PolicyService | API reference | Red Hat Advanced Cluster Security for Kubernetes 4.5

CancelDryRunJob

DELETE /v1/policies/dryrunjob/{jobId}

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
jobId		X	null

Name

Description

Required

Default

Pattern

jobId

null

Return Type

Object

Content Type

application/json

Responses

Table 1. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

DeletePolicy

DELETE /v1/policies/{id}

DeletePolicy removes a policy by ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

Object

Content Type

application/json

Responses

Table 2. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

DryRunPolicy

POST /v1/policies/dryrun

DryRunPolicy evaluates the given policy and returns any alerts without creating the policy.

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	StoragePolicy	X

Name

Description

Required

Default

Pattern

body

StoragePolicy

Return Type

V1DryRunResponse

Content Type

application/json

Responses

Table 3. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1DryRunResponse
0	An unexpected error response.	RuntimeError

Samples

EnableDisablePolicyNotification

PATCH /v1/policies/{policyId}/notifiers

EnableDisablePolicyNotification enables or disables notifications for a policy by ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
policyId		X	null

Name

Description

Required

Default

Pattern

policyId

null

Body Parameter

Name	Description	Required	Default	Pattern
body	V1EnableDisablePolicyNotificationRequest	X

Name

Description

Required

Default

Pattern

body

V1EnableDisablePolicyNotificationRequest

Return Type

Object

Content Type

application/json

Responses

Table 4. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

ExportPolicies

POST /v1/policies/export

ExportPolicies takes a list of policy IDs and returns either the entire list of policies or an error message

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	V1ExportPoliciesRequest	X

Name

Description

Required

Default

Pattern

body

V1ExportPoliciesRequest

Return Type

StorageExportPoliciesResponse

Content Type

application/json

Responses

Table 5. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StorageExportPoliciesResponse
0	An unexpected error response.	RuntimeError

Samples

GetPolicy

GET /v1/policies/{id}

GetPolicy returns the requested policy by ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

StoragePolicy

Content Type

application/json

Responses

Table 6. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StoragePolicy
0	An unexpected error response.	RuntimeError

Samples

GetPolicyCategories

GET /v1/policyCategories

GetPolicyCategories returns the policy categories.

Description

Parameters

Return Type

V1PolicyCategoriesResponse

Content Type

application/json

Responses

Table 7. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1PolicyCategoriesResponse
0	An unexpected error response.	RuntimeError

Samples

GetPolicyMitreVectors

GET /v1/policies/{id}/mitrevectors

GetMitreVectorsForPolicy returns the requested policy by ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Query Parameters

Name	Description	Required	Default	Pattern
options.excludePolicy	If set to true, policy is excluded from the response.	-	null

Name

Description

Required

Default

Pattern

options.excludePolicy

If set to true, policy is excluded from the response.

null

Return Type

V1GetPolicyMitreVectorsResponse

Content Type

application/json

Responses

Table 8. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1GetPolicyMitreVectorsResponse
0	An unexpected error response.	RuntimeError

Samples

ImportPolicies

POST /v1/policies/import

ImportPolicies accepts a list of Policies and returns a list of the policies which could not be imported

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	V1ImportPoliciesRequest	X

Name

Description

Required

Default

Pattern

body

V1ImportPoliciesRequest

Return Type

V1ImportPoliciesResponse

Content Type

application/json

Responses

Table 9. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1ImportPoliciesResponse
0	An unexpected error response.	RuntimeError

Samples

ListPolicies

GET /v1/policies

ListPolicies returns the list of policies.

