,
- "decision_id": "string",
- "erased": [
- "string"
], - "error": "string",
- "input": null,
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "metrics": { },
- "nd_builtin_cache": {
- "property1": { },
- "property2": { }
}, - "new_result": null,
- "path": "string",
- "query": "string",
- "req_id": 0,
- "request_context": {
- "http": {
- "headers": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
}, - "requested_by": "string",
- "result": null,
- "revision": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "started": "2019-08-24T14:15:22Z",
- "stats": {
- "analysis_errors": 0,
- "batches_analyzed": 0,
- "batches_download_errors": 0,
- "batches_downloaded": 0,
- "batches_from_cache": 0,
- "batches_observed": 0,
- "batches_scheduled": 0,
- "batches_skipped": 0,
- "entries_evaluated": 0,
- "entries_failed": 0,
- "entries_observed": 0,
- "entries_scheduled": 0,
- "results_changed": 0
}
}
}
Post decision logs with partition
path Parameters
partition required | string.* partition name. Currently not used |
Request Body schema: application/jsonrequired
Responses
Request samples
- Payload
[- { }
]
Response samples
- 200
{- "request_id": "string"
}
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "system_id": "string"
}
]
}
Create a mock opa.
Request Body schema: application/jsonrequired
duration required | string |
system_id required | string |
Responses
Request samples
- Payload
{- "duration": "string",
- "system_id": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "system_id": "string"
}
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "system_id": "string"
}
}
Handle callbacks from notification applications.
path Parameters
type required | string.* notification type |
query Parameters
code | string authorization code from notification tool |
state | string unique identification code |
Responses
Response samples
- 307
{- "request_id": "string",
- "response_url": "string"
}
Insert an access token for the notification tool.
path Parameters
type required | string.* notification type |
Request Body schema: application/jsonrequired
token required | string |
Responses
Request samples
- Payload
{- "token": "string"
}
Response samples
- 200
{- "request_id": "string"
}
Reset password
path Parameters
token required | string.+ Token ID |
Request Body schema: application/jsonrequired
password required | string |
user_id required | string |
Responses
Request samples
- Payload
{- "password": "string",
- "user_id": "string"
}
Response samples
- 200
{- "url": "string"
}
Analyze password strength
Request Body schema: application/jsonrequired
password required | string |
Responses
Request samples
- Payload
{- "password": "string"
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "cracktime": 0.1,
- "cracktime_display": "string",
- "feedback": {
- "suggestions": [
- "string"
], - "warning": "string"
}, - "max": 0,
- "min": 0,
- "pass": 0,
- "score": 0
}
}
List policies
query Parameters
metadata | string return rego metadata of specified type or all if no type provided |
modules | boolean return rego metadata for each module separately |
drafts | boolean return rego metadata for draft policies (when metadata flag is used) |
prefix | string return only the policies having the prefix |
Responses
Response samples
- 200
{- "metadata": [
- {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}
], - "request_id": "string",
- "result": null
}
List playground policies
query Parameters
metadata | string return rego metadata of specified type or all if no type provided |
drafts | boolean return rego metadata for draft policies (when metadata flag is used) |
Responses
Response samples
- 200
{- "metadata": [
- {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}
], - "request_id": "string",
- "result": null
}
List system policies
path Parameters
system required | string system id |
query Parameters
metadata | string return rego metadata of specified type or all if no type provided |
drafts | boolean return rego metadata for draft policies (when metadata flag is used) |
Responses
Response samples
- 200
{- "metadata": [
- {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}
], - "request_id": "string",
- "result": null
}
Update a policy
path Parameters
policy required | string.+ policy name |
header Parameters
If-None-Match | string etag |
Request Body schema: application/jsonrequired
required | object module file name to rego (and also data.json/data.yaml if enabled for the tenant) contents dictionary |
object (crypto.Signature) |
Responses
Request samples
- Payload
{- "modules": {
- "property1": "string",
- "property2": "string"
}, - "signature": {
- "excluded": {
- "digest": "string",
- "nodes": {
- "property1": { },
- "property2": { }
}
}, - "signatures": [
- {
- "property1": "string",
- "property2": "string"
}
]
}
}
Response samples
- 200
{- "request_id": "string"
}
Format Rego code
query Parameters
v1 | boolean Enable formatting to comply with both the RegoV0 and RegoV1 syntax |
Request Body schema: application/jsonrequired
required | object | ||
|
Responses
Request samples
- Payload
{- "input": {
- "property1": "string",
- "property2": "string"
}
}
Response samples
- 200
{- "errors": {
- "property1": [
- { }
], - "property2": [
- { }
]
}, - "metadata": [
- {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}
], - "output": {
- "property1": "string",
- "property2": "string"
}, - "request_id": "string"
}
Evict client connections
path Parameters
key required | string[a-zA-Z0-9-_]+ key that the relay client registered with |
query Parameters
id | string id of a specific relay client |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "client_id": "string",
- "client_key": "string",
- "remote_address": "string",
- "version": "string"
}
]
}
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "name": "string"
}
]
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "description": "string",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "name": "string"
}
}
Create/update secret
path Parameters
secretId required | string.* secret ID |
header Parameters
If-None-Match | string if set to '*' then the request fill fail if the secret already exists |
Request Body schema: application/jsonrequired
description required | string |
name required | string |
secret required | string |
Responses
Request samples
- Payload
{- "description": "string",
- "name": "string",
- "secret": "string"
}
Response samples
- 200
- 409
{- "request_id": "string"
}
Analyze password strength
Request Body schema: application/jsonrequired
password required | string |
Responses
Request samples
- Payload
{- "password": "string"
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "cracktime": 0.1,
- "cracktime_display": "string",
- "feedback": {
- "suggestions": [
- "string"
], - "warning": "string"
}, - "max": 0,
- "min": 0,
- "pass": 0,
- "score": 0
}
}
List stacks
query Parameters
policies | boolean set to 'false' to omit policies from the output |
modules | boolean set to 'false' to omit modules from the output |
datasources | boolean set to 'false' to omit datasources from the output |
errors | boolean set to 'false' to omit errors/warnings from the output |
metadata | boolean set to 'false' to omit metadata from the output |
rule_counts | boolean set to 'false' to omit policy rule counts in the output |
matching_systems | boolean set to 'false' to omit list of matching systems in the output |
minimum_opa_version | boolean set to 'false' to omit minimum OPA version for systems using stack |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "authz": {
- "role_bindings": [
- {
- "id": "string",
- "role_name": "string"
}
]
}, - "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "description": "string",
- "errors": {
- "property1": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}, - "property2": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}
}, - "id": "string",
- "info": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "matching_systems": [
- "string"
], - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "migration_history": [
- {
- "from": "string",
- "initiated_by": "string",
- "initiating_user": "string",
- "migrated_at": "2019-08-24T14:15:22Z",
- "recovered": true,
- "to": "string"
}
], - "minimum_opa_version": "string",
- "name": "string",
- "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": true,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "stack_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}, - "status": "string",
- "type": "string",
- "type_parameters": { },
- "warnings": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
]
}
Create a stack
Request Body schema: application/jsonrequired
description required | string |
name required | string |
read_only required | boolean |
object (stacks.v1.SourceControlConfig) | |
type required | string |
type_parameters | object stack type parameter values (for template.* types) |
Responses
Request samples
- Payload
{- "description": "string",
- "name": "string",
- "read_only": true,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "stack_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}, - "type": "string",
- "type_parameters": { }
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "authz": {
- "role_bindings": [
- {
- "id": "string",
- "role_name": "string"
}
]
}, - "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "description": "string",
- "errors": {
- "property1": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}, - "property2": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}
}, - "id": "string",
- "info": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "matching_systems": [
- "string"
], - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "migration_history": [
- {
- "from": "string",
- "initiated_by": "string",
- "initiating_user": "string",
- "migrated_at": "2019-08-24T14:15:22Z",
- "recovered": true,
- "to": "string"
}
], - "minimum_opa_version": "string",
- "name": "string",
- "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": true,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "stack_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}, - "status": "string",
- "type": "string",
- "type_parameters": { },
- "warnings": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
}
Verify git access
Verifies that the repository can be accessed with the provided credentials
Request Body schema: application/jsonrequired
commit required | string Commit SHA. Only one of reference or commit can be set at any time |
credentials required | string Credentials are looked under the key |
id required | string id of the entity so that the config can be checked for duplicates |
path required | string Path to limit the import to |
reference required | string Remote reference. Only one of reference or commit can be set at any time |
object (git.v1.SSHCredentials) | |
url required | string Repository URL |
Responses
Request samples
- Payload
{- "commit": "string",
- "credentials": "string",
- "id": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "sha": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}
List files in Styra DAS-created branch.
