swagger: '2.0' info: title: minder/v1/minder.proto version: version not set tags: - name: HealthService - name: ArtifactService - name: OAuthService - name: RepositoryService - name: UserService - name: ProfileService - name: DataSourceService - name: RuleTypeService - name: EvalResultsService - name: PermissionsService - name: ProjectsService - name: ProvidersService - name: InviteService - name: EntityInstanceService consumes: - application/json produces: - application/json paths: /api/v1/artifact/name/{name}: get: operationId: ArtifactService_GetArtifactByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetArtifactByNameResponse' parameters: - name: name in: path required: true type: string pattern: .+ - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ArtifactService /api/v1/artifact/{id}: get: operationId: ArtifactService_GetArtifactById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetArtifactByIdResponse' parameters: - name: id in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ArtifactService /api/v1/artifacts: get: operationId: ArtifactService_ListArtifacts2 responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListArtifactsResponse' parameters: - name: provider in: query required: false type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: from description: |- from is the filter to apply to the list of artifacts. An example is "repository=org1/repo1,org2/repo2" to filter by repository names. This is optional. in: query required: false type: string tags: - ArtifactService /api/v1/artifacts/{provider}: get: operationId: ArtifactService_ListArtifacts responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListArtifactsResponse' parameters: - name: provider in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: from description: |- from is the filter to apply to the list of artifacts. An example is "repository=org1/repo1,org2/repo2" to filter by repository names. This is optional. in: query required: false type: string tags: - ArtifactService /api/v1/auth/token: post: operationId: OAuthService_StoreProviderToken2 responses: '200': description: A successful response. schema: $ref: '#/definitions/v1StoreProviderTokenResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1StoreProviderTokenRequest' tags: - OAuthService /api/v1/auth/url: get: operationId: OAuthService_GetAuthorizationURL responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetAuthorizationURLResponse' parameters: - name: cli description: cli is true if the request is being made from a CLI. in: query required: false type: boolean - name: owner description: >- owner is the owner (e.g GitHub org) that the provider is associated with. This is optional; we allow empty string because the client may set the field unconditionally, even though the field is marked as `optional`. in: query required: false type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: redirectUrl description: >- redirect_url is the URL to redirect to after the authorization is complete. in: query required: false type: string - name: config description: >- config is a JSON object that can be used to pass additional configuration in: query required: false type: object - name: providerClass in: query required: false type: string tags: - OAuthService /api/v1/auth/verify: get: summary: >- VerifyProviderCredential verifies that a credential has been created matching the enrollment nonce operationId: OAuthService_VerifyProviderCredential responses: '200': description: A successful response. schema: $ref: '#/definitions/v1VerifyProviderCredentialResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: enrollmentNonce description: >- enrollment_nonce is the state parameter returned when enrolling the provider in: query required: true type: string tags: - OAuthService /api/v1/auth/verify/{provider}/{timestamp}: get: summary: >- VerifyProviderTokenFrom verifies that a token has been created for a provider since given timestamp operationId: OAuthService_VerifyProviderTokenFrom responses: '200': description: A successful response. schema: $ref: '#/definitions/v1VerifyProviderTokenFromResponse' parameters: - name: provider in: path required: true type: string - name: timestamp in: path required: true type: string format: date-time - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - OAuthService /api/v1/auth/verify/{timestamp}: get: summary: >- VerifyProviderTokenFrom verifies that a token has been created for a provider since given timestamp operationId: OAuthService_VerifyProviderTokenFrom2 responses: '200': description: A successful response. schema: $ref: '#/definitions/v1VerifyProviderTokenFromResponse' parameters: - name: timestamp in: path required: true type: string format: date-time - name: provider in: query required: false type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - OAuthService /api/v1/auth/{provider}/token: post: operationId: OAuthService_StoreProviderToken responses: '200': description: A successful response. schema: $ref: '#/definitions/v1StoreProviderTokenResponse' parameters: - name: provider in: path required: true type: string - name: body in: body required: true schema: $ref: '#/definitions/OAuthServiceStoreProviderTokenBody' tags: - OAuthService /api/v1/data_source: post: operationId: DataSourceService_CreateDataSource responses: '200': description: A successful response. schema: $ref: '#/definitions/v1CreateDataSourceResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1CreateDataSourceRequest' tags: - DataSourceService put: operationId: DataSourceService_UpdateDataSource responses: '200': description: A successful response. schema: $ref: '#/definitions/v1UpdateDataSourceResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1UpdateDataSourceRequest' tags: - DataSourceService /api/v1/data_source/name/{name}: get: operationId: DataSourceService_GetDataSourceByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetDataSourceByNameResponse' parameters: - name: name in: path required: true type: string pattern: .+ - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string tags: - DataSourceService delete: operationId: DataSourceService_DeleteDataSourceByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteDataSourceByNameResponse' parameters: - name: name in: path required: true type: string pattern: .+ - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string tags: - DataSourceService /api/v1/data_source/{id}: get: operationId: DataSourceService_GetDataSourceById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetDataSourceByIdResponse' parameters: - name: id in: path required: true type: string - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string tags: - DataSourceService delete: operationId: DataSourceService_DeleteDataSourceById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteDataSourceByIdResponse' parameters: - name: id in: path required: true type: string - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string tags: - DataSourceService /api/v1/data_sources: get: operationId: DataSourceService_ListDataSources responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListDataSourcesResponse' parameters: - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string tags: - DataSourceService /api/v1/entities: get: summary: >- ListEntities returns a list of entity instances for a given project and provider operationId: EntityInstanceService_ListEntities responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListEntitiesResponse' parameters: - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string - name: entityType description: entity_type is the type of entity to list in: query required: true type: string enum: - ENTITY_UNSPECIFIED - ENTITY_REPOSITORIES - ENTITY_BUILD_ENVIRONMENTS - ENTITY_ARTIFACTS - ENTITY_PULL_REQUESTS - ENTITY_RELEASE - ENTITY_PIPELINE_RUN - ENTITY_TASK_RUN - ENTITY_BUILD default: ENTITY_UNSPECIFIED - name: cursor.cursor description: |- cursor is the index to start from within the collection being retrieved. It's an opaque payload specified and interpreted on an per-rpc basis. An empty string is used to indicate the first item in the collection. in: query required: false type: string - name: cursor.size description: |- size is the number of items to retrieve from the collection. 0 uses a server-defined default. in: query required: true type: integer format: int64 tags: - EntityInstanceService /api/v1/entity: post: summary: RegisterEntity creates a new entity instance operationId: EntityInstanceService_RegisterEntity responses: '200': description: A successful response. schema: $ref: '#/definitions/v1RegisterEntityResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1RegisterEntityRequest' tags: - EntityInstanceService /api/v1/entity/id/{id}: get: summary: GetEntityById returns an entity instance for a given entity ID operationId: EntityInstanceService_GetEntityById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetEntityByIdResponse' parameters: - name: id description: id is the ID of the entity to get in: path required: true type: string - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string tags: - EntityInstanceService delete: summary: DeleteEntityById deletes an entity instance for a given entity ID operationId: EntityInstanceService_DeleteEntityById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteEntityByIdResponse' parameters: - name: id description: id is the ID of the entity to delete in: path required: true type: string - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string tags: - EntityInstanceService /api/v1/entity/{entityType}/{name}: get: summary: GetEntityByName returns an entity instance for a given entity name operationId: EntityInstanceService_GetEntityByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetEntityByNameResponse' parameters: - name: entityType description: entity_type is the type of entity to get in: path required: true type: string enum: - ENTITY_UNSPECIFIED - ENTITY_REPOSITORIES - ENTITY_BUILD_ENVIRONMENTS - ENTITY_ARTIFACTS - ENTITY_PULL_REQUESTS - ENTITY_RELEASE - ENTITY_PIPELINE_RUN - ENTITY_TASK_RUN - ENTITY_BUILD - name: name description: name is the name of the entity to get in: path required: true type: string pattern: .+ - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: query required: false type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string tags: - EntityInstanceService /api/v1/health: get: operationId: HealthService_CheckHealth responses: '200': description: A successful response. schema: $ref: '#/definitions/v1CheckHealthResponse' tags: - HealthService /api/v1/history: get: operationId: EvalResultsService_ListEvaluationHistory responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListEvaluationHistoryResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: entityType description: List of entity types to retrieve. in: query required: false type: array items: type: string collectionFormat: multi - name: entityName description: List of entity names to retrieve. in: query required: false type: array items: type: string collectionFormat: multi - name: profileName description: List of profile names to retrieve. in: query required: false type: array items: type: string collectionFormat: multi - name: status description: List of evaluation statuses to retrieve. in: query required: false type: array items: type: string collectionFormat: multi - name: remediation description: List of remediation statuses to retrieve. in: query required: false type: array items: type: string collectionFormat: multi - name: alert description: List of alert statuses to retrieve. in: query required: false type: array items: type: string collectionFormat: multi - name: from description: Timestamp representing the start time of the selection window. in: query required: false type: string format: date-time - name: to description: Timestamp representing the end time of the selection window. in: query required: false type: string format: date-time - name: labelFilter description: >- Filter evaluation history to only those matching the specified labels. The default is to return all user-created profiles; the string "*" can be used to select all profiles, including system profiles. This syntax may be expanded in the future. in: query required: false type: array items: type: string collectionFormat: multi - name: cursor.cursor description: |- cursor is the index to start from within the collection being retrieved. It's an opaque payload specified and interpreted on an per-rpc basis. An empty string is used to indicate the first item in the collection. in: query required: false type: string - name: cursor.size description: |- size is the number of items to retrieve from the collection. 0 uses a server-defined default. in: query required: true type: integer format: int64 - name: includeOutputs description: |- If true, include structured rule output for the matched evaluations. Not all ruletypes may generate structured outputs. Because the evaluation output may be large, it is only returned when explicitly requested. in: query required: false type: boolean tags: - EvalResultsService /api/v1/history/{id}: get: operationId: EvalResultsService_GetEvaluationHistory responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetEvaluationHistoryResponse' parameters: - name: id in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: includeOutputs description: |- If true, include structured rule output for the matched evaluations. Not all ruletypes may generate structured outputs. Because the evaluation output may be large, it is only returned when explicitly requested. in: query required: false type: boolean tags: - EvalResultsService /api/v1/invite/{code}: get: operationId: InviteService_GetInviteDetails responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetInviteDetailsResponse' parameters: - name: code description: Invite nonce/code to retrieve details for in: path required: true type: string tags: - InviteService /api/v1/permissions/assign: post: operationId: PermissionsService_AssignRole responses: '200': description: A successful response. schema: $ref: '#/definitions/v1AssignRoleResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1AssignRoleRequest' tags: - PermissionsService /api/v1/permissions/assignments: get: operationId: PermissionsService_ListRoleAssignments responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListRoleAssignmentsResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - PermissionsService /api/v1/permissions/remove: delete: operationId: PermissionsService_RemoveRole responses: '200': description: A successful response. schema: $ref: '#/definitions/v1RemoveRoleResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: roleAssignment.role description: role is the role that is assigned. in: query required: true type: string - name: roleAssignment.subject description: |- subject is the subject to which the role is assigned. Can be either a UUID or a providername/subject string. in: query required: false type: string - name: roleAssignment.displayName description: display_name is the display name of the subject. in: query required: false type: string - name: roleAssignment.project description: project is the project in which the role is assigned. in: query required: false type: string - name: roleAssignment.email description: email is the email address of the subject used for invitations. in: query required: false type: string - name: roleAssignment.firstName description: first_name is the first name of the subject. in: query required: false type: string - name: roleAssignment.lastName description: last_name is the last name of the subject. in: query required: false type: string tags: - PermissionsService /api/v1/permissions/roles: get: operationId: PermissionsService_ListRoles responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListRolesResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - PermissionsService /api/v1/permissions/update: post: operationId: PermissionsService_UpdateRole responses: '200': description: A successful response. schema: $ref: '#/definitions/v1UpdateRoleResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1UpdateRoleRequest' tags: - PermissionsService /api/v1/profile: post: operationId: ProfileService_CreateProfile responses: '200': description: A successful response. schema: $ref: '#/definitions/v1CreateProfileResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1CreateProfileRequest' tags: - ProfileService put: operationId: ProfileService_UpdateProfile responses: '200': description: A successful response. schema: $ref: '#/definitions/v1UpdateProfileResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1UpdateProfileRequest' tags: - ProfileService /api/v1/profile/name/{name}: get: operationId: ProfileService_GetProfileByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetProfileByNameResponse' parameters: - name: name description: name is the name of the profile to get in: path required: true type: string pattern: .+ - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProfileService /api/v1/profile/name/{name}/status: get: operationId: ProfileService_GetProfileStatusByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetProfileStatusByNameResponse' parameters: - name: name description: name is the name of the profile to get in: path required: true type: string pattern: .+ - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: entity.type description: >- entity is the entity to get status for. Incompatible with `all` On input, at least one of id and name must be set. If both are set, they must both match. On output, both id and name will be set. in: query required: true type: string enum: - ENTITY_UNSPECIFIED - ENTITY_REPOSITORIES - ENTITY_BUILD_ENVIRONMENTS - ENTITY_ARTIFACTS - ENTITY_PULL_REQUESTS - ENTITY_RELEASE - ENTITY_PIPELINE_RUN - ENTITY_TASK_RUN - ENTITY_BUILD default: ENTITY_UNSPECIFIED - name: entity.id description: >- id is the ID of the entity to get status for. Incompatible with `all` in: query required: false type: string - name: entity.name description: >- name is the name of the entity. This name is unique within a given project, type, and provider, but may not be globally unique. in: query required: false type: string - name: all description: |- all is true if the status of all entities should be returned. Incompatible with `entity`. This is optional. in: query required: false type: boolean - name: rule description: rule is the type of the rule. Deprecated in favor of rule_type in: query required: false type: string - name: ruleType description: |- rule_type is the type of the rule to filter on. This is optional. in: query required: false type: string - name: ruleName description: |- rule_name is the name of the rule to filter on. This is optional. in: query required: false type: string tags: - ProfileService /api/v1/profile/{id}: get: operationId: ProfileService_GetProfileById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetProfileByIdResponse' parameters: - name: id description: id is the id of the profile to get in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProfileService delete: operationId: ProfileService_DeleteProfile responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteProfileResponse' parameters: - name: id description: id is the name or id of the profile to delete in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProfileService patch: operationId: ProfileService_PatchProfile responses: '200': description: A successful response. schema: $ref: '#/definitions/v1PatchProfileResponse' parameters: - name: id description: >- The id or name of the profile to patch. Same explanation about explicitness as for the context in: path required: true type: string - name: patch description: The patch to apply to the profile in: body required: true schema: $ref: '#/definitions/v1Profile' - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProfileService /api/v1/profile/{id}/status: get: operationId: ProfileService_GetProfileStatusById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetProfileStatusByIdResponse' parameters: - name: id description: id is the id of the profile to get in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: entity.type description: >- entity is the entity to get status for. Incompatible with `all` On input, at least one of id and name must be set. If both are set, they must both match. On output, both id and name will be set. in: query required: true type: string enum: - ENTITY_UNSPECIFIED - ENTITY_REPOSITORIES - ENTITY_BUILD_ENVIRONMENTS - ENTITY_ARTIFACTS - ENTITY_PULL_REQUESTS - ENTITY_RELEASE - ENTITY_PIPELINE_RUN - ENTITY_TASK_RUN - ENTITY_BUILD default: ENTITY_UNSPECIFIED - name: entity.id description: >- id is the ID of the entity to get status for. Incompatible with `all` in: query required: false type: string - name: entity.name description: >- name is the name of the entity. This name is unique within a given project, type, and provider, but may not be globally unique. in: query required: false type: string - name: all in: query required: false type: boolean - name: ruleType in: query required: false type: string - name: ruleName in: query required: false type: string tags: - ProfileService /api/v1/profile_status: get: operationId: ProfileService_GetProfileStatusByProject responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetProfileStatusByProjectResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProfileService /api/v1/profiles: get: operationId: ProfileService_ListProfiles responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListProfilesResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: labelFilter description: >- Filter profiles to only those matching the specified labels. The default is to return all user-created profiles; the string "*" can be used to select all profiles, including system profiles. This syntax may be expanded in the future. in: query required: false type: string tags: - ProfileService /api/v1/projects: get: operationId: ProjectsService_ListProjects responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListProjectsResponse' tags: - ProjectsService delete: operationId: ProjectsService_DeleteProject responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteProjectResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProjectsService post: operationId: ProjectsService_CreateProject responses: '200': description: A successful response. schema: $ref: '#/definitions/v1CreateProjectResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1CreateProjectRequest' tags: - ProjectsService put: operationId: ProjectsService_UpdateProject responses: '200': description: A successful response. schema: $ref: '#/definitions/v1UpdateProjectResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1UpdateProjectRequest' tags: - ProjectsService patch: operationId: ProjectsService_PatchProject responses: '200': description: A successful response. schema: $ref: '#/definitions/v1PatchProjectResponse' parameters: - name: patch description: patch is the patch to apply to the project in: body required: true schema: $ref: '#/definitions/v1ProjectPatch' - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProjectsService /api/v1/projects/entity/reconcile: post: operationId: ProjectsService_CreateEntityReconciliationTask responses: '200': description: A successful response. schema: $ref: '#/definitions/v1CreateEntityReconciliationTaskResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1CreateEntityReconciliationTaskRequest' tags: - ProjectsService /api/v1/projects/{context.projectId}/children: get: operationId: ProjectsService_ListChildProjects responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListChildProjectsResponse' parameters: - name: context.projectId description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. in: path required: true type: string - name: context.provider description: name of the provider. Set to empty string when not applicable. in: query required: false type: string - name: recursive description: recursive is true if child projects should be listed recursively. in: query required: false type: boolean tags: - ProjectsService /api/v1/provider/register_all: post: operationId: ProvidersService_ReconcileEntityRegistration responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ReconcileEntityRegistrationResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1ReconcileEntityRegistrationRequest' tags: - ProvidersService /api/v1/provider_classes: get: operationId: ProvidersService_ListProviderClasses responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListProviderClassesResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProvidersService /api/v1/providers: get: operationId: ProvidersService_ListProviders responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListProvidersResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: limit description: |- limit is the maximum number of providers to return. 0 uses a server-defined default. in: query required: true type: integer format: int32 - name: cursor description: >- cursor is the cursor to use for the page of results, empty if at the beginning in: query required: false type: string tags: - ProvidersService delete: operationId: ProvidersService_DeleteProvider responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteProviderResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProvidersService post: operationId: ProvidersService_CreateProvider responses: '200': description: A successful response. schema: $ref: '#/definitions/v1CreateProviderResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1CreateProviderRequest' tags: - ProvidersService patch: operationId: ProvidersService_PatchProvider responses: '200': description: A successful response. schema: $ref: '#/definitions/v1PatchProviderResponse' parameters: - name: patch in: body required: true schema: $ref: '#/definitions/v1Provider' - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProvidersService /api/v1/providers/{id}: delete: operationId: ProvidersService_DeleteProviderByID responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteProviderByIDResponse' parameters: - name: id description: id is the id of the provider to delete in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProvidersService /api/v1/providers/{name}: get: operationId: ProvidersService_GetProvider responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetProviderResponse' parameters: - name: name description: name is the name of the provider to get. in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - ProvidersService /api/v1/repositories: get: operationId: RepositoryService_ListRepositories2 responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListRepositoriesResponse' parameters: - name: provider in: query required: false type: string - name: limit description: |- limit is the maximum number of results to return. This is optional. in: query required: false type: string format: int64 - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: cursor description: |- cursor is the cursor to use for the next page of results. This is optional. in: query required: false type: string tags: - RepositoryService /api/v1/repositories/provider/{provider}: get: operationId: RepositoryService_ListRepositories responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListRepositoriesResponse' parameters: - name: provider in: path required: true type: string - name: limit description: |- limit is the maximum number of results to return. This is optional. in: query required: false type: string format: int64 - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: cursor description: |- cursor is the cursor to use for the next page of results. This is optional. in: query required: false type: string tags: - RepositoryService /api/v1/repositories/provider/{provider}/remote: get: operationId: RepositoryService_ListRemoteRepositoriesFromProvider responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListRemoteRepositoriesFromProviderResponse' parameters: - name: provider in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RepositoryService /api/v1/repositories/remote: get: operationId: RepositoryService_ListRemoteRepositoriesFromProvider2 responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListRemoteRepositoriesFromProviderResponse' parameters: - name: provider in: query required: false type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RepositoryService /api/v1/repository/id/{repositoryId}: get: operationId: RepositoryService_GetRepositoryById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetRepositoryByIdResponse' parameters: - name: repositoryId in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RepositoryService delete: operationId: RepositoryService_DeleteRepositoryById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteRepositoryByIdResponse' parameters: - name: repositoryId in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RepositoryService /api/v1/repository/name/{name}: get: operationId: RepositoryService_GetRepositoryByName2 responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetRepositoryByNameResponse' parameters: - name: name in: path required: true type: string pattern: .+ - name: provider in: query required: false type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RepositoryService delete: operationId: RepositoryService_DeleteRepositoryByName2 responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteRepositoryByNameResponse' parameters: - name: name in: path required: true type: string pattern: .+ - name: provider in: query required: false type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RepositoryService /api/v1/repository/provider/{provider}/name/{name}: get: operationId: RepositoryService_GetRepositoryByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetRepositoryByNameResponse' parameters: - name: provider in: path required: true type: string - name: name in: path required: true type: string pattern: .+ - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RepositoryService delete: operationId: RepositoryService_DeleteRepositoryByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteRepositoryByNameResponse' parameters: - name: provider in: path required: true type: string - name: name in: path required: true type: string pattern: .+ - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RepositoryService /api/v1/repository/provider/{provider}/register: post: operationId: RepositoryService_RegisterRepository responses: '200': description: A successful response. schema: $ref: '#/definitions/v1RegisterRepositoryResponse' parameters: - name: provider in: path required: true type: string - name: body in: body required: true schema: $ref: '#/definitions/RepositoryServiceRegisterRepositoryBody' tags: - RepositoryService /api/v1/repository/register: post: operationId: RepositoryService_RegisterRepository2 responses: '200': description: A successful response. schema: $ref: '#/definitions/v1RegisterRepositoryResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1RegisterRepositoryRequest' tags: - RepositoryService /api/v1/results: get: operationId: EvalResultsService_ListEvaluationResults responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListEvaluationResultsResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string - name: profile description: ID can contain either a profile name or an ID. in: query required: false type: string - name: labelFilter description: >- Filter profiles to only those matching the specified labels. The default is to return all user-created profiles; the string "*" can be used to select all profiles, including system profiles. This syntax may be expanded in the future. in: query required: false type: string - name: ruleName description: |- If set, only return evaluation results for the named rules. If empty, return evaluation results for all rules in: query required: false type: array items: type: string collectionFormat: multi - name: includeOutputs description: |- If true, include structured rule output for the matched evaluations. Not all ruletypes may generate structured outputs. Because the evaluation output may be large, it is only returned when explicitly requested. in: query required: false type: boolean tags: - EvalResultsService /api/v1/rule_type: post: operationId: RuleTypeService_CreateRuleType responses: '200': description: A successful response. schema: $ref: '#/definitions/v1CreateRuleTypeResponse' parameters: - name: body description: CreateRuleTypeRequest is the request to create a rule type. in: body required: true schema: $ref: '#/definitions/v1CreateRuleTypeRequest' tags: - RuleTypeService put: operationId: RuleTypeService_UpdateRuleType responses: '200': description: A successful response. schema: $ref: '#/definitions/v1UpdateRuleTypeResponse' parameters: - name: body description: UpdateRuleTypeRequest is the request to update a rule type. in: body required: true schema: $ref: '#/definitions/v1UpdateRuleTypeRequest' tags: - RuleTypeService /api/v1/rule_type/name/{name}: get: operationId: RuleTypeService_GetRuleTypeByName responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetRuleTypeByNameResponse' parameters: - name: name description: name is the name of the rule type. in: path required: true type: string pattern: .+ - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RuleTypeService /api/v1/rule_type/{id}: get: operationId: RuleTypeService_GetRuleTypeById responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetRuleTypeByIdResponse' parameters: - name: id description: id is the id of the rule type. in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RuleTypeService delete: operationId: RuleTypeService_DeleteRuleType responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteRuleTypeResponse' parameters: - name: id description: id is the name or id of the rule type to be deleted. in: path required: true type: string - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RuleTypeService /api/v1/rule_types: get: operationId: RuleTypeService_ListRuleTypes responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListRuleTypesResponse' parameters: - name: context.provider description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. in: query required: false type: string - name: context.project description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. in: query required: false type: string - name: context.retiredOrganization in: query required: false type: string tags: - RuleTypeService /api/v1/user: get: operationId: UserService_GetUser responses: '200': description: A successful response. schema: $ref: '#/definitions/v1GetUserResponse' tags: - UserService delete: operationId: UserService_DeleteUser responses: '200': description: A successful response. schema: $ref: '#/definitions/v1DeleteUserResponse' tags: - UserService post: operationId: UserService_CreateUser responses: '200': description: A successful response. schema: $ref: '#/definitions/v1CreateUserResponse' parameters: - name: body in: body required: true schema: $ref: '#/definitions/v1CreateUserRequest' tags: - UserService /api/v1/user/invitation/{code}: post: summary: |- ResolveInvitation allows a user to accept or decline an invitation to a project given the code for the invitation. A user may call ResolveInvitation to accept or decline an invitation even if they have not called CreateUser. If a user accepts an invitation via this call before calling CreateUser, a Minder user record will be created, but no additional projects will be created (unlike CreateUser, which will also create a default project). operationId: UserService_ResolveInvitation responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ResolveInvitationResponse' parameters: - name: code description: code is the code of the invitation to resolve. in: path required: true type: string - name: accept description: >- accept is true if the invitation is accepted, false if it is rejected. in: query required: false type: boolean tags: - UserService /api/v1/user/invitations: get: summary: |- ListInvitations returns a list of invitations for the user based on the user's registered email address. Note that a user who receives an invitation code may still accept the invitation even if the code was directed to a different email address. This is because understanding the routing of email messages is beyond the scope of Minder. description: |- This API endpoint may be called without the logged-in user previously having called `CreateUser`. operationId: UserService_ListInvitations responses: '200': description: A successful response. schema: $ref: '#/definitions/v1ListInvitationsResponse' tags: - UserService definitions: AlertAlertTypePRComment: type: object properties: reviewMessage: type: string description: review_message is the message to post in the PR review. action: type: string description: >- action is the action to use for the PR review (comment or request_changes). Default is comment. required: - reviewMessage AlertAlertTypeSA: type: object properties: severity: type: string DefPath: type: object properties: fileName: type: string alternatives: type: array items: type: string DefinitionAlert: type: object properties: type: type: string description: >- type is the type of the alert. * 'security_advisory' can only be used with the 'repository' entity type. * 'pull_request_comment' can only be used with the 'pull_request' entity type. securityAdvisory: $ref: '#/definitions/AlertAlertTypeSA' pullRequestComment: $ref: '#/definitions/AlertAlertTypePRComment' DefinitionEval: type: object properties: type: type: string description: type is the type of the data evaluation. jq: type: array items: type: object $ref: '#/definitions/EvalJQComparison' description: |- jq is only used if the `jq` type is selected. It defines the comparisons that are made between the ingested data and the profile rule. rego: $ref: '#/definitions/EvalRego' description: rego is only used if the `rego` type is selected. vulncheck: $ref: '#/definitions/EvalVulncheck' description: vulncheck is only used if the `vulncheck` type is selected. trusty: $ref: '#/definitions/EvalTrusty' title: |- The trusty type is no longer used, but is still here for backwards compatibility with existing stored rules homoglyphs: $ref: '#/definitions/EvalHomoglyphs' description: homoglyphs is only used if the `homoglyphs` type is selected. dataSources: type: array items: type: object $ref: '#/definitions/v1DataSourceReference' description: |- Data sources that the rule refers to. These are used to instantiate the relevant data sources for the rule and keep track of them as dependencies. Note that the data source must exist in the project hierarchy in order to be used in the rule. description: |- Eval defines the data evaluation definition. This pertains to the way we traverse data from the upstream endpoint and how we compare it to the rule. required: - type DefinitionIngest: type: object properties: type: type: string description: |- type is the type of the data ingestion. we currently support rest, artifact and builtin. rest: $ref: '#/definitions/v1RestType' description: |- rest is the rest data ingestion. this is only used if the type is rest. builtin: $ref: '#/definitions/v1BuiltinType' description: builtin is the builtin data ingestion. artifact: $ref: '#/definitions/v1ArtifactType' description: |- artifact is the artifact data ingestion. artifact currently only applies to artifacts. git: $ref: '#/definitions/v1GitType' description: |- git is the git data ingestion. git currently only applies to repositories. diff: $ref: '#/definitions/v1DiffType' description: |- diff is the diff data ingestion. diff currently only applies to pull_requests. deps: $ref: '#/definitions/v1DepsType' description: |- deps is the deps data ingestion. deps currently only applies to repositories. description: Ingest defines how the data is ingested. required: - type DefinitionRemediate: type: object properties: type: type: string description: >- type is the type of the remediation. * 'rest' can be used with any entity type. * 'gh_branch_protection' and 'pull_request' can only be used with the 'repository' entity type. * 'pull_request_comment' can only be used with the 'pull_request' entity type. rest: $ref: '#/definitions/v1RestType' ghBranchProtection: $ref: '#/definitions/RemediateGhBranchProtectionType' pullRequest: $ref: '#/definitions/RemediatePullRequestRemediation' pullRequestComment: $ref: '#/definitions/AlertAlertTypePRComment' DepsTypePullRequestConfigs: type: object properties: filter: type: string description: >- filter is the filter to apply to the PRs. The default value is "NEW_AND_UPDATED". DepsTypeRepoConfigs: type: object properties: branch: type: string description: >- branch is the branch of the git repository, when applied to repository entities. Has no meaning or effect on other entity types. DiffTypeEcosystem: type: object properties: name: type: string description: name is the name of the ecosystem. depfile: type: string title: depfile is the file that contains the dependencies for this ecosystem EvalHomoglyphs: type: object properties: type: type: string EvalJQComparison: type: object properties: ingested: $ref: '#/definitions/JQComparisonOperator' title: Ingested points to the data retrieved in the `ingest` section profile: $ref: '#/definitions/JQComparisonOperator' description: |- Profile points to the profile itself. This is mutually exclusive with the `constant` field. constant: description: |- Constant points to a constant value. This is mutually exclusive with the `profile` field. required: - ingested EvalRego: type: object properties: type: type: string description: |- type is the type of evaluation engine to use for rego. We currently have two modes of operation: - deny-by-default: this is the default mode of operation where we deny access by default and allow access only if the profile explicitly allows it. It expects the profile to set an `allow` variable to true or false. - constraints: this is the mode of operation where we allow access by default and deny access only if a violation is found. It expects the profile to set a `violations` variable with a "msg" field. def: type: string description: def is the definition of the rego profile. violationFormat: type: string description: |- how are violations reported. This is only used if the `constraints` type is selected. The default is `text` which returns human-readable text. The other option is `json` which returns a JSON array containing the violations. required: - def EvalTrusty: type: object properties: endpoint: type: string title: |- This is no longer used, but is still here for backwards compatibility with existing stored rules EvalVulncheck: type: object title: no configuration for now JQComparisonOperator: type: object properties: def: type: string required: - def ListEvaluationResultsResponseEntityEvaluationResults: type: object properties: entity: $ref: '#/definitions/v1EntityTypedId' profiles: type: array items: type: object $ref: >- #/definitions/ListEvaluationResultsResponseEntityProfileEvaluationResults ListEvaluationResultsResponseEntityProfileEvaluationResults: type: object properties: profileStatus: $ref: '#/definitions/v1ProfileStatus' title: >- profile_status is the status of the profile - id, name, status, last_updated results: type: array items: type: object $ref: '#/definitions/v1RuleEvaluationStatus' title: >- Note that some fields like profile_id and entity might be empty Eventually we might replace this type with another one that fits the API better OAuthServiceStoreProviderTokenBody: type: object properties: accessToken: type: string description: access_token is the token to store. owner: type: string description: >- owner is the owner (e.g GitHub org) that the provider is associated with. This is optional, but an empty string is allowed as existing clients may set the field unconditionally. context: $ref: '#/definitions/v1Context' required: - accessToken ProfileRule: type: object properties: type: type: string description: type is the type of the rule to be instantiated. params: type: object description: |- params are the parameters that are passed to the rule. This is optional and depends on the rule type. def: type: object