Description

Parameters

Query Parameters

Name	Required	Default
query	-	null
pagination.limit	-	null
pagination.offset	-	null
pagination.sortOption.field	-	null
pagination.sortOption.reversed	-	null
pagination.sortOption.aggregateBy.aggrFunc	-	UNSET
pagination.sortOption.aggregateBy.distinct	-	null

Name

Description

Required

Default

Pattern

query

null

pagination.limit

null

pagination.offset

null

pagination.sortOption.field

null

pagination.sortOption.reversed

null

pagination.sortOption.aggregateBy.aggrFunc

UNSET

pagination.sortOption.aggregateBy.distinct

null

Return Type

V1ListPoliciesResponse

Content Type

application/json

Responses

Table 10. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1ListPoliciesResponse
0	An unexpected error response.	RuntimeError

Samples

PatchPolicy

PATCH /v1/policies/{id}

PatchPolicy edits an existing policy.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Body Parameter

Name	Description	Required	Default	Pattern
body	V1PatchPolicyRequest	X

Name

Description

Required

Default

Pattern

body

V1PatchPolicyRequest

Return Type

Object

Content Type

application/json

Responses

Table 11. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

PolicyFromSearch

POST /v1/policies/from-search

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	V1PolicyFromSearchRequest	X

Name

Description

Required

Default

Pattern

body

V1PolicyFromSearchRequest

Return Type

V1PolicyFromSearchResponse

Content Type

application/json

Responses

Table 12. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1PolicyFromSearchResponse
0	An unexpected error response.	RuntimeError

Samples

PostPolicy

POST /v1/policies

PostPolicy creates a new policy.

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	StoragePolicy	X

Name

Description

Required

Default

Pattern

body

StoragePolicy

Query Parameters

Name	Description	Required	Default	Pattern
enableStrictValidation		-	null

Name

Description

Required

Default

Pattern

enableStrictValidation

null

Return Type

StoragePolicy

Content Type

application/json

Responses

Table 13. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StoragePolicy
0	An unexpected error response.	RuntimeError

Samples

PutPolicy

PUT /v1/policies/{id}

PutPolicy modifies an existing policy.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Body Parameter

Name	Description	Required	Default	Pattern
body	StoragePolicy	X

Name

Description

Required

Default

Pattern

body

StoragePolicy

Return Type

Object

Content Type

application/json

Responses

Table 14. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

QueryDryRunJobStatus

GET /v1/policies/dryrunjob/{jobId}

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
jobId		X	null

Name

Description

Required

Default

Pattern

jobId

null

Return Type

V1DryRunJobStatusResponse

Content Type

application/json

Responses

Table 15. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1DryRunJobStatusResponse
0	An unexpected error response.	RuntimeError

Samples

ReassessPolicies

POST /v1/policies/reassess

ReassessPolicies reevaluates all the policies.

Description

Parameters

Return Type

Object

Content Type

application/json

Responses

Table 16. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

SubmitDryRunPolicyJob

POST /v1/policies/dryrunjob

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	StoragePolicy	X

Name

Description

Required

Default

Pattern

body

StoragePolicy

Return Type

V1JobId

Content Type

application/json

Responses

Table 17. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1JobId
0	An unexpected error response.	RuntimeError

Samples

Common object reference

PolicyMitreAttackVectors

Field Name Required Nullable Type Description Format

tactic

String

techniques

List of string

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Field Name Required Nullable Type Description Format

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

RuntimeError

Field Name

Required

Nullable

Type

Description

Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

StorageBooleanOperator

Enum Values
OR
AND

Enum Values

AND

StorageEnforcementAction

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

Enum Values

UNSET_ENFORCEMENT

SCALE_TO_ZERO_ENFORCEMENT

UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT

KILL_POD_ENFORCEMENT

FAIL_BUILD_ENFORCEMENT

FAIL_KUBE_REQUEST_ENFORCEMENT

FAIL_DEPLOYMENT_CREATE_ENFORCEMENT

FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

StorageEventSource

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

Enum Values

NOT_APPLICABLE

DEPLOYMENT_EVENT

AUDIT_LOG_EVENT

StorageExclusion

Field Name

Required

Nullable

Type

Description

Format

name

String

deployment

StorageExclusionDeployment

image

StorageExclusionImage

expiration

Date

date-time

StorageExclusionDeployment

Field Name

Required

Nullable

Type

Description

Format

name

String

scope

StorageScope

StorageExclusionImage

Field Name

Required

Nullable

Type

Description

Format

name

String

StorageExportPoliciesResponse

ExportPoliciesResponse is used by the API but it is defined in storage because we expect customers to store them. We do backwards-compatibility checks on objects in the storge folder and those checks should be applied to this object