Gets the list of files for the branch that the Styra DAS creates when modifying rego in the Styra DAS UI and pushing the changes to GitHub in a branch for review.
path Parameters
id required | string.* stack id |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "branch": "string",
- "changed_files": [
- "string"
], - "deleted_files": [
- "string"
], - "files": {
- "property1": "string",
- "property2": "string"
}
}
}
Commit files to stack source control
Commit files to source control associated with a stack
path Parameters
id required | string.* stack id |
Request Body schema: application/jsonrequired
author required | string |
email required | string |
required | object Map of filenames to file contents |
files_to_delete required | Array of strings List of filenames to delete from the repo |
message required | string |
Responses
Request samples
- Payload
{- "author": "string",
- "email": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}, - "files_to_delete": [
- "string"
], - "message": "string"
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "author": "string",
- "branch": "string",
- "email": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}, - "files_to_delete": [
- "string"
], - "message": "string"
}
}
Get a stack configuration
path Parameters
stack required | string.* stack id |
query Parameters
policies | boolean set to 'false' to omit policies from the output |
modules | boolean set to 'false' to omit modules from the output |
datasources | boolean set to 'false' to omit datasources from the output |
errors | boolean set to 'false' to omit errors/warnings from the output |
metadata | boolean set to 'false' to omit metadata from the output |
rule_counts | boolean set to 'false' to omit policy rule counts in the output |
matching_systems | boolean set to 'false' to omit list of matching systems in the output |
minimum_opa_version | boolean set to 'false' to omit minimum OPA version for systems using stack |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": {
- "authz": {
- "role_bindings": [
- {
- "id": "string",
- "role_name": "string"
}
]
}, - "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "description": "string",
- "errors": {
- "property1": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}, - "property2": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}
}, - "id": "string",
- "info": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "matching_systems": [
- "string"
], - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "migration_history": [
- {
- "from": "string",
- "initiated_by": "string",
- "initiating_user": "string",
- "migrated_at": "2019-08-24T14:15:22Z",
- "recovered": true,
- "to": "string"
}
], - "minimum_opa_version": "string",
- "name": "string",
- "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": true,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "stack_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}, - "status": "string",
- "type": "string",
- "type_parameters": { },
- "warnings": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
}
Create or update a stack. Only the fields sent in the request are updated
path Parameters
stack required | string.* stack id |
Request Body schema: application/jsonrequired
description required | string |
name required | string |
read_only required | boolean |
object (stacks.v1.SourceControlConfig) | |
type required | string |
type_parameters | object stack type parameter values (for template.* types) |
Responses
Request samples
- Payload
{- "description": "string",
- "name": "string",
- "read_only": true,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "stack_origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}, - "use_workspace_settings": true
}, - "type": "string",
- "type_parameters": { }
}
Response samples
- 200
{- "request_id": "string"
}
Migrate a stack from one type to another
path Parameters
stack required | string.* stack id |
Request Body schema: application/jsonrequired
type required | string The system type ID to migrate the current system to |
Responses
Request samples
- Payload
{- "type": "string"
}
Response samples
- 202
- 400
- 404
{- "request_id": "string"
}
Validate stack compliance
path Parameters
stack required | string.* stack id |
query Parameters
asyncdelay | string set delay of asynchronous response HTTP(202); range [1s - compliance-api-timeout]. |
asyncresponse | string get asynchronous response; see HTTP(202) Location parameter |
interval | string if set to 'latest', get most recent cached results for specified stack. |
Request Body schema: application/jsonrequired
object draft policies to be used for 'new' violations computation (path => rego) | |
extended | boolean run extended compliance validation that is specific for the system/stack type |
filter | object filter violations with this selector (dot.path => value) |
group_by | Array of strings[ items ] group results by dot.path values (list of group levels with list of fields at each level) |
limit | integer <int32> maximum number of violations to return per monitor |
object (data.v1.BuiltinMocks) | |
mode | string Default: "delta" validation mode. One of (delta, all, delta-count, all-count) |
policy_type | string policy type to narrow the monitor policy search (e.g. validating, mutating). Default (empty string or missing) is to run all monitoring policies |
Array of objects (systems.v1.SortField) list of fields to sort by |
Responses
Request samples
- Payload
{- "drafts": {
- "property1": "string",
- "property2": "string"
}, - "extended": true,
- "filter": { },
- "group_by": [
- [
- "string"
]
], - "limit": 0,
- "mocks": {
- "dynamodb.get": {
- "data": [
- {
- "key": { },
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "dynamodb.query": {
- "data": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "http.send": {
- "data": [
- {
- "method": "string",
- "result": { },
- "url": "string"
}
]
}, - "mongodb.find": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "data": [
- {
- "parameters": { },
- "query": "string",
- "result": { },
- "uri": "string"
}
]
}, - "opa.runtime": {
- "result": { }
}, - "redis.query": {
- "data": [
- {
- "addr": "string",
- "args": [
- null
], - "command": "string",
- "db": 0,
- "result": { }
}
]
}, - "sql.send": {
- "data": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string",
- "result": { }
}
]
}, - "vault.send": {
- "data": [
- {
- "mount_path": "string",
- "path": "string",
- "result": { }
}
]
}
}, - "mode": "delta",
- "policy_type": "string",
- "sort": [
- {
- "descending": true,
- "field": "string"
}
]
}
Response samples
- 200
- 404
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": {
- "property1": {
- "all": [
- null
], - "all_count": 0,
- "metadata": null,
- "new": [
- null
], - "new_count": 0,
- "resolved": [
- null
], - "resolved_count": 0,
- "unchanged": [
- null
], - "unchanged_count": 0
}, - "property2": {
- "all": [
- null
], - "all_count": 0,
- "metadata": null,
- "new": [
- null
], - "new_count": 0,
- "resolved": [
- null
], - "resolved_count": 0,
- "unchanged": [
- null
], - "unchanged_count": 0
}
}
}
Get next page of stack compliance violations
path Parameters
stack required | string.* stack id |
cursor required | string.* paging cursor obtained from previous calls |
query Parameters
limit | integer maximum number of violations to return |
Responses
Response samples
- 200
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": {
- "property1": {
- "all": [
- null
], - "all_count": 0,
- "metadata": null,
- "new": [
- null
], - "new_count": 0,
- "resolved": [
- null
], - "resolved_count": 0,
- "unchanged": [
- null
], - "unchanged_count": 0
}, - "property2": {
- "all": [
- null
], - "all_count": 0,
- "metadata": null,
- "new": [
- null
], - "new_count": 0,
- "resolved": [
- null
], - "resolved_count": 0,
- "unchanged": [
- null
], - "unchanged_count": 0
}
}
}
Validate stack unit tests
path Parameters
stack required | string.* stack id |
Request Body schema: application/jsonrequired
object draft policies to be used for 'new' violations computation (path => rego) | |
mode | string Default: "delta" validation mode. One of (delta, all, delta-count, all-count) |
policy_type | string policy type to narrow the monitor policy search (e.g. validating, mutating). Default (empty string or missing) is to run all monitoring policies |
Responses
Request samples
- Payload
{- "drafts": {
- "property1": "string",
- "property2": "string"
}, - "mode": "delta",
- "policy_type": "string"
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "property1": {
- "all": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "all_count": 0,
- "all_errors_count": 0,
- "all_failed_count": 0,
- "new": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "new_count": 0,
- "new_errors_count": 0,
- "new_failed_count": 0,
- "resolved": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "resolved_count": 0,
- "resolved_errors_count": 0,
- "resolved_failed_count": 0,
- "unchanged": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "unchanged_count": 0,
- "unchanged_errors_count": 0,
- "unchanged_failed_count": 0
}, - "property2": {
- "all": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "all_count": 0,
- "all_errors_count": 0,
- "all_failed_count": 0,
- "new": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "new_count": 0,
- "new_errors_count": 0,
- "new_failed_count": 0,
- "resolved": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "resolved_count": 0,
- "resolved_errors_count": 0,
- "resolved_failed_count": 0,
- "unchanged": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "unchanged_count": 0,
- "unchanged_errors_count": 0,
- "unchanged_failed_count": 0
}
}
}
Update current OPA status
path Parameters
partition required | string.* partition name. Currently not used |
Request Body schema: application/jsonrequired
Responses
Request samples
- Payload
{ }
Response samples
- 200
{- "request_id": "string"
}
List systems
query Parameters
compact | boolean if set to 'true', returns only minimal configuration information for each system |
policies | boolean set to 'false' to omit policies from the output |
modules | boolean set to 'false' to omit modules from the output |
rule_counts | boolean set to 'false' to omit policy rule counts in the output |
datasources | boolean set to 'false' to omit datasources from the output |
errors | boolean set to 'false' to omit errors/warnings from the output |
authz | boolean set to 'false' to omit authz info from the output |
metadata | boolean set to 'false' to omit metadata from the output |
minimum_opa_version | boolean set to 'false' to omit minimum_opa_version from the output |
stacks | boolean set to 'false' to omit matching_stacks from the output |
migration_history | boolean set to 'false' to omit migration_history from the output |
tokens | boolean set to 'false' to omit tokens from the output |
type | string if set returns only systems of the specified type |
name | string if set returns only systems with a name matching the given regex |
Responses
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "authz": {
- "role_bindings": [
- {
- "id": "string",
- "role_name": "string"
}
]
}, - "bundle_download": {
- "delta_bundles": false
}, - "bundle_registry": {
- "disable_bundle_compatibility_check": true,
- "distribution_s3": {
- "access_keys": "string",
- "bucket": "string",
- "context_path": "context-{policy_path}",
- "discovery_path": "discovery.tgz",
- "endpoint": "string",
- "opa_credentials": {
- "environment_credentials": { },
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}, - "policy_path": "bundle.tgz",
- "region": "string",
- "role_arn": "string"
}, - "entrypoints": [
- "string"
], - "manual_deployment": true,
- "manual_deployment_overrides": {
- "property1": true,
- "property2": true
}, - "max_bundles": 0,
- "max_deployed_bundles": 0,
- "optimization_level": 0
}, - "context_bundle_data_only": true,
- "context_bundle_roots": [
- "string"
], - "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "decision_mappings": {
- "property1": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}, - "property2": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "deployment_parameters": {
- "deny_on_opa_fail": false,
- "discovery": { },
- "extra": { },
- "http_proxy": "string",
- "https_proxy": "string",
- "kubernetes_version": "string",
- "mutating_webhook_name": "string",
- "namespace": "string",
- "no_proxy": "string",
- "timeout_seconds": 0,
- "trusted_ca_certs": [
- "string"
], - "trusted_container_registry": "string"
}, - "description": "string",
- "error_setting": "string",
- "errors": {
- "property1": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}, - "property2": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}
}, - "external_bundles": {
- "bundles": {
- "property1": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}, - "property2": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}
}, - "services": [
- {
- "allow_insecure_tls": true,
- "credentials": {
- "azure_managed_identity": {
- "api_version": "string",
- "client_id": "string",
- "endpoint": "string",
- "mi_res_id": "string",
- "object_id": "string",
- "resource": "string"
}, - "bearer": {
- "scheme": "string",
- "token": "string",
- "token_path": "string"
}, - "client_tls": {
- "cert": "string",
- "private_key": "string",
- "private_key_passphrase": "string"
}, - "gcp_metadata": {