description: |- def is the definition of the rule. This depends on the rule type. name: type: string title: name is the descriptive name of the rule, not to be confused with type description: Rule defines the individual call of a certain rule type. ProfileSelector: type: object properties: id: type: string description: >- id is optional and use for updates to match upserts as well as read operations. It is ignored for creates. entity: type: string description: entity is the entity to select. selector: type: string description: expr is the expression to select the entity. description: type: string description: description is the human-readable description of the selector. PullRequestRemediationActionsReplaceTagsWithSha: type: object properties: exclude: type: array items: type: string title: List of actions to exclude from the replacement PullRequestRemediationContent: type: object properties: path: type: string title: the file to patch action: type: string title: how to patch the file. For now, only replace is supported content: type: string title: the content of the file mode: type: string title: >- the GIT mode of the file. Not UNIX mode! String because the GH API also uses strings the usual modes are: 100644 for regular files, 100755 for executable files and 040000 for submodules (which we don't use but now you know the meaning of the 1 in 100644) see e.g. https://github.com/go-git/go-git/blob/32e0172851c35ae2fac495069c923330040903d2/plumbing/filemode/filemode.go#L16 RemediateGhBranchProtectionType: type: object properties: patch: type: string RemediatePullRequestRemediation: type: object properties: title: type: string description: >- the title of the PR This is not validated here as it will be validated by the repository provider, i.e. GitHub upon creation of the PR. body: type: string description: >- the body of the PR This is not validated here as it will be validated by the repository provider, i.e. GitHub upon creation of the PR. contents: type: array items: type: object $ref: '#/definitions/PullRequestRemediationContent' method: type: string title: >- the method to use to create the PR. For now, these are supported: -- minder.content - ensures that the content of the file is exactly as specified refer to the Content message for more details -- minder.actions.replace_tags_with_sha - finds any github actions within a workflow file and replaces the tag with the SHA -- minder.yq.evaluate - evaluates a yq expression on a file params: type: object description: >- params are unstructured parameters passed to the method. These are optional and evaluated by the method. actionsReplaceTagsWithSha: $ref: '#/definitions/PullRequestRemediationActionsReplaceTagsWithSha' title: >- If the method is minder.actions.replace_tags_with_sha, this is the configuration for that method title: >- the name stutters a bit but we already use a PullRequest message for handling PR entities RepositoryServiceRegisterRepositoryBody: type: object properties: repository: $ref: '#/definitions/v1UpstreamRepositoryRef' description: |- repository is the repository to register. This is optional if entity is set. context: $ref: '#/definitions/v1Context' entity: $ref: '#/definitions/v1UpstreamEntityRef' description: |- entity is the entity to register. This is the same as the repository field, but uses the new UpstreamEntityRef message. This is what we'll migrate to eventually. This is optional if repository is set. RestDataSourceDefFallback: type: object properties: httpStatus: type: integer format: int32 body: type: string RuleTypeDefinition: type: object properties: inEntity: type: string description: |- in_entity is the entity in which the rule is evaluated. This can be repository, build_environment or artifact. ruleSchema: type: object description: >- rule_schema is the schema of the rule. This is expressed in JSON Schema. paramSchema: type: object description: >- param_schema is the schema of the parameters that are passed to the rule. This is expressed in JSON Schema. ingest: $ref: '#/definitions/DefinitionIngest' eval: $ref: '#/definitions/DefinitionEval' remediate: $ref: '#/definitions/DefinitionRemediate' alert: $ref: '#/definitions/DefinitionAlert' description: >- Definition defines the rule type. It encompases the schema and the data evaluation. required: - ingest - eval protobufNullValue: type: string enum: - NULL_VALUE default: NULL_VALUE description: |- `NullValue` is a singleton enumeration to represent the null value for the `Value` type union. The JSON representation for `NullValue` is JSON `null`. - NULL_VALUE: Null value. v1Artifact: type: object properties: artifactPk: type: string owner: type: string description: owner is the artifact owner. This is optional. name: type: string type: type: string visibility: type: string repository: type: string description: |- repository is the repository the artifact originated from. This is optional. versions: type: array items: type: object $ref: '#/definitions/v1ArtifactVersion' createdAt: type: string format: date-time context: $ref: '#/definitions/v1Context' required: - artifactPk - name - type - visibility - createdAt v1ArtifactType: type: object description: ArtifactType defines the artifact data evaluation. v1ArtifactVersion: type: object properties: versionId: type: string format: int64 tags: type: array items: type: string sha: type: string createdAt: type: string format: date-time description: |- ArtifactVersion is a version of an artifact. This is currently not populated in any requests or responses. v1AssignRoleRequest: type: object properties: context: $ref: '#/definitions/v1Context' description: context is the context in which the role assignment is evaluated. roleAssignment: $ref: '#/definitions/v1RoleAssignment' description: role_assignment is the role assignment to be created. required: - roleAssignment v1AssignRoleResponse: type: object properties: roleAssignment: $ref: '#/definitions/v1RoleAssignment' description: |- role_assignment is the role assignment that was created. This is optional. invitation: $ref: '#/definitions/v1Invitation' description: |- invitation contains the details of the invitation for the assigned user to join the project if the user is not already a member. This is optional. v1AuthorizationFlow: type: string enum: - AUTHORIZATION_FLOW_UNSPECIFIED - AUTHORIZATION_FLOW_NONE - AUTHORIZATION_FLOW_USER_INPUT - AUTHORIZATION_FLOW_OAUTH2_AUTHORIZATION_CODE_FLOW - AUTHORIZATION_FLOW_GITHUB_APP_FLOW default: AUTHORIZATION_FLOW_UNSPECIFIED v1AuthorizationParams: type: object properties: authorizationUrl: type: string description: authorization_url is an external URL to use to authorize the provider. v1BuiltinType: type: object properties: method: type: string description: BuiltinType defines the builtin data evaluation. v1CheckHealthResponse: type: object properties: status: type: string required: - status v1Context: type: object properties: provider: type: string description: >- name of the provider This is optional, but some existing clients may set the field unconditionally, so an empty string is also an allowed value. project: type: string description: >- ID or name of the project. If empty or unset, will select the user's default project if they only have one project. Existing clients may unconditionally set this to the empty string rather than leaving this unset, so we allow "" as an alias for unset. retiredOrganization: type: string description: >- Context defines the context in which a rule is evaluated. this normally refers to a combination of the provider, organization and project. Removing the 'optional' keyword from the following two fields below will break buf compatibility checks. v1ContextV2: type: object properties: projectId: type: string description: >- project is the project ID or name. If empty or unset, will select the user's default project if they only have one project. provider: type: string description: name of the provider. Set to empty string when not applicable. description: ContextV2 defines the context in which a rule is evaluated. v1CreateDataSourceRequest: type: object properties: dataSource: $ref: '#/definitions/v1DataSource' title: DataSource service v1CreateDataSourceResponse: type: object properties: dataSource: $ref: '#/definitions/v1DataSource' v1CreateEntityReconciliationTaskRequest: type: object properties: entity: $ref: '#/definitions/v1EntityTypedId' description: entity is the entity to be reconciled. context: $ref: '#/definitions/v1Context' description: >- context is the context in which the entity reconciliation task is created. required: - entity v1CreateEntityReconciliationTaskResponse: type: object v1CreateProfileRequest: type: object properties: profile: $ref: '#/definitions/v1Profile' title: Profile service required: - profile v1CreateProfileResponse: type: object properties: profile: $ref: '#/definitions/v1Profile' required: - profile v1CreateProjectRequest: type: object properties: context: $ref: '#/definitions/v1Context' description: context is the context in which the project is created. name: type: string description: name is the name of the project to create. required: - name v1CreateProjectResponse: type: object properties: project: $ref: '#/definitions/v1Project' description: project is the project that was created. required: - project v1CreateProviderRequest: type: object properties: context: $ref: '#/definitions/v1Context' description: context is the context in which the provider is created. provider: $ref: '#/definitions/v1Provider' description: provider is the provider to be created. required: - provider v1CreateProviderResponse: type: object properties: provider: $ref: '#/definitions/v1Provider' description: provider is the provider that was created. authorization: $ref: '#/definitions/v1AuthorizationParams' description: |- authorization provides additional authorization information needed to complete the initialization of the provider. required: - provider v1CreateRuleTypeRequest: type: object properties: ruleType: $ref: '#/definitions/v1RuleType' description: rule_type is the rule type to be created. description: CreateRuleTypeRequest is the request to create a rule type. required: - ruleType v1CreateRuleTypeResponse: type: object properties: ruleType: $ref: '#/definitions/v1RuleType' description: rule_type is the rule type that was created. description: CreateRuleTypeResponse is the response to create a rule type. required: - ruleType v1CreateUserRequest: type: object title: User service v1CreateUserResponse: type: object properties: id: type: integer format: int32 organizationId: type: string organizatioName: type: string projectId: type: string projectName: type: string identitySubject: type: string createdAt: type: string format: date-time context: $ref: '#/definitions/v1Context' required: - id - projectId - projectName - identitySubject - createdAt v1Cursor: type: object properties: cursor: type: string description: |- cursor is the index to start from within the collection being retrieved. It's an opaque payload specified and interpreted on an per-rpc basis. An empty string is used to indicate the first item in the collection. size: type: integer format: int64 description: |- size is the number of items to retrieve from the collection. 