Field Name

Required

Nullable

Type

Description

Format

policies

List of StoragePolicy

StorageLifecycleStage

Enum Values
DEPLOY
BUILD
RUNTIME

Enum Values

DEPLOY

BUILD

RUNTIME

StorageListPolicy

Field Name Required Nullable Type Description Format

String

name

String

description

String

severity

StorageSeverity

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

disabled

Boolean

lifecycleStages

List of StorageLifecycleStage

notifiers

List of string

lastUpdated

Date

date-time

eventSource

StorageEventSource

NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,

isDefault

Boolean

StorageMitreAttackVector

Field Name

Required

Nullable

Type

Description

Format

tactic

StorageMitreTactic

techniques

List of StorageMitreTechnique

StorageMitreTactic

Field Name

Required

Nullable

Type

Description

Format

String

name

String

description

String

StorageMitreTechnique

Field Name

Required

Nullable

Type

Description

Format

String

name

String

description

String

StoragePolicy

Field Name Required Nullable Type Description Format

String

name

String

description

String

rationale

String

remediation

String

disabled

Boolean

StoragePolicyGroup

Field Name

Required

Nullable

Type

Description

Format

fieldName

String

booleanOperator

StorageBooleanOperator

OR, AND,

negate

Boolean

values

List of StoragePolicyValue

StoragePolicySection

Field Name

Required

Nullable

Type

Description

Format

sectionName

String

policyGroups

List of StoragePolicyGroup

StoragePolicyValue

Field Name

Required

Nullable

Type

Description

Format

value

String

StorageScope

Field Name

Required

Nullable

Type

Description

Format

cluster

String

namespace

String

label

StorageScopeLabel

Field Name

Required

Nullable

Type

Description

Format

key

String

value

String

StorageSeverity

Enum Values

UNSET_SEVERITY

LOW_SEVERITY

MEDIUM_SEVERITY

HIGH_SEVERITY

CRITICAL_SEVERITY

V1DryRunJobStatusResponse

Field Name

Required

Nullable

Type

Description

Format

pending

Boolean

result

V1DryRunResponse

Field Name

Required

Nullable

Type

Description

Format

alerts

List of V1DryRunResponseAlert

V1DryRunResponseAlert

Field Name Required Nullable Type Description Format

deployment

String

violations

List of string

V1EnableDisablePolicyNotificationRequest

Field Name Required Nullable Type Description Format

policyId

String

notifierIds

List of string

disable

Boolean

V1ExportPoliciesRequest

Field Name Required Nullable Type Description Format

policyIds

List of string

V1GetPolicyMitreVectorsResponse

Field Name

Required

Nullable

Type

Description

Format

policy

StoragePolicy

vectors

List of StorageMitreAttackVector

V1ImportPoliciesMetadata

Field Name

Required

Nullable

Type

Description

Format

overwrite

Boolean

V1ImportPoliciesRequest

Field Name

Required

Nullable

Type

Description

Format

metadata

V1ImportPoliciesMetadata

policies

List of StoragePolicy

V1ImportPoliciesResponse

Field Name

Required

Nullable

Type

Description

Format

responses

List of V1ImportPolicyResponse

allSucceeded

Boolean

V1ImportPolicyError

Field Name

Required

Nullable

Type

Description

Format

message

String

type

String

duplicateName

String

validationError

String

V1ImportPolicyResponse

Field Name

Required

Nullable

Type

Description

Format

succeeded

Boolean

policy

StoragePolicy

errors

List of V1ImportPolicyError

V1JobId

Field Name

Required

Nullable

Type

Description

Format

jobId

String

V1ListPoliciesResponse

Field Name

Required

Nullable

Type

Description

Format

policies

List of StorageListPolicy

V1PatchPolicyRequest

Field Name

Required

Nullable

Type

Description

Format

String

disabled

Boolean

V1PolicyCategoriesResponse

Field Name Required Nullable Type Description Format

V1PolicyFromSearchRequest

Field Name

Required

Nullable

Type

Description

Format

searchParams

String

V1PolicyFromSearchResponse

Field Name Required Nullable Type Description Format

policy

StoragePolicy

alteredSearchTerms

List of string

hasNestedFields

Boolean