- "access_token_path": "string",
- "audience": "string",
- "endpoint": "string",
- "id_token_path": "string",
- "scopes": [
- "string"
]
}, - "oauth2": {
- "additional_claims": { },
- "additional_headers": {
- "property1": "string",
- "property2": "string"
}, - "additional_parameters": {
- "property1": "string",
- "property2": "string"
}, - "client_id": "string",
- "client_secret": "string",
- "grant_type": "string",
- "include_jti_claim": true,
- "scopes": [
- "string"
], - "signing_key": "string",
- "thumbprint": "string",
- "token_url": "string"
}, - "plugin": "string",
- "s3_signing": {
- "environment_credentials": null,
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "profile_credentials": {
- "aws_region": "string",
- "path": "string",
- "profile": "string"
}, - "service": "string",
- "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}
}, - "headers": {
- "property1": "string",
- "property2": "string"
}, - "keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "name": "string",
- "response_header_timeout_seconds": 0,
- "tls": {
- "ca_cert": "string",
- "system_ca_required": true
}, - "type": "string",
- "url": "string"
}
]
}, - "external_id": "string",
- "filter_stacks": true,
- "id": "string",
- "info": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "install": {
- "property1": {
- "property1": "string",
- "property2": "string"
}, - "property2": {
- "property1": "string",
- "property2": "string"
}
}, - "kafka_topic": "string",
- "matching_stacks": [
- "string"
], - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "migration_history": [
- {
- "from": "string",
- "initiated_by": "string",
- "initiating_user": "string",
- "migrated_at": "2019-08-24T14:15:22Z",
- "recovered": true,
- "to": "string"
}
], - "minimum_opa_version": "string",
- "mock_opa_enabled": true,
- "name": "string",
- "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": false,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}, - "status": "string",
- "tokens": [
- {
- "allow_path_patterns": [
- "string"
], - "description": "string",
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "token": "string",
- "ttl": "string",
- "uses": 0
}
], - "type": "string",
- "type_parameters": { },
- "uninstall": {
- "property1": "string",
- "property2": "string"
}, - "warnings": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
]
}
Create a system
Request Body schema: application/jsonrequired
object (systems.v1.BundleDownloadConfig) | |
object (systems.v1.BundleRegistryConfig) | |
context_bundle_data_only | boolean only put data in the context bundle |
context_bundle_roots | Array of strings list of path prefixes for policies/datasources that go into the second (context) bundle |
object location of key attributes and additional columns in the decisions grouped by policy entry point path | |
object (workspace.v1.DecisionExporterConfig) | |
object (systems.v1.SystemDeploymentParameters) | |
description | string description for the system |
error_setting | string error/warning configuration: one of "all", "errors", "none" |
object (systems.v1.ExternalBundleConfig) | |
external_id | string optional parameter to map Styra DAS system ID to external IDs used by a customer. (mapping can be retrieved with TranslateExternalIds operation) |
filter_stacks | boolean when set, stacks that are not linked to this system will be filtered out of its bundles |
kafka_topic | string optional parameter to specify the Kafka topic where the decision logs for this system should be published if exported through the workspace level configuration (ignored if Kafka is not configured for the workspace for decision export) |
mock_opa_enabled | boolean enable mock OPAs for this system |
name required | string system name |
read_only | boolean Default: false prevents users from modifying policies using Styra UIs |
object (git.v1.SourceControlConfig) | |
type required | string system type e.g. kubernetes |
type_parameters | object system type parameter values (for template.* types) |
Responses
Request samples
- Payload
{- "bundle_download": {
- "delta_bundles": false
}, - "bundle_registry": {
- "disable_bundle_compatibility_check": true,
- "distribution_s3": {
- "access_keys": "string",
- "bucket": "string",
- "context_path": "context-{policy_path}",
- "discovery_path": "discovery.tgz",
- "endpoint": "string",
- "opa_credentials": {
- "environment_credentials": { },
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}, - "policy_path": "bundle.tgz",
- "region": "string",
- "role_arn": "string"
}, - "entrypoints": [
- "string"
], - "manual_deployment": true,
- "manual_deployment_overrides": {
- "property1": true,
- "property2": true
}, - "max_bundles": 0,
- "max_deployed_bundles": 0,
- "optimization_level": 0
}, - "context_bundle_data_only": true,
- "context_bundle_roots": [
- "string"
], - "decision_mappings": {
- "property1": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}, - "property2": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "deployment_parameters": {
- "deny_on_opa_fail": false,
- "discovery": { },
- "extra": { },
- "http_proxy": "string",
- "https_proxy": "string",
- "kubernetes_version": "string",
- "mutating_webhook_name": "string",
- "namespace": "string",
- "no_proxy": "string",
- "timeout_seconds": 0,
- "trusted_ca_certs": [
- "string"
], - "trusted_container_registry": "string"
}, - "description": "string",
- "error_setting": "string",
- "external_bundles": {
- "bundles": {
- "property1": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}, - "property2": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}
}, - "services": [
- {
- "allow_insecure_tls": true,
- "credentials": {
- "azure_managed_identity": {
- "api_version": "string",
- "client_id": "string",
- "endpoint": "string",
- "mi_res_id": "string",
- "object_id": "string",
- "resource": "string"
}, - "bearer": {
- "scheme": "string",
- "token": "string",
- "token_path": "string"
}, - "client_tls": {
- "cert": "string",
- "private_key": "string",
- "private_key_passphrase": "string"
}, - "gcp_metadata": {
- "access_token_path": "string",
- "audience": "string",
- "endpoint": "string",
- "id_token_path": "string",
- "scopes": [
- "string"
]
}, - "oauth2": {
- "additional_claims": { },
- "additional_headers": {
- "property1": "string",
- "property2": "string"
}, - "additional_parameters": {
- "property1": "string",
- "property2": "string"
}, - "client_id": "string",
- "client_secret": "string",
- "grant_type": "string",
- "include_jti_claim": true,
- "scopes": [
- "string"
], - "signing_key": "string",
- "thumbprint": "string",
- "token_url": "string"
}, - "plugin": "string",
- "s3_signing": {
- "environment_credentials": null,
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "profile_credentials": {
- "aws_region": "string",
- "path": "string",
- "profile": "string"
}, - "service": "string",
- "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}
}, - "headers": {
- "property1": "string",
- "property2": "string"
}, - "keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "name": "string",
- "response_header_timeout_seconds": 0,
- "tls": {
- "ca_cert": "string",
- "system_ca_required": true
}, - "type": "string",
- "url": "string"
}
]
}, - "external_id": "string",
- "filter_stacks": true,
- "kafka_topic": "string",
- "mock_opa_enabled": true,
- "name": "string",
- "read_only": false,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}, - "type": "string",
- "type_parameters": { }
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "authz": {
- "role_bindings": [
- {
- "id": "string",
- "role_name": "string"
}
]
}, - "bundle_download": {
- "delta_bundles": false
}, - "bundle_registry": {
- "disable_bundle_compatibility_check": true,
- "distribution_s3": {
- "access_keys": "string",
- "bucket": "string",
- "context_path": "context-{policy_path}",
- "discovery_path": "discovery.tgz",
- "endpoint": "string",
- "opa_credentials": {
- "environment_credentials": { },
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}, - "policy_path": "bundle.tgz",
- "region": "string",
- "role_arn": "string"
}, - "entrypoints": [
- "string"
], - "manual_deployment": true,
- "manual_deployment_overrides": {
- "property1": true,
- "property2": true
}, - "max_bundles": 0,
- "max_deployed_bundles": 0,
- "optimization_level": 0
}, - "context_bundle_data_only": true,
- "context_bundle_roots": [
- "string"
], - "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "decision_mappings": {
- "property1": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}, - "property2": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "deployment_parameters": {
- "deny_on_opa_fail": false,
- "discovery": { },
- "extra": { },
- "http_proxy": "string",
- "https_proxy": "string",
- "kubernetes_version": "string",
- "mutating_webhook_name": "string",
- "namespace": "string",
- "no_proxy": "string",
- "timeout_seconds": 0,
- "trusted_ca_certs": [
- "string"
], - "trusted_container_registry": "string"
}, - "description": "string",
- "error_setting": "string",
- "errors": {
- "property1": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}, - "property2": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}
}, - "external_bundles": {
- "bundles": {
- "property1": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}, - "property2": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}
}, - "services": [
- {
- "allow_insecure_tls": true,
- "credentials": {
- "azure_managed_identity": {
- "api_version": "string",
- "client_id": "string",
- "endpoint": "string",
- "mi_res_id": "string",
- "object_id": "string",
- "resource": "string"
}, - "bearer": {
- "scheme": "string",
- "token": "string",
- "token_path": "string"
}, - "client_tls": {
- "cert": "string",
- "private_key": "string",
- "private_key_passphrase": "string"
}, - "gcp_metadata": {
- "access_token_path": "string",
- "audience": "string",
- "endpoint": "string",
- "id_token_path": "string",
- "scopes": [
- "string"
]
}, - "oauth2": {
- "additional_claims": { },
- "additional_headers": {
- "property1": "string",
- "property2": "string"
}, - "additional_parameters": {
- "property1": "string",
- "property2": "string"
}, - "client_id": "string",
- "client_secret": "string",
- "grant_type": "string",
- "include_jti_claim": true,
- "scopes": [
- "string"
], - "signing_key": "string",
- "thumbprint": "string",
- "token_url": "string"
}, - "plugin": "string",
- "s3_signing": {
- "environment_credentials": null,
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "profile_credentials": {
- "aws_region": "string",
- "path": "string",
- "profile": "string"
}, - "service": "string",
- "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}
}, - "headers": {
- "property1": "string",
- "property2": "string"
}, - "keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "name": "string",
- "response_header_timeout_seconds": 0,
- "tls": {
- "ca_cert": "string",
- "system_ca_required": true
}, - "type": "string",
- "url": "string"
}
]
}, - "external_id": "string",
- "filter_stacks": true,
- "id": "string",
- "info": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "install": {
- "property1": {
- "property1": "string",
- "property2": "string"
}, - "property2": {
- "property1": "string",
- "property2": "string"
}
}, - "kafka_topic": "string",
- "matching_stacks": [
- "string"
], - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "migration_history": [
- {
- "from": "string",
- "initiated_by": "string",
- "initiating_user": "string",
- "migrated_at": "2019-08-24T14:15:22Z",
- "recovered": true,
- "to": "string"
}
], - "minimum_opa_version": "string",
- "mock_opa_enabled": true,
- "name": "string",
- "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": false,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}, - "status": "string",
- "tokens": [
- {
- "allow_path_patterns": [
- "string"
], - "description": "string",
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "token": "string",
- "ttl": "string",
- "uses": 0
}
], - "type": "string",
- "type_parameters": { },
- "uninstall": {
- "property1": "string",
- "property2": "string"
}, - "warnings": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
}
Translate identifiers
Translate external identifiers to Styra DAS system identifiers
Request Body schema: application/jsonrequired
external_ids required | Array of strings |
Responses
Request samples
- Payload
{- "external_ids": [
- "string"
]
}
Response samples
- 200
{- "request_id": "string",
- "result": {
- "property1": [
- "string"
], - "property2": [
- "string"
]
}
}
Verify git access
Verifies that the repository can be accessed with the provided credentials
Request Body schema: application/jsonrequired
commit required | string Commit SHA. Only one of reference or commit can be set at any time |
credentials required | string Credentials are looked under the key |
id required | string id of the entity so that the config can be checked for duplicates |
path required | string Path to limit the import to |
reference required | string Remote reference. Only one of reference or commit can be set at any time |
object (git.v1.SSHCredentials) | |
url required | string Repository URL |
Responses
Request samples
- Payload
{- "commit": "string",
- "credentials": "string",
- "id": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "sha": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}
List files in Styra DAS-created branch.