0 uses a server-defined default. description: |- Cursor message to be used in request messages. Its purpose is to allow clients to specify the subset of records to retrieve by means of index within a collection, along with the number of items to retrieve. required: - size v1CursorPage: type: object properties: totalRecords: type: integer format: int64 description: Total number of records matching the request. This is optional. next: $ref: '#/definitions/v1Cursor' description: >- Cursor pointing to retrieve results logically placed after the ones shipped with the message containing this struct. This is optional. prev: $ref: '#/definitions/v1Cursor' description: >- Cursor pointing to retrieve results logically placed before the ones shipped with the message containing this struct. This is optional. description: |- CursorPage message used in response messages. Its purpose is to send to clients links pointing to next and/or previous collection subsets with respect to the one containing this struct. v1DataSource: type: object properties: version: type: string description: version is the version of the data source API. type: type: string title: type is the data source type context: $ref: '#/definitions/v1ContextV2' description: |- context is the context in which the data source is evaluated. Note that in this case we only need the project in the context, since data sources are not provider-specific. name: type: string description: |- name is the name of the data source. Note that this is unique within a project hierarchy. Names must be lowercase and can only contain letters, numbers, hyphens, and underscores. id: type: string description: id is the unique identifier of the data source. readOnly: true structured: $ref: '#/definitions/v1StructDataSource' description: structured is the structired data - data source. rest: $ref: '#/definitions/v1RestDataSource' description: rest is the REST data source driver. description: |- DataSource is a Data source instance. Data sources represent external integrations that enrich the data in Minder, but do not have explicit lifecycle objects (entities). Integrations which create entities are called Providers. required: - version - name v1DataSourceReference: type: object properties: name: type: string description: name is the name of the data source within the project hierarchy. alias: type: string description: |- alias is the alias used to refer to the data source in the rule definition. If left unset, it will default to the name of the data source. description: |- DataSourceReference is a reference to a data source. Note that for a resource to refer to a data source the data source must be available in the same project hierarchy. v1DeleteDataSourceByIdResponse: type: object properties: id: type: string v1DeleteDataSourceByNameResponse: type: object properties: name: type: string v1DeleteEntityByIdResponse: type: object properties: id: type: string title: id is the ID of the entity that was deleted title: >- DeleteEntityByIdResponse is the response message for the DeleteEntityById method required: - id v1DeleteProfileResponse: type: object v1DeleteProjectResponse: type: object properties: projectId: type: string description: project_id is the id of the project that was deleted. required: - projectId v1DeleteProviderByIDResponse: type: object properties: id: type: string title: id is the id of the provider that was deleted required: - id v1DeleteProviderResponse: type: object properties: name: type: string title: name is the name of the provider that was deleted required: - name v1DeleteRepositoryByIdResponse: type: object properties: repositoryId: type: string required: - repositoryId v1DeleteRepositoryByNameResponse: type: object properties: name: type: string required: - name v1DeleteRuleTypeResponse: type: object description: DeleteRuleTypeResponse is the response to delete a rule type. v1DeleteUserResponse: type: object v1DepsType: type: object properties: repo: $ref: '#/definitions/DepsTypeRepoConfigs' pr: $ref: '#/definitions/DepsTypePullRequestConfigs' description: >- DepsType defines the "deps" ingester which can extract depndencies in protobom format for rule evaluation. v1DiffType: type: object properties: ecosystems: type: array items: type: object $ref: '#/definitions/DiffTypeEcosystem' description: |- ecosystems is the list of ecosystems to be used for the "dep" diff type. type: type: string description: |- type is the type of diff ingestor to use. The default is "dep" which will leverage the ecosystems array. description: DiffType defines the diff data ingester. v1Entity: type: string enum: - ENTITY_UNSPECIFIED - ENTITY_REPOSITORIES - ENTITY_BUILD_ENVIRONMENTS - ENTITY_ARTIFACTS - ENTITY_PULL_REQUESTS - ENTITY_RELEASE - ENTITY_PIPELINE_RUN - ENTITY_TASK_RUN - ENTITY_BUILD default: ENTITY_UNSPECIFIED description: Entity defines the entity that is supported by the provider. v1EntityInstance: type: object properties: id: type: string description: id is the unique identifier of the entity. context: $ref: '#/definitions/v1ContextV2' description: context is the context in which the entity is evaluated. name: type: string description: name is the name of the entity. type: $ref: '#/definitions/v1Entity' description: |- type is the type of the entity. DISCUSSION: If we're aiming for a BYO entity type, we should probably have this be a string, and have the user provide the type. properties: type: object description: properties is a map of properties of the entity. title: used for parsing resources in ruletypes v1EntityTypedId: type: object properties: type: $ref: '#/definitions/v1Entity' description: >- On input, at least one of id and name must be set. If both are set, they must both match. On output, both id and name will be set. title: entity is the entity to get status for. Incompatible with `all` id: type: string title: id is the ID of the entity to get status for. Incompatible with `all` name: type: string description: >- name is the name of the entity. This name is unique within a given project, type, and provider, but may not be globally unique. description: >- EntityTypedId is a message that carries an ID together with a type to uniquely identify an entity such as (repo, 1), (artifact, 2), ... required: - type v1EvalResultAlert: type: object properties: status: type: string title: status is the status of the alert lastUpdated: type: string format: date-time title: last_updated is the last time the alert was performed or attempted details: type: string title: details is the description of the alert attempt if any url: type: string title: url is the URL to the alert title: EvalResultAlert holds the alert details for a given rule evaluation v1EvaluationHistory: type: object properties: entity: $ref: '#/definitions/v1EvaluationHistoryEntity' description: entity contains details of the entity which was evaluated. rule: $ref: '#/definitions/v1EvaluationHistoryRule' description: >- rule contains details of the rule which the entity was evaluated against. status: $ref: '#/definitions/v1EvaluationHistoryStatus' description: status contains the evaluation status. alert: $ref: '#/definitions/v1EvaluationHistoryAlert' description: |- alert contains details of the alerts for this evaluation. This is optional. remediation: $ref: '#/definitions/v1EvaluationHistoryRemediation' description: |- remediation contains details of the remediation for this evaluation. This is optional. evaluatedAt: type: string format: date-time title: created_at is the timestamp of creation of this evaluation id: type: string description: id is the unique identifier of the evaluation. description: |- EvaluationHistory represents the history of an entity evaluation. This is only used in responses. required: - entity - rule - status - evaluatedAt - id v1EvaluationHistoryAlert: type: object properties: status: type: string description: |- status is one of (on, off, error, skipped, not available) not using enums to mirror the behaviour of the existing API contracts. details: type: string description: >- details contains optional details about the alert. the structure and contents are alert specific, and are subject to change. required: - status v1EvaluationHistoryEntity: type: object properties: id: type: string description: id is the unique identifier of the entity. type: $ref: '#/definitions/v1Entity' description: type is the entity type. name: type: string description: name is the entity name. required: - id - type - name v1EvaluationHistoryRemediation: type: object properties: status: type: string description: |- status is one of (success, error, failure, skipped, not available) not using enums to mirror the behaviour of the existing API contracts. details: type: string description: >- details contains optional details about the remediation. the structure and contents are remediation specific, and are subject to change. required: - status v1EvaluationHistoryRule: type: object properties: name: type: string description: name is the name of the rule instance. ruleType: type: string description: type is the name of the rule type. profile: type: string description: profile is the name of the profile which contains the rule. severity: $ref: '#/definitions/v1Severity' description: severity is the severity of the rule type. required: - name - ruleType - profile - severity v1EvaluationHistoryStatus: type: object properties: status: type: string description: |- status is one of (success, error, failure, skipped) not using enums to mirror the behaviour of the existing API contracts. details: type: string description: >- details contains optional details about the evaluation. the structure and contents are rule type specific, and are subject to change. output: description: |- output optionally contains the structured rule evaluation output. Because output may be multiple KB, it is only returned if include_outputs is set. Historical evaluations may discard structured output sooner than status results. required: - status - details v1GetArtifactByIdResponse: type: object properties: artifact: $ref: '#/definitions/v1Artifact' versions: type: array items: type: object $ref: '#/definitions/v1ArtifactVersion' description: This is optional and currently always nil. required: - artifact v1GetArtifactByNameResponse: type: object properties: artifact: $ref: '#/definitions/v1Artifact' versions: type: array items: type: object $ref: '#/definitions/v1ArtifactVersion' description: This is optional and currently always nil. required: - artifact v1GetAuthorizationURLResponse: type: object properties: url: type: string state: type: string required: - url - state v1GetDataSourceByIdResponse: type: object properties: dataSource: $ref: '#/definitions/v1DataSource' v1GetDataSourceByNameResponse: type: object properties: dataSource: $ref: '#/definitions/v1DataSource' v1GetEntityByIdResponse: type: object properties: entity: $ref: '#/definitions/v1EntityInstance' title: entity is the entity that was retrieved title: GetEntityByIdResponse is the response message for the GetEntityById method required: - entity v1GetEntityByNameResponse: type: object properties: entity: $ref: '#/definitions/v1EntityInstance' title: entity is the entity that was retrieved title: >- GetEntityByNameResponse is the response message for the GetEntityByName method required: - entity v1GetEvaluationHistoryResponse: type: object properties: evaluation: $ref: '#/definitions/v1EvaluationHistory' title: The requested record description: |- GetEvaluationHistoryResponse represents a response message for the GetEvaluationHistory RPC. required: - evaluation v1GetInviteDetailsResponse: type: object properties: projectDisplay: type: string title: Project associated with the invite sponsorDisplay: type: string title: Sponsor of the invite expiresAt: type: string format: date-time description: expires_at is the time at which the invitation expires. expired: type: boolean title: expired is true if the invitation has expired required: - projectDisplay - sponsorDisplay - expiresAt - expired v1GetProfileByIdResponse: type: object properties: profile: $ref: '#/definitions/v1Profile' required: - profile v1GetProfileByNameResponse: type: object properties: profile: $ref: '#/definitions/v1Profile' required: - profile v1GetProfileStatusByIdResponse: type: object properties: profileStatus: $ref: '#/definitions/v1ProfileStatus' title: profile_status is the status of the profile ruleEvaluationStatus: type: array items: type: object $ref: '#/definitions/v1RuleEvaluationStatus' title: rule_evaluation_status is the status of the rules required: - profileStatus v1GetProfileStatusByNameResponse: type: object properties: profileStatus: $ref: '#/definitions/v1ProfileStatus' title: profile_status is the status of the profile ruleEvaluationStatus: type: array items: type: object $ref: '#/definitions/v1RuleEvaluationStatus' title: rule_evaluation_status is the status of the rules required: - profileStatus v1GetProfileStatusByProjectResponse: type: object properties: profileStatus: type: array items: type: object $ref: '#/definitions/v1ProfileStatus' title: profile_status is the status of the profile required: - profileStatus v1GetProviderResponse: type: object properties: provider: $ref: '#/definitions/v1Provider' description: provider is the provider that was retrieved. required: - provider v1GetRepositoryByIdResponse: type: object properties: repository: $ref: '#/definitions/v1Repository' required: - repository v1GetRepositoryByNameResponse: type: object properties: repository: $ref: '#/definitions/v1Repository' required: - repository v1GetRuleTypeByIdResponse: type: object properties: ruleType: $ref: '#/definitions/v1RuleType' description: rule_type is the rule type. description: GetRuleTypeByIdResponse is the response to get a rule type by id. required: - ruleType v1GetRuleTypeByNameResponse: type: object properties: ruleType: $ref: '#/definitions/v1RuleType' description: rule_type is the rule type. description: GetRuleTypeByNameResponse is the response to get a rule type by name. required: - ruleType v1GetUserResponse: type: object properties: user: $ref: '#/definitions/v1UserRecord' projects: type: array items: type: object $ref: '#/definitions/v1Project' title: This will be deprecated in favor of the project_roles field projectRoles: type: array items: type: object $ref: '#/definitions/v1ProjectRole' required: - user - projectRoles v1GitHubAppParams: type: object properties: installationId: type: string format: int64 description: |- The GitHub installation ID for the app. On create, this is the only parameter used; the organization parameters are ignored. organization: type: string description: >- The GitHub organization slug where the app is installed. This is an output-only parameter, and is validated on input if set (i.e. the value must be either empty or match the org of the installation_id). organizationId: type: string format: int64 description: >- The GitHub organization ID where the app is installed. This is an output-only parameter, and is validated on input if set (i.e. the value must be either empty or match the org of the installation_id). description: GitHubAppParams is the parameters for a GitHub App provider. v1GitType: type: object properties: cloneUrl: type: string description: clone_url is the url of the git repository. branch: type: string description: branch is the branch of the git repository. description: GitType defines the git data ingester. v1Invitation: type: object properties: role: type: string description: |- role is the role that would be assigned if the user accepts the invitation. email: type: string description: |- email is the email address of the invited user. This is presented as a convenience for display purposes, and does not affect who can accept the invitation using the code. project: type: string description: project is the project to which the user is invited. code: type: string description: |- code is a unique identifier for the invitation, which can be used by the recipient to accept or reject the invitation. The code is only transmitted in response to AssignRole or ListInvitations RPCs, and not transmitted in ListRoleAssignments or other calls. createdAt: type: string format: date-time description: created_at is the time at which the invitation was created. expiresAt: type: string format: date-time description: expires_at is the time at which the invitation expires. expired: type: boolean description: expired is true if the invitation has expired. sponsor: type: string description: sponsor is the account (ID) of the user who created the invitation. sponsorDisplay: type: string description: |- sponsor_display is the display name of the user who created the invitation. projectDisplay: type: string description: |- project_display is the display name of the project to which the user is invited. inviteUrl: type: string description: inviteURL is the URL that can be used to accept the invitation. emailSkipped: type: boolean description: emailSkipped is true if the email was not sent to the invitee. description: >- Invitation is an invitation to join a project. This is only used in responses. required: - role - project v1ListArtifactsResponse: type: object properties: results: type: array items: type: object $ref: '#/definitions/v1Artifact' required: - results v1ListChildProjectsResponse: type: object properties: projects: type: array items: type: object $ref: '#/definitions/v1Project' required: - projects v1ListDataSourcesResponse: type: object properties: dataSources: type: array items: type: object $ref: '#/definitions/v1DataSource' v1ListEntitiesResponse: type: object properties: results: type: array items: type: object $ref: '#/definitions/v1EntityInstance' title: results is the list of entities page: $ref: '#/definitions/v1CursorPage' title: page is the pagination information title: ListEntitiesResponse is the response message for the ListEntities method required: - results v1ListEvaluationHistoryResponse: type: object properties: data: type: array items: type: object $ref: '#/definitions/v1EvaluationHistory' description: List of records retrieved. page: $ref: '#/definitions/v1CursorPage' description: |- Metadata of the current page and pointers to next and/or previous pages. description: |- ListEvaluationHistoryResponse represents a response message for the ListEvaluationHistory RPC. It ships a collection of records retrieved and pointers to get to the next and/or previous pages of data. required: - data v1ListEvaluationResultsResponse: type: object properties: entities: type: array items: type: object $ref: '#/definitions/ListEvaluationResultsResponseEntityEvaluationResults' description: >- Each entity selected by the list request will have _single_ entry in entities which contains results of all evaluations for each profile. required: - entities v1ListInvitationsResponse: type: object properties: invitations: type: array items: type: object $ref: '#/definitions/v1Invitation' required: - invitations v1ListProfilesResponse: type: object properties: profiles: type: array items: type: object $ref: '#/definitions/v1Profile' required: - profiles v1ListProjectsResponse: type: object properties: projects: type: array items: type: object $ref: '#/definitions/v1Project' required: - projects v1ListProviderClassesResponse: type: object properties: providerClasses: type: array items: type: string description: |- provider_classes is the legacy list of provider class names. Deprecated: use provider_class_infos for rich metadata. providerClassInfos: type: array items: type: object $ref: '#/definitions/v1ProviderClassInfo' description: provider_class_infos is the rich metadata for each provider class. required: - providerClasses - providerClassInfos v1ListProvidersResponse: type: object properties: providers: type: array items: type: object $ref: '#/definitions/v1Provider' cursor: type: string title: >- cursor is the cursor to use for the next page of results, empty if at the end required: - providers v1ListRemoteRepositoriesFromProviderResponse: type: object properties: results: type: array items: type: object $ref: '#/definitions/v1UpstreamRepositoryRef' entities: type: array items: type: object $ref: '#/definitions/v1RegistrableUpstreamEntityRef' description: |- entities is the same list as the repositories, but it uses the new UpstreamEntityRef message. This is what we'll migrate to eventually. required: - results - entities v1ListRepositoriesResponse: type: object properties: results: type: array items: type: object $ref: '#/definitions/v1Repository' cursor: type: string title: >- cursor is the cursor to use for the next page of results, empty if at the end required: - results v1ListRoleAssignmentsResponse: type: object properties: roleAssignments: type: array items: type: object $ref: '#/definitions/v1RoleAssignment' description: |- role_assignments contains permission grants which have been accepted by a user. invitations: type: array items: type: object $ref: '#/definitions/v1Invitation' description: |- invitations contains outstanding role invitations which have not yet been accepted by a user. required: - roleAssignments - invitations v1ListRolesResponse: type: object properties: roles: type: array items: type: object $ref: '#/definitions/v1Role' required: - roles v1ListRuleTypesResponse: type: object properties: ruleTypes: type: array items: type: object $ref: '#/definitions/v1RuleType' description: rule_types is the list of rule types. description: ListRuleTypesResponse is the response to list rule types. required: - ruleTypes v1PatchProfileResponse: type: object properties: profile: $ref: '#/definitions/v1Profile' required: - profile v1PatchProjectResponse: type: object properties: project: $ref: '#/definitions/v1Project' description: project is the project that was updated. required: - project v1PatchProviderResponse: type: object properties: provider: $ref: '#/definitions/v1Provider' required: - provider v1Profile: type: object properties: context: $ref: '#/definitions/v1Context' description: context is the context in which the profile is evaluated. id: type: string description: |- id is the id of the profile. This is optional and is set by the system. name: type: string description: name is the name of the profile instance. labels: type: array items: type: string description: >- labels are a set of system-provided attributes which can be used to filter profiles and status results. Labels cannot be set by the user, but are returned in ListProfiles. Labels use DNS label constraints, with a possible namespace prefix separated by a colon (:). They are intended to allow filtering, but not to store arbitrary metadata. DNS labels are 1-63 character alphanumeric strings with internal hyphens. An RE2-style validation regex would be: DNS_STR = "[a-zA-Z0-9](?