Gets the list of files for the branch that the Styra DAS creates when modifying rego in the Styra DAS UI and pushing the changes to GitHub in a branch for review.
path Parameters
id required | string.* system id |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "branch": "string",
- "changed_files": [
- "string"
], - "deleted_files": [
- "string"
], - "files": {
- "property1": "string",
- "property2": "string"
}
}
}
Commit files to system source control
Commit files to source control associated with a system
path Parameters
id required | string.* system id |
Request Body schema: application/jsonrequired
author required | string |
email required | string |
required | object Map of filenames to file contents |
files_to_delete required | Array of strings List of filenames to delete from the repo |
message required | string |
Responses
Request samples
- Payload
{- "author": "string",
- "email": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}, - "files_to_delete": [
- "string"
], - "message": "string"
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "author": "string",
- "branch": "string",
- "email": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}, - "files_to_delete": [
- "string"
], - "message": "string"
}
}
List files in current branch.
Gets the list of files in the currently chosen branch.
path Parameters
id required | string.* system id |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "branch": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}
}
}
Get a system
path Parameters
system required | string.* system ID |
query Parameters
policies | boolean set to 'false' to omit policies from the output |
modules | boolean set to 'false' to omit modules from the output |
rule_counts | boolean set to 'false' to omit policy rule counts in the output |
datasources | boolean set to 'false' to omit datasources from the output |
errors | boolean set to 'false' to omit errors/warnings from the output |
authz | boolean set to 'false' to omit authz info from the output |
metadata | boolean set to 'false' to omit metadata from the output |
minimum_opa_version | boolean set to 'false' to omit minimum_opa_version from the output |
stacks | boolean set to 'false' to omit matching_stacks from the output |
migration_history | boolean set to 'false' to omit migration_history from the output |
tokens | boolean set to 'false' to omit tokens from the output |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "authz": {
- "role_bindings": [
- {
- "id": "string",
- "role_name": "string"
}
]
}, - "bundle_download": {
- "delta_bundles": false
}, - "bundle_registry": {
- "disable_bundle_compatibility_check": true,
- "distribution_s3": {
- "access_keys": "string",
- "bucket": "string",
- "context_path": "context-{policy_path}",
- "discovery_path": "discovery.tgz",
- "endpoint": "string",
- "opa_credentials": {
- "environment_credentials": { },
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}, - "policy_path": "bundle.tgz",
- "region": "string",
- "role_arn": "string"
}, - "entrypoints": [
- "string"
], - "manual_deployment": true,
- "manual_deployment_overrides": {
- "property1": true,
- "property2": true
}, - "max_bundles": 0,
- "max_deployed_bundles": 0,
- "optimization_level": 0
}, - "context_bundle_data_only": true,
- "context_bundle_roots": [
- "string"
], - "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "decision_mappings": {
- "property1": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}, - "property2": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "deployment_parameters": {
- "deny_on_opa_fail": false,
- "discovery": { },
- "extra": { },
- "http_proxy": "string",
- "https_proxy": "string",
- "kubernetes_version": "string",
- "mutating_webhook_name": "string",
- "namespace": "string",
- "no_proxy": "string",
- "timeout_seconds": 0,
- "trusted_ca_certs": [
- "string"
], - "trusted_container_registry": "string"
}, - "description": "string",
- "error_setting": "string",
- "errors": {
- "property1": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}, - "property2": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}
}, - "external_bundles": {
- "bundles": {
- "property1": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}, - "property2": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}
}, - "services": [
- {
- "allow_insecure_tls": true,
- "credentials": {
- "azure_managed_identity": {
- "api_version": "string",
- "client_id": "string",
- "endpoint": "string",
- "mi_res_id": "string",
- "object_id": "string",
- "resource": "string"
}, - "bearer": {
- "scheme": "string",
- "token": "string",
- "token_path": "string"
}, - "client_tls": {
- "cert": "string",
- "private_key": "string",
- "private_key_passphrase": "string"
}, - "gcp_metadata": {
- "access_token_path": "string",
- "audience": "string",
- "endpoint": "string",
- "id_token_path": "string",
- "scopes": [
- "string"
]
}, - "oauth2": {
- "additional_claims": { },
- "additional_headers": {
- "property1": "string",
- "property2": "string"
}, - "additional_parameters": {
- "property1": "string",
- "property2": "string"
}, - "client_id": "string",
- "client_secret": "string",
- "grant_type": "string",
- "include_jti_claim": true,
- "scopes": [
- "string"
], - "signing_key": "string",
- "thumbprint": "string",
- "token_url": "string"
}, - "plugin": "string",
- "s3_signing": {
- "environment_credentials": null,
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "profile_credentials": {
- "aws_region": "string",
- "path": "string",
- "profile": "string"
}, - "service": "string",
- "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}
}, - "headers": {
- "property1": "string",
- "property2": "string"
}, - "keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "name": "string",
- "response_header_timeout_seconds": 0,
- "tls": {
- "ca_cert": "string",
- "system_ca_required": true
}, - "type": "string",
- "url": "string"
}
]
}, - "external_id": "string",
- "filter_stacks": true,
- "id": "string",
- "info": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "install": {
- "property1": {
- "property1": "string",
- "property2": "string"
}, - "property2": {
- "property1": "string",
- "property2": "string"
}
}, - "kafka_topic": "string",
- "matching_stacks": [
- "string"
], - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "migration_history": [
- {
- "from": "string",
- "initiated_by": "string",
- "initiating_user": "string",
- "migrated_at": "2019-08-24T14:15:22Z",
- "recovered": true,
- "to": "string"
}
], - "minimum_opa_version": "string",
- "mock_opa_enabled": true,
- "name": "string",
- "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": false,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}, - "status": "string",
- "tokens": [
- {
- "allow_path_patterns": [
- "string"
], - "description": "string",
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "token": "string",
- "ttl": "string",
- "uses": 0
}
], - "type": "string",
- "type_parameters": { },
- "uninstall": {
- "property1": "string",
- "property2": "string"
}, - "warnings": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
}
Update or create a system. Only the fields sent in the request are updated
Updating the given system with type-specific related objects, except changing the system's type.
Creating a system with given ID with type-specific related objects, only, if the
If-None-Match
header is set to*
Example:
curl -H "Authorization: Bearer <token>" \ -H "Styra-Tenant: <tenant>" \ -H "If-None-Match: *" \ -X PUT https://<das-id>.styra.com -d '{<request body>}'
path Parameters
system required | string.* system ID |
header Parameters
If-None-Match | string if set to '*' then creates a new system with type-specific related objects |
Request Body schema: application/jsonrequired
object (systems.v1.BundleDownloadConfig) | |
object (systems.v1.BundleRegistryConfig) | |
context_bundle_data_only | boolean only put data in the context bundle |
context_bundle_roots | Array of strings list of path prefixes for policies/datasources that go into the second (context) bundle |
object location of key attributes and additional columns in the decisions grouped by policy entry point path | |
object (workspace.v1.DecisionExporterConfig) | |
object (systems.v1.SystemDeploymentParameters) | |
description | string description for the system |
error_setting | string error/warning configuration: one of "all", "errors", "none" |
object (systems.v1.ExternalBundleConfig) | |
external_id | string optional parameter to map Styra DAS system ID to external IDs used by a customer. (mapping can be retrieved with TranslateExternalIds operation) |
filter_stacks | boolean when set, stacks that are not linked to this system will be filtered out of its bundles |
kafka_topic | string optional parameter to specify the Kafka topic where the decision logs for this system should be published if exported through the workspace level configuration (ignored if Kafka is not configured for the workspace for decision export) |
mock_opa_enabled | boolean enable mock OPAs for this system |
name required | string system name |
read_only | boolean Default: false prevents users from modifying policies using Styra UIs |
object (git.v1.SourceControlConfig) | |
type required | string system type e.g. kubernetes |
type_parameters | object system type parameter values (for template.* types) |
Responses
Request samples
- Payload
{- "bundle_download": {
- "delta_bundles": false
}, - "bundle_registry": {
- "disable_bundle_compatibility_check": true,
- "distribution_s3": {
- "access_keys": "string",
- "bucket": "string",
- "context_path": "context-{policy_path}",
- "discovery_path": "discovery.tgz",
- "endpoint": "string",
- "opa_credentials": {
- "environment_credentials": { },
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}, - "policy_path": "bundle.tgz",
- "region": "string",
- "role_arn": "string"
}, - "entrypoints": [
- "string"
], - "manual_deployment": true,
- "manual_deployment_overrides": {
- "property1": true,
- "property2": true
}, - "max_bundles": 0,
- "max_deployed_bundles": 0,
- "optimization_level": 0
}, - "context_bundle_data_only": true,
- "context_bundle_roots": [
- "string"
], - "decision_mappings": {
- "property1": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}, - "property2": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "deployment_parameters": {
- "deny_on_opa_fail": false,
- "discovery": { },
- "extra": { },
- "http_proxy": "string",
- "https_proxy": "string",
- "kubernetes_version": "string",
- "mutating_webhook_name": "string",
- "namespace": "string",
- "no_proxy": "string",
- "timeout_seconds": 0,
- "trusted_ca_certs": [
- "string"
], - "trusted_container_registry": "string"
}, - "description": "string",
- "error_setting": "string",
- "external_bundles": {
- "bundles": {
- "property1": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}, - "property2": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}
}, - "services": [
- {
- "allow_insecure_tls": true,
- "credentials": {
- "azure_managed_identity": {
- "api_version": "string",
- "client_id": "string",
- "endpoint": "string",
- "mi_res_id": "string",
- "object_id": "string",
- "resource": "string"
}, - "bearer": {
- "scheme": "string",
- "token": "string",
- "token_path": "string"
}, - "client_tls": {
- "cert": "string",
- "private_key": "string",
- "private_key_passphrase": "string"
}, - "gcp_metadata": {
- "access_token_path": "string",
- "audience": "string",
- "endpoint": "string",
- "id_token_path": "string",
- "scopes": [
- "string"
]
}, - "oauth2": {
- "additional_claims": { },
- "additional_headers": {
- "property1": "string",
- "property2": "string"
}, - "additional_parameters": {
- "property1": "string",
- "property2": "string"
}, - "client_id": "string",
- "client_secret": "string",
- "grant_type": "string",
- "include_jti_claim": true,
- "scopes": [
- "string"
], - "signing_key": "string",
- "thumbprint": "string",
- "token_url": "string"
}, - "plugin": "string",
- "s3_signing": {
- "environment_credentials": null,
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "profile_credentials": {
- "aws_region": "string",
- "path": "string",
- "profile": "string"
}, - "service": "string",
- "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}
}, - "headers": {
- "property1": "string",
- "property2": "string"
}, - "keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "name": "string",
- "response_header_timeout_seconds": 0,
- "tls": {
- "ca_cert": "string",
- "system_ca_required": true
}, - "type": "string",
- "url": "string"
}
]
}, - "external_id": "string",
- "filter_stacks": true,
- "kafka_topic": "string",
- "mock_opa_enabled": true,
- "name": "string",
- "read_only": false,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}, - "type": "string",
- "type_parameters": { }
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "authz": {
- "role_bindings": [
- {
- "id": "string",
- "role_name": "string"
}
]
}, - "bundle_download": {
- "delta_bundles": false
}, - "bundle_registry": {
- "disable_bundle_compatibility_check": true,
- "distribution_s3": {
- "access_keys": "string",
- "bucket": "string",
- "context_path": "context-{policy_path}",
- "discovery_path": "discovery.tgz",
- "endpoint": "string",
- "opa_credentials": {
- "environment_credentials": { },
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}, - "policy_path": "bundle.tgz",
- "region": "string",
- "role_arn": "string"
}, - "entrypoints": [
- "string"
], - "manual_deployment": true,
- "manual_deployment_overrides": {
- "property1": true,
- "property2": true
}, - "max_bundles": 0,
- "max_deployed_bundles": 0,
- "optimization_level": 0
}, - "context_bundle_data_only": true,
- "context_bundle_roots": [
- "string"
], - "datasources": [
- {
- "category": "string",
- "id": "string",
- "optional": true,
- "status": {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
}
], - "decision_mappings": {
- "property1": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}, - "property2": {
- "allowed": {
- "expected": null,
- "negated": false,
- "path": "string"
}, - "columns": [
- {
- "key": "string",
- "path": "string",
- "type": "string"
}
], - "reason": {
- "path": "string"
}
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "deployment_parameters": {
- "deny_on_opa_fail": false,
- "discovery": { },
- "extra": { },
- "http_proxy": "string",
- "https_proxy": "string",
- "kubernetes_version": "string",
- "mutating_webhook_name": "string",
- "namespace": "string",
- "no_proxy": "string",
- "timeout_seconds": 0,
- "trusted_ca_certs": [
- "string"
], - "trusted_container_registry": "string"
}, - "description": "string",
- "error_setting": "string",
- "errors": {
- "property1": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}, - "property2": {
- "errors": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "waiting": true
}
}, - "external_bundles": {
- "bundles": {
- "property1": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}, - "property2": {
- "persist": true,
- "polling": {
- "long_polling_timeout_seconds": 0,
- "max_delay_seconds": 0,
- "min_delay_seconds": 0
}, - "resource": "string",
- "service": "string",
- "signing": {
- "exclude_files": [
- "string"
], - "keyid": "string",
- "public_keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "scope": "string"
}, - "size_limit_bytes": 0
}
}, - "services": [
- {
- "allow_insecure_tls": true,
- "credentials": {
- "azure_managed_identity": {
- "api_version": "string",
- "client_id": "string",
- "endpoint": "string",
- "mi_res_id": "string",
- "object_id": "string",
- "resource": "string"
}, - "bearer": {
- "scheme": "string",
- "token": "string",
- "token_path": "string"
}, - "client_tls": {
- "cert": "string",
- "private_key": "string",
- "private_key_passphrase": "string"
}, - "gcp_metadata": {
- "access_token_path": "string",
- "audience": "string",
- "endpoint": "string",
- "id_token_path": "string",
- "scopes": [
- "string"
]
}, - "oauth2": {
- "additional_claims": { },
- "additional_headers": {
- "property1": "string",
- "property2": "string"
}, - "additional_parameters": {
- "property1": "string",
- "property2": "string"
}, - "client_id": "string",
- "client_secret": "string",
- "grant_type": "string",
- "include_jti_claim": true,
- "scopes": [
- "string"
], - "signing_key": "string",
- "thumbprint": "string",
- "token_url": "string"
}, - "plugin": "string",
- "s3_signing": {
- "environment_credentials": null,
- "metadata_credentials": {
- "aws_region": "string",
- "iam_role": "string"
}, - "profile_credentials": {
- "aws_region": "string",
- "path": "string",
- "profile": "string"
}, - "service": "string",
- "web_identity_credentials": {
- "aws_region": "string",
- "session_name": "string"
}
}
}, - "headers": {
- "property1": "string",
- "property2": "string"
}, - "keys": {
- "property1": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}, - "property2": {
- "algorithm": "string",
- "key": "string",
- "private_key": "string",
- "scope": "string"
}
}, - "name": "string",
- "response_header_timeout_seconds": 0,
- "tls": {
- "ca_cert": "string",
- "system_ca_required": true
}, - "type": "string",
- "url": "string"
}
]
}, - "external_id": "string",
- "filter_stacks": true,
- "id": "string",
- "info": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "install": {
- "property1": {
- "property1": "string",
- "property2": "string"
}, - "property2": {
- "property1": "string",
- "property2": "string"
}
}, - "kafka_topic": "string",
- "matching_stacks": [
- "string"
], - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "migration_history": [
- {
- "from": "string",
- "initiated_by": "string",
- "initiating_user": "string",
- "migrated_at": "2019-08-24T14:15:22Z",
- "recovered": true,
- "to": "string"
}
], - "minimum_opa_version": "string",
- "mock_opa_enabled": true,
- "name": "string",
- "policies": [
- {
- "created": "string",
- "enforcement": {
- "enforced": true,
- "type": "string"
}, - "id": "string",
- "modules": [
- {
- "name": "string",
- "placeholder": false,
- "read_only": true,
- "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}
}
], - "rules": {
- "allow": 0,
- "deny": 0,
- "enforce": 0,
- "ignore": 0,
- "monitor": 0,
- "notify": 0,
- "other": 0,
- "test": 0,
- "total": 0
}, - "type": "string"
}
], - "read_only": false,
- "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}, - "status": "string",
- "tokens": [
- {
- "allow_path_patterns": [
- "string"
], - "description": "string",
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "token": "string",
- "ttl": "string",
- "uses": 0
}
], - "type": "string",
- "type_parameters": { },
- "uninstall": {
- "property1": "string",
- "property2": "string"
}, - "warnings": {
- "property1": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
], - "property2": [
- {
- "code": "string",
- "message": "string",
- "timestamp": "2019-08-24T14:15:22Z"
}
]
}
}
}
Compile a system bundle
path Parameters
system required | string.* system ID |
Request Body schema: application/jsonrequired
bundle_id | string optional bundle ID: 'policy' or 'context' |
Responses
Request samples
- Payload
{- "bundle_id": "string"
}
Response samples
- 200
- 404
{- "result": {
- "active": 0,
- "contents_digest": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "dependencies": [
- "string"
], - "digest": "string",
- "download_url": "string",
- "id": "string",
- "kinds": {
- "property1": {
- "digest": "string",
- "download_url": "string",
- "size": 0
}, - "property2": {
- "digest": "string",
- "download_url": "string",
- "size": 0
}
}, - "last_deployed_at": "2019-08-24T14:15:22Z",
- "minimum_opa_version": "string",
- "origin": "string",
- "revision": "string",
- "revision_digest": "string",
- "sbom": {
- "origins": [
- {
- "commit": "string",
- "id": "string",
- "path": "string",
- "ref": "string",
- "repo": "string",
- "roots": [
- "string"
], - "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "size": 0,
- "system_data": true,
- "version": 0
}
}
Get a system bundle deployment and build status
path Parameters
system required | string.* system ID |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "additional_bundles": [
- {
- "id": "string",
- "revision": "string",
- "version": 0
}
], - "build_errors": {
- "property1": "string",
- "property2": "string"
}, - "primary": {
- "id": "string",
- "revision": "string",
- "version": 0
}
}
}
Deploy a system bundle
path Parameters
system required | string.* system ID |
Request Body schema: application/jsonrequired
force required | boolean activate even if bundle is not compatible with running agents |
required | object (systems.v1.BundleActivation) |
Responses
Request samples
- Payload
{- "force": true,
- "primary": {
- "id": "string",
- "revision": "string",
- "version": 0
}
}
Response samples
- 200
- 404
- 409
{- "request_id": "string"
}
List system bundles
List system bundles, starting from the newest towards the oldest
path Parameters
system required | string.* system ID |
query Parameters
past | boolean if set to 'true', returns only bundles deployed in the past |
version | integer if set, the newest version to return |
type | string return only bundles of given type (policy, context) |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": [
- {
- "active": 0,
- "contents_digest": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "dependencies": [
- "string"
], - "digest": "string",
- "download_url": "string",
- "id": "string",
- "kinds": {
- "property1": {
- "digest": "string",
- "download_url": "string",
- "size": 0
}, - "property2": {
- "digest": "string",
- "download_url": "string",
- "size": 0
}
}, - "last_deployed_at": "2019-08-24T14:15:22Z",
- "minimum_opa_version": "string",
- "origin": "string",
- "revision": "string",
- "revision_digest": "string",
- "sbom": {
- "origins": [
- {
- "commit": "string",
- "id": "string",
- "path": "string",
- "ref": "string",
- "repo": "string",
- "roots": [
- "string"
], - "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "size": 0,
- "system_data": true,
- "version": 0
}
]
}
Import bundle from archive or another system
path Parameters
system required | string.* system ID |
Request Body schema: required
source_system_id required | string ID of the system to copy bundle from |
version required | integer <int64> bundle version in source_system_id system |
Responses
Request samples
- Payload
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "active": 0,
- "contents_digest": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "dependencies": [
- "string"
], - "digest": "string",
- "download_url": "string",
- "id": "string",
- "kinds": {
- "property1": {
- "digest": "string",
- "download_url": "string",
- "size": 0
}, - "property2": {
- "digest": "string",
- "download_url": "string",
- "size": 0
}
}, - "last_deployed_at": "2019-08-24T14:15:22Z",
- "minimum_opa_version": "string",
- "origin": "string",
- "revision": "string",
- "revision_digest": "string",
- "sbom": {
- "origins": [
- {
- "commit": "string",
- "id": "string",
- "path": "string",
- "ref": "string",
- "repo": "string",
- "roots": [
- "string"
], - "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "size": 0,
- "system_data": true,
- "version": 0
}
}
Get system bundle details
path Parameters
system required | string.* system ID |
bundle required | string.* bundle ID |
version required | integer version # |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "active": 0,
- "contents_digest": "string",
- "created_at": "2019-08-24T14:15:22Z",
- "dependencies": [
- "string"
], - "digest": "string",
- "download_url": "string",
- "id": "string",
- "kinds": {
- "property1": {
- "digest": "string",
- "download_url": "string",
- "size": 0
}, - "property2": {
- "digest": "string",
- "download_url": "string",
- "size": 0
}
}, - "last_deployed_at": "2019-08-24T14:15:22Z",
- "minimum_opa_version": "string",
- "origin": "string",
- "revision": "string",
- "revision_digest": "string",
- "sbom": {
- "origins": [
- {
- "commit": "string",
- "id": "string",
- "path": "string",
- "ref": "string",
- "repo": "string",
- "roots": [
- "string"
], - "timestamp": "2019-08-24T14:15:22Z"
}
]
}, - "size": 0,
- "system_data": true,
- "version": 0
}
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "install": [
- {
- "category": "string",
- "commands": [
- {
- "action": "string",
- "title": "string"
}
]
}
], - "uninstall": [
- {
- "category": "string",
- "commands": [
- {
- "action": "string",
- "title": "string"
}
]
}
]
}
}
Migrate a system from one system type to another
path Parameters
system required | string.* system ID |
Request Body schema: application/jsonrequired
type required | string The system type ID to migrate the current system to |
Responses
Request samples
- Payload
{- "type": "string"
}
Response samples
- 202
- 400
- 404
{- "request_id": "string"
}
Get rule suggestions
path Parameters
system required | string.* system ID |
query Parameters
stateful | boolean true to get only the stateful suggestions, false for stateless, omit for both |
Responses
Response samples
- 200
- 404
- 503
{- "request_id": "string",
- "result": {
- "stateful": {
- "property1": { },
- "property2": { }
}, - "stateless": {
- "property1": { },
- "property2": { }
}
}
}
Validate system compliance
path Parameters
system required | string.* system ID |
query Parameters
asyncdelay | string set delay of asynchronous response HTTP(202); range [1s - compliance-api-timeout]. |
asyncresponse | string get asynchronous response; see HTTP(202) Location parameter. |
interval | string if set to 'latest', get most recent cached results for specified system. |
Request Body schema: application/jsonrequired
object draft policies to be used for 'new' violations computation (path => rego) | |
extended | boolean run extended compliance validation that is specific for the system/stack type |
filter | object filter violations with this selector (dot.path => value) |
group_by | Array of strings[ items ] group results by dot.path values (list of group levels with list of fields at each level) |
limit | integer <int32> maximum number of violations to return per monitor |
object (data.v1.BuiltinMocks) | |
mode | string Default: "delta" validation mode. One of (delta, all, delta-count, all-count) |
policy_type | string policy type to narrow the monitor policy search (e.g. validating, mutating). Default (empty string or missing) is to run all monitoring policies |
Array of objects (systems.v1.SortField) list of fields to sort by |
Responses
Request samples
- Payload
{- "drafts": {
- "property1": "string",
- "property2": "string"
}, - "extended": true,
- "filter": { },
- "group_by": [
- [
- "string"
]
], - "limit": 0,
- "mocks": {
- "dynamodb.get": {
- "data": [
- {
- "key": { },
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "dynamodb.query": {
- "data": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "result": { },
- "table": "string"
}
]
}, - "http.send": {
- "data": [
- {
- "method": "string",
- "result": { },
- "url": "string"
}
]
}, - "mongodb.find": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "data": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "result": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "data": [
- {
- "parameters": { },
- "query": "string",
- "result": { },
- "uri": "string"
}
]
}, - "opa.runtime": {
- "result": { }
}, - "redis.query": {
- "data": [
- {
- "addr": "string",
- "args": [
- null
], - "command": "string",
- "db": 0,
- "result": { }
}
]
}, - "sql.send": {
- "data": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string",
- "result": { }
}
]
}, - "vault.send": {
- "data": [
- {
- "mount_path": "string",
- "path": "string",
- "result": { }
}
]
}
}, - "mode": "delta",
- "policy_type": "string",
- "sort": [
- {
- "descending": true,
- "field": "string"
}
]
}
Response samples
- 200
- 404
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": {
- "property1": {
- "all": [
- null
], - "all_count": 0,
- "metadata": null,
- "new": [
- null
], - "new_count": 0,
- "resolved": [
- null
], - "resolved_count": 0,
- "unchanged": [
- null
], - "unchanged_count": 0
}, - "property2": {
- "all": [
- null
], - "all_count": 0,
- "metadata": null,
- "new": [
- null
], - "new_count": 0,
- "resolved": [
- null
], - "resolved_count": 0,
- "unchanged": [
- null
], - "unchanged_count": 0
}
}
}
Get next page of system compliance violations
path Parameters
system required | string.* system ID |
cursor required | string.* paging cursor obtained from previous calls |
query Parameters
limit | integer maximum number of violations to return |
Responses
Response samples
- 200
{- "mocks": {
- "dynamodb.get": {
- "mocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key": { },
- "region": "string",
- "table": "string"
}
]
}, - "dynamodb.query": {
- "mocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
], - "unmocked": [
- {
- "key_condition_expression": "string",
- "region": "string",
- "table": "string"
}
]
}, - "http.send": {
- "mocked": [
- {
- "method": "string",
- "url": "string"
}
], - "unmocked": [
- {
- "method": "string",
- "url": "string"
}
]
}, - "mongodb.find": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "mongodb.find_one": {
- "mocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
], - "unmocked": [
- {
- "collection": "string",
- "database": "string",
- "filter": { },
- "options": { },
- "uri": "string"
}
]
}, - "neo4j.query": {
- "mocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
], - "unmocked": [
- {
- "parameters": { },
- "query": "string",
- "uri": "string"
}
]
}, - "redis.query": {
- "mocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
], - "unmocked": [
- {
- "addr": "string",
- "args": [
- null
], - "db": 0,
- "query": "string"
}
]
}, - "sql.send": {
- "mocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
], - "unmocked": [
- {
- "args": [
- null
], - "data_source_name": "string",
- "driver": "string",
- "query": "string"
}
]
}, - "vault.send": {
- "mocked": [
- {
- "mount_path": "string",
- "path": "string"
}
], - "unmocked": [
- {
- "mount_path": "string",
- "path": "string"
}
]
}
}, - "request_id": "string",
- "result": {
- "property1": {
- "all": [
- null
], - "all_count": 0,
- "metadata": null,
- "new": [
- null
], - "new_count": 0,
- "resolved": [
- null
], - "resolved_count": 0,
- "unchanged": [
- null
], - "unchanged_count": 0
}, - "property2": {
- "all": [
- null
], - "all_count": 0,
- "metadata": null,
- "new": [
- null
], - "new_count": 0,
- "resolved": [
- null
], - "resolved_count": 0,
- "unchanged": [
- null
], - "unchanged_count": 0
}
}
}
Validate system unit tests
path Parameters
system required | string.* system ID |
Request Body schema: application/jsonrequired
object draft policies to be used for 'new' violations computation (path => rego) | |
mode | string Default: "delta" validation mode. One of (delta, all, delta-count, all-count) |
policy_type | string policy type to narrow the monitor policy search (e.g. validating, mutating). Default (empty string or missing) is to run all monitoring policies |
Responses
Request samples
- Payload
{- "drafts": {
- "property1": "string",
- "property2": "string"
}, - "mode": "delta",
- "policy_type": "string"
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "property1": {
- "all": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "all_count": 0,
- "all_errors_count": 0,
- "all_failed_count": 0,
- "new": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "new_count": 0,
- "new_errors_count": 0,
- "new_failed_count": 0,
- "resolved": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "resolved_count": 0,
- "resolved_errors_count": 0,
- "resolved_failed_count": 0,
- "unchanged": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "unchanged_count": 0,
- "unchanged_errors_count": 0,
- "unchanged_failed_count": 0
}, - "property2": {
- "all": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "all_count": 0,
- "all_errors_count": 0,
- "all_failed_count": 0,
- "new": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "new_count": 0,
- "new_errors_count": 0,
- "new_failed_count": 0,
- "resolved": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "resolved_count": 0,
- "resolved_errors_count": 0,
- "resolved_failed_count": 0,
- "unchanged": [
- {
- "duration": 0,
- "error": "string",
- "fail": true,
- "failed_at": { },
- "location": {
- "JSONOptions": {
- "MarshalOptions": {
- "ExcludeLocationFile": true,
- "IncludeLocation": {
- "Annotations": true,
- "AnnotationsRef": true,
- "Comment": true,
- "Every": true,
- "Expr": true,
- "Head": true,
- "Import": true,
- "Package": true,
- "Rule": true,
- "SomeDecl": true,
- "Term": true,
- "With": true
}, - "IncludeLocationText": true
}
}, - "col": 0,
- "file": "string",
- "row": 0
}, - "name": "string",
- "package": "string",
- "presence_changed": true
}
], - "unchanged_count": 0,
- "unchanged_errors_count": 0,
- "unchanged_failed_count": 0
}
}
}
Handle callbacks for Terraform Run Task integrations.
Request Body schema: application/jsonrequired
access_token | string |
is_speculative required | boolean |
organization_name | string |
payload_version | integer <int32> |
plan_json_api_url | string |
run_app_url | string |
run_created_at | string |
run_created_by | string |
run_id | string |
run_message | string |
stage | string |
task_result_callback_url | string |
task_result_enforcement_level | string |
task_result_id | string |
vcs_branch | string |
vcs_commit_url | string |
vcs_pull_request_url | string |
vcs_repo_url | string |
workspace_app_url | string |
workspace_id | string |
workspace_name | string |
Responses
Request samples
- Payload
{- "access_token": "string",
- "is_speculative": true,
- "organization_name": "string",
- "payload_version": 0,
- "plan_json_api_url": "string",
- "run_app_url": "string",
- "run_created_at": "string",
- "run_created_by": "string",
- "run_id": "string",
- "run_message": "string",
- "stage": "string",
- "task_result_callback_url": "string",
- "task_result_enforcement_level": "string",
- "task_result_id": "string",
- "vcs_branch": "string",
- "vcs_commit_url": "string",
- "vcs_pull_request_url": "string",
- "vcs_repo_url": "string",
- "workspace_app_url": "string",
- "workspace_id": "string",
- "workspace_name": "string"
}
Upsert a new Terraform Run Task integration. This also creates the Terraform Run Task within Terraform Cloud or Enterprise.
Request Body schema: application/jsonrequired
terraform_org required | string |
terraform_run_task_domain required | string |
terraform_token required | string |
Responses
Request samples
- Payload
{- "terraform_org": "string",
- "terraform_run_task_domain": "string",
- "terraform_token": "string"
}
Response samples
- 200
{- "data": {
- "attributes": {
- "message": "string",
- "status": "string",
- "url": "string"
}, - "type": "string"
}
}
Upsert the mappings of Terrafrom workspaces to DAS systems.
Request Body schema: application/jsonrequired
required | Array of objects (integrations.v1.Mapping) | ||||
Array
|
Responses
Request samples
- Payload
{- "mappings": [
- {
- "das_system": "string",
- "terraform_workspaces": [
- "string"
]
}
]
}
Response samples
- 200
{- "result": [
- {
- "das_system": "string",
- "terraform_workspaces": [
- "string"
]
}
]
}
Handle advice
Request Body schema: application/jsonrequired
data_kind required | string |
end_time required | string <date-time> |
policy required | string |
resolution required | integer <int64> resolution must be a multiple of minutes, this can be represented as a string or an integer e.g. '1m' or '60000000000'. Except when calling /violation then it must be a multiple of hours, e.g. '60m' or '3600000000000' |
stack required | string |
start_time required | string <date-time> |
system required | string |
Responses
Request samples
- Payload
{- "data_kind": "string",
- "end_time": "2019-08-24T14:15:22Z",
- "policy": "string",
- "resolution": 0,
- "stack": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "date": "string",
- "value": 0
}
]
}
}
Handle decision
query Parameters
filter | string Value: "billing" filter out decisions from aggregation (supported options: [billing]) |
Request Body schema: application/jsonrequired
data_kind required | string |
end_time required | string <date-time> |
policy required | string |
resolution required | integer <int64> resolution must be a multiple of minutes, this can be represented as a string or an integer e.g. '1m' or '60000000000'. Except when calling /violation then it must be a multiple of hours, e.g. '60m' or '3600000000000' |
stack required | string |
start_time required | string <date-time> |
system required | string |
Responses
Request samples
- Payload
{- "data_kind": "string",
- "end_time": "2019-08-24T14:15:22Z",
- "policy": "string",
- "resolution": 0,
- "stack": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "date": "string",
- "value": 0
}
]
}
}
Handle deny
Request Body schema: application/jsonrequired
data_kind required | string |
end_time required | string <date-time> |
policy required | string |
resolution required | integer <int64> resolution must be a multiple of minutes, this can be represented as a string or an integer e.g. '1m' or '60000000000'. Except when calling /violation then it must be a multiple of hours, e.g. '60m' or '3600000000000' |
stack required | string |
start_time required | string <date-time> |
system required | string |
Responses
Request samples
- Payload
{- "data_kind": "string",
- "end_time": "2019-08-24T14:15:22Z",
- "policy": "string",
- "resolution": 0,
- "stack": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "date": "string",
- "value": 0
}
]
}
}
Handle error
Request Body schema: application/jsonrequired
data_kind required | string |
end_time required | string <date-time> |
policy required | string |
resolution required | integer <int64> resolution must be a multiple of minutes, this can be represented as a string or an integer e.g. '1m' or '60000000000'. Except when calling /violation then it must be a multiple of hours, e.g. '60m' or '3600000000000' |
stack required | string |
start_time required | string <date-time> |
system required | string |
Responses
Request samples
- Payload
{- "data_kind": "string",
- "end_time": "2019-08-24T14:15:22Z",
- "policy": "string",
- "resolution": 0,
- "stack": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "date": "string",
- "value": 0
}
]
}
}
Handle latency
Request Body schema: application/jsonrequired
data_kind required | string |
end_time required | string <date-time> |
policy required | string |
resolution required | integer <int64> resolution must be a multiple of minutes, this can be represented as a string or an integer e.g. '1m' or '60000000000'. Except when calling /violation then it must be a multiple of hours, e.g. '60m' or '3600000000000' |
stack required | string |
start_time required | string <date-time> |
system required | string |
Responses
Request samples
- Payload
{- "data_kind": "string",
- "end_time": "2019-08-24T14:15:22Z",
- "policy": "string",
- "resolution": 0,
- "stack": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "date": "string",
- "value": 0
}
]
}
}
Handle timeseries report
query Parameters
year | integer if set, a report is generated for a month in this year (month must be specified) |
month | integer if set, starts the report is generate for this month (year must be specified) |
system_id | string if set, only returns decision counts related to the system |
Responses
Response samples
- 200
- 404
{- "data": [
- {
- "aggregations": {
- "decisions": {
- "advice": 0,
- "allow": 0,
- "decisions": 0,
- "deny": 0,
- "error": 0,
- "unknown": 0
}, - "nodes": {
- "node_count": 0
}
}, - "month": 0,
- "year": 0
}
]
}
Handle timeseries report
query Parameters
year | integer if set, starts the yearly report in this year (month must be specified) |
month | integer if set, starts the yearly report on this month (year must be specified) |
system_id | string if set, only returns decision counts related to the system |
Responses
Response samples
- 200
- 404
{- "data": [
- {
- "aggregations": {
- "decisions": {
- "advice": 0,
- "allow": 0,
- "decisions": 0,
- "deny": 0,
- "error": 0,
- "unknown": 0
}, - "nodes": {
- "node_count": 0
}
}, - "month": 0,
- "year": 0
}
]
}
Handle unknown
Request Body schema: application/jsonrequired
data_kind required | string |
end_time required | string <date-time> |
policy required | string |
resolution required | integer <int64> resolution must be a multiple of minutes, this can be represented as a string or an integer e.g. '1m' or '60000000000'. Except when calling /violation then it must be a multiple of hours, e.g. '60m' or '3600000000000' |
stack required | string |
start_time required | string <date-time> |
system required | string |
Responses
Request samples
- Payload
{- "data_kind": "string",
- "end_time": "2019-08-24T14:15:22Z",
- "policy": "string",
- "resolution": 0,
- "stack": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "date": "string",
- "value": 0
}
]
}
}
Handle usage
Request Body schema: application/jsonrequired
end_time required | string <date-time> |
latest required | boolean |
resolution required | integer <int64> |
start_time required | string <date-time> |
system required | string |
Responses
Request samples
- Payload
{- "end_time": "2019-08-24T14:15:22Z",
- "latest": true,
- "resolution": 0,
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "date": "string",
- "decision_rate": 0,
- "node_count": 0
}
]
}
}
Handle violation
Request Body schema: application/jsonrequired
data_kind required | string |
end_time required | string <date-time> |
policy required | string |
resolution required | integer <int64> resolution must be a multiple of minutes, this can be represented as a string or an integer e.g. '1m' or '60000000000'. Except when calling /violation then it must be a multiple of hours, e.g. '60m' or '3600000000000' |
stack required | string |
start_time required | string <date-time> |
system required | string |
Responses
Request samples
- Payload
{- "data_kind": "string",
- "end_time": "2019-08-24T14:15:22Z",
- "policy": "string",
- "resolution": 0,
- "stack": "string",
- "start_time": "2019-08-24T14:15:22Z",
- "system": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "data": [
- {
- "date": "string",
- "value": 0
}
]
}
}
Response samples
- 200
{- "request_id": "string",
- "result": [
- {
- "allow_path_patterns": [
- "string"
], - "description": "string",
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "token": "string",
- "ttl": "string",
- "uses": 0
}
]
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "allow_path_patterns": [
- "string"
], - "description": "string",
- "expires": "2019-08-24T14:15:22Z",
- "id": "string",
- "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "token": "string",
- "ttl": "string",
- "uses": 0
}
}
Create or update a token
If If-None-Match header is set to *, tries to create a token, otherwise will try to either update or create depending on whether an unexpired token with that ID already exists. Token creation errors with a 409 code if an unexpired one already exists, on success returns the token secret (valid for the TTL whose default value is ~10 years). Token updates return nothing unless regenerate
is true, in which case it returns the new secret. WARNING: If allow_path_patterns is unset or an empty list, all paths are allowed.
path Parameters
tokenId required | string.+ token ID |
Request Body schema: application/jsonrequired
allow_path_patterns required | Array of strings |
description required | string |
regenerate required | boolean |
ttl | string |
Responses
Request samples
- Payload
{- "allow_path_patterns": [
- "string"
], - "description": "string",
- "regenerate": true,
- "ttl": "string"
}
Response samples
- 200
- 409
{- "request_id": "string",
- "result": "string"
}
Create/update user
path Parameters
userId required | string.+ user ID |
header Parameters
If-None-Match | string if set to '*' then the request fill fail if the user already exists |
Request Body schema: application/jsonrequired
enabled required | boolean |
old_password | string |
password | string |
roles | Array of strings |
Responses
Request samples
- Payload
{- "enabled": true,
- "old_password": "string",
- "password": "string",
- "roles": [
- "string"
]
}
Response samples
- 200
- 409
{- "request_id": "string"
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "activity_exporter": {
- "interval": "5m",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_activity": {
- "access_keys": "string",
- "endpoint": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "github": {
- "organizations": [
- "string"
]
}, - "metadata": {
- "created_at": "2019-08-24T14:15:22Z",
- "created_by": "string",
- "created_through": "string",
- "last_modified_at": "2019-08-24T14:15:22Z",
- "last_modified_by": "string",
- "last_modified_through": "string"
}, - "metrics_exporter": {
- "targets": [
- {
- "interval": 60,
- "plugin": "string",
- "realm": "string",
- "token_id": "string",
- "url": "string"
}
]
}, - "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}, - "status": {
- "authz_migration": "string"
}
}
}
Patch workspace configuration. Similar to PUT but keeps current values for the top level fields
Patches workspace configuration
Request Body schema: application/jsonrequired
object (workspace.v1.ActivityExporterConfig) | |
object (workspace.v1.DecisionExporterConfig) | |
object (workspace.v1.GithubConfiguration) | |
object (workspace.v1.MetricsExporterConfig) | |
object (git.v1.SourceControlConfig) |
Responses
Request samples
- Payload
{- "activity_exporter": {
- "interval": "5m",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_activity": {
- "access_keys": "string",
- "endpoint": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "github": {
- "organizations": [
- "string"
]
}, - "metrics_exporter": {
- "targets": [
- {
- "interval": 60,
- "plugin": "string",
- "realm": "string",
- "token_id": "string",
- "url": "string"
}
]
}, - "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}
}
Response samples
- 200
- 400
{- "request_id": "string"
}
Update workspace
Updates workspace configuration
Request Body schema: application/jsonrequired
object (workspace.v1.ActivityExporterConfig) | |
object (workspace.v1.DecisionExporterConfig) | |
object (workspace.v1.GithubConfiguration) | |
object (workspace.v1.MetricsExporterConfig) | |
object (git.v1.SourceControlConfig) |
Responses
Request samples
- Payload
{- "activity_exporter": {
- "interval": "5m",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_activity": {
- "access_keys": "string",
- "endpoint": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "decisions_exporter": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}, - "github": {
- "organizations": [
- "string"
]
}, - "metrics_exporter": {
- "targets": [
- {
- "interval": 60,
- "plugin": "string",
- "realm": "string",
- "token_id": "string",
- "url": "string"
}
]
}, - "source_control": {
- "origin": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}
}
Response samples
- 200
- 400
{- "request_id": "string"
}
Kafka connectivity test
Verifies that the Kafka topic can be accessed with the provided credentials.
Request Body schema: application/jsonrequired
authentication required | string Kafka authentication mechanism: OPEN, PLAINTEXT, SASL, TLS |
brokers required | Array of strings Kafka brokers |
compression | string Compression mechanism: GZIP, SNAPPY, LZ4, ZSTD |
idempotent | boolean Enable Kafka idempotent exactly once reliability semantics |
max_message_size | integer <int32> Default: 1000000 Max message size |
max_retries | integer <int32> Default: 3 Max send retries |
object (workspace.v1.KafkaPlain) | |
required_acks required | string Required acks: WaitForLocal, WaitForAll replica ack(s) |
object (workspace.v1.KafkaSasl) | |
timeout | string Default: "10s" Message timeout duration |
object (workspace.v1.KafkaTls) | |
topic required | string Kafka topic |
version | string Kafka version: e.g. 2.0.0 |
Responses
Request samples
- Payload
{- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}
Response samples
- 200
- 400
{- "kafka_code": "string",
- "kafka_message": "string",
- "request_id": "string"
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}
}
Update S3 decision configuration Deprecated
Request Body schema: application/jsonrequired
interval | string Default: "30s" S3 exporter interval: range [30s,1h] |
object (workspace.v1.KafkaConfig) | |
object (workspace.v1.S3DecisionConfig) |
Responses
Request samples
- Payload
{- "interval": "30s",
- "kafka": {
- "authentication": "string",
- "brokers": [
- "string"
], - "compression": "string",
- "idempotent": true,
- "max_message_size": 1000000,
- "max_retries": 3,
- "plain": {
- "user": "string"
}, - "required_acks": "string",
- "sasl": {
- "mechanism": "string",
- "oauth": {
- "client_credentials": {
- "client_id": "string",
- "scopes": "string",
- "token_endpoint": "string"
}, - "token_provider": "string",
- "user_managed": {
- "token": "string"
}
}, - "plain": {
- "user": "string"
}, - "version": 1
}, - "timeout": "10s",
- "tls": {
- "client_cert": "string",
- "insecure_skip_verify": true,
- "rootca": "string"
}, - "topic": "string",
- "version": "string"
}, - "s3_decisions": {
- "access_keys": "string",
- "decision_format": "string",
- "endpoint": "string",
- "file_format": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
}
Response samples
- 200
- 400
{- "request_id": "string"
}
S3 connectivity test
Verifies that the S3 bucket can be accessed with the provided credentials. Creates styra_test.json file
Request Body schema: application/jsonrequired
access_keys | string Access key ID and secret access key are stored at /v1/secrets/${access_keys} |
endpoint | string Custom endpoint or S3 compatible system endpoint (ie: https://storage.googleapis.com) |
region required | string S3 Region (ie: us-east-1 or auto) |
role_arn | string S3 RoleARN to assume access, as an alternative to access keys |
url required | string S3 Bucket URL (ie: s3://styra-storage or gs://styra-storage/folder) |
Responses
Request samples
- Payload
{- "access_keys": "string",
- "endpoint": "string",
- "region": "string",
- "role_arn": "string",
- "url": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "s3_code": "string",
- "s3_message": "string"
}
Verify git access
Verifies that the repository can be accessed with the provided credentials
Request Body schema: application/jsonrequired
commit required | string Commit SHA. Only one of reference or commit can be set at any time |
credentials required | string Credentials are looked under the key |
id required | string id of the entity so that the config can be checked for duplicates |
path required | string Path to limit the import to |
reference required | string Remote reference. Only one of reference or commit can be set at any time |
object (git.v1.SSHCredentials) | |
url required | string Repository URL |
Responses
Request samples
- Payload
{- "commit": "string",
- "credentials": "string",
- "id": "string",
- "path": "string",
- "reference": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
Response samples
- 200
- 400
{- "request_id": "string",
- "result": {
- "commit": "string",
- "credentials": "string",
- "path": "string",
- "reference": "string",
- "sha": "string",
- "ssh_credentials": {
- "passphrase": "string",
- "private_key": "string"
}, - "url": "string"
}
}
List files in Styra DAS-created branch.
Gets the list of files for the branch that the Styra DAS creates when modifying rego in the Styra DAS UI and pushing the changes to GitHub in a branch for review.
path Parameters
id required | string.* workspace id |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "branch": "string",
- "changed_files": [
- "string"
], - "deleted_files": [
- "string"
], - "files": {
- "property1": "string",
- "property2": "string"
}
}
}
Commit files to workspace source control
Commit files to source control associated with a workspace
path Parameters
id required | string.* workspace id |
Request Body schema: application/jsonrequired
author required | string |
email required | string |
required | object Map of filenames to file contents |
files_to_delete required | Array of strings List of filenames to delete from the repo |
message required | string |
Responses
Request samples
- Payload
{- "author": "string",
- "email": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}, - "files_to_delete": [
- "string"
], - "message": "string"
}
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "author": "string",
- "branch": "string",
- "email": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}, - "files_to_delete": [
- "string"
], - "message": "string"
}
}
List files in current branch.
Gets the list of files in the currently chosen branch.
path Parameters
id required | string.* workspace id |
Responses
Response samples
- 200
- 404
{- "request_id": "string",
- "result": {
- "branch": "string",
- "files": {
- "property1": "string",
- "property2": "string"
}
}
}