[-a-zA-Z0-9]{0,61}[a-zA-Z0-9])?" ($DNS_STR:)?$DNS_STR repository: type: array items: type: object $ref: '#/definitions/ProfileRule' description: These are the entities that one could set in the profile. buildEnvironment: type: array items: type: object $ref: '#/definitions/ProfileRule' artifact: type: array items: type: object $ref: '#/definitions/ProfileRule' pullRequest: type: array items: type: object $ref: '#/definitions/ProfileRule' release: type: array items: type: object $ref: '#/definitions/ProfileRule' pipelineRun: type: array items: type: object $ref: '#/definitions/ProfileRule' taskRun: type: array items: type: object $ref: '#/definitions/ProfileRule' build: type: array items: type: object $ref: '#/definitions/ProfileRule' selection: type: array items: type: object $ref: '#/definitions/ProfileSelector' remediate: type: string title: |- whether and how to remediate (on,off,dry_run) this is optional and defaults to "off" alert: type: string title: |- whether and how to alert (on,off,dry_run) this is optional and defaults to "on" type: type: string description: >- type is a placeholder for the object type. It should always be set to "profile". version: type: string title: version is the version of the profile type. In this case, it is "v1" displayName: type: string description: display_name is the display name of the profile. description: |- Profile defines a profile that is user defined. All fields are optional because we want to allow partial updates. v1ProfileStatus: type: object properties: profileId: type: string description: >- profile_id is the id of the profile. One of profile_id or profile_name must be set. profileName: type: string description: >- profile_name is the name of the profile. One of profile_id or profile_name must be set. profileStatus: type: string title: profile_status is the status of the profile lastUpdated: type: string format: date-time title: last_updated is the last time the profile was updated profileDisplayName: type: string title: profile_display_name is the display name of the profile title: get the overall profile status as output required: - profileStatus v1Project: type: object properties: projectId: type: string name: type: string description: type: string description: |- description is a human-readable description of the project. This is optional. createdAt: type: string format: date-time updatedAt: type: string format: date-time displayName: type: string description: |- display_name allows for a human-readable name to be used. display_names are short *non-unique* strings to provide a user-friendly name for presentation in lists, etc. This is optional. description: Project API Objects. This is only used in responses. required: - projectId - name - createdAt - updatedAt v1ProjectPatch: type: object properties: displayName: type: string description: display_name is the display name of the project to update. description: type: string description: description is the description of the project to update. v1ProjectRole: type: object properties: role: $ref: '#/definitions/v1Role' project: $ref: '#/definitions/v1Project' title: >- ProjectRole has the project along with the role the user has in the project required: - role - project v1Provider: type: object properties: name: type: string description: name is the name of the provider. class: type: string description: >- class is the name of the provider implementation, eg. 'github' or 'gh-app'. project: type: string description: >- project is the project where the provider is. This is ignored on input in favor of the context field in CreateProviderRequest. version: type: string description: |- version is the version of the provider. if unset, "v1" is assumed. implements: type: array items: $ref: '#/definitions/v1ProviderType' description: implements is the list of interfaces that the provider implements. config: type: object description: config is the configuration of the provider. authFlows: type: array items: $ref: '#/definitions/v1AuthorizationFlow' description: >- auth_flows is the list of authorization flows that the provider supports. parameters: $ref: '#/definitions/v1ProviderParameter' description: parameters is the list of parameters that the provider requires. credentialsState: type: string description: >- credentials_state is the state of the credentials for the provider. This is an output-only field. It may be: "set", "unset", "not_applicable". id: type: string description: id is the unique identifier of the provider. description: >- Provider represents a provider that is used to interact with external systems. All fields are optional because we want to allow partial updates. v1ProviderClassInfo: type: object properties: class: type: string description: class is the provider class identifier. displayName: type: string description: display_name is a human-friendly provider class name. description: type: string description: description is a short plaintext summary of the provider class. supportedProviderTypes: type: array items: $ref: '#/definitions/v1ProviderType' description: >- supported_provider_types is the list of provider traits/interfaces supported by this class. supportedAuthFlows: type: array items: $ref: '#/definitions/v1AuthorizationFlow' description: supported_auth_flows is the list of supported authorization flows. supportedEntities: type: array items: $ref: '#/definitions/v1Entity' description: >- supported_entities is the list of entity types supported by this provider class. documentationUrl: type: string description: >- documentation_url points to provider-specific or generic documentation. required: - class - displayName - supportedProviderTypes - supportedAuthFlows v1ProviderParameter: type: object properties: githubApp: $ref: '#/definitions/v1GitHubAppParams' v1ProviderType: type: string enum: - PROVIDER_TYPE_UNSPECIFIED - PROVIDER_TYPE_GITHUB - PROVIDER_TYPE_REST - PROVIDER_TYPE_GIT - PROVIDER_TYPE_OCI - PROVIDER_TYPE_REPO_LISTER - PROVIDER_TYPE_IMAGE_LISTER default: PROVIDER_TYPE_UNSPECIFIED description: ProviderTrait is the type of the provider. v1ReconcileEntityRegistrationRequest: type: object properties: context: $ref: '#/definitions/v1Context' entity: type: string title: entity is the entity type required: - entity v1ReconcileEntityRegistrationResponse: type: object v1RegisterEntityRequest: type: object properties: context: $ref: '#/definitions/v1ContextV2' title: context is the context in which the entity is created entityType: $ref: '#/definitions/v1Entity' title: entity_type is the type of entity to create identifyingProperties: type: object additionalProperties: {} description: >- identifying_properties uniquely identifies the entity in the provider. For example, for a GitHub repository use github/repo_owner and github/repo_name, or use upstream_id to identify by provider's internal ID. Each key maps to a value that can be a string, number, boolean, or nested structure. title: RegisterEntityRequest is the request message for the RegisterEntity method required: - entityType - identifyingProperties v1RegisterEntityResponse: type: object properties: entity: $ref: '#/definitions/v1EntityInstance' title: entity is the entity that was created title: >- RegisterEntityResponse is the response message for the RegisterEntity method required: - entity v1RegisterRepoResult: type: object properties: repository: $ref: '#/definitions/v1Repository' status: $ref: '#/definitions/v1RegisterRepoResultStatus' required: - status v1RegisterRepoResultStatus: type: object properties: success: type: boolean error: type: string v1RegisterRepositoryRequest: type: object properties: provider: type: string repository: $ref: '#/definitions/v1UpstreamRepositoryRef' description: |- repository is the repository to register. This is optional if entity is set. context: $ref: '#/definitions/v1Context' entity: $ref: '#/definitions/v1UpstreamEntityRef' description: |- entity is the entity to register. This is the same as the repository field, but uses the new UpstreamEntityRef message. This is what we'll migrate to eventually. This is optional if repository is set. v1RegisterRepositoryResponse: type: object properties: result: $ref: '#/definitions/v1RegisterRepoResult' required: - result v1RegistrableUpstreamEntityRef: type: object properties: entity: $ref: '#/definitions/v1UpstreamEntityRef' registered: type: boolean description: True if the entity is already registered in Minder. required: - entity v1RemoveRoleResponse: type: object properties: roleAssignment: $ref: '#/definitions/v1RoleAssignment' description: role_assignment is the role assignment that was removed. invitation: $ref: '#/definitions/v1Invitation' description: invitation contains the details of the invitation that was removed. v1Repository: type: object properties: id: type: string description: |- id is the unique identifier of the repository within Minder. It is always populated, but the optional keyword is used for backwards compatibility. context: $ref: '#/definitions/v1Context' owner: type: string name: type: string repoId: type: string format: int64 hookId: type: string format: int64 hookUrl: type: string deployUrl: type: string cloneUrl: type: string hookName: type: string hookType: type: string hookUuid: type: string isPrivate: type: boolean isFork: type: boolean createdAt: type: string format: date-time updatedAt: type: string format: date-time defaultBranch: type: string license: type: string properties: type: object description: properties is a map of properties of the entity. description: Repository API objects. This is only used in responses. required: - id - owner - name - isPrivate - isFork v1ResolveInvitationResponse: type: object properties: role: type: string description: |- role is the role that would be assigned if the user accepts the invitation. email: type: string description: email is the email address of the invited user. project: type: string description: project is the project to which the user is invited. isAccepted: type: boolean description: is_accepted is the status of the invitation. projectDisplay: type: string description: |- project_display is the display name of the project to which the user is invited. required: - role - project - isAccepted v1RestDataSource: type: object properties: def: type: object additionalProperties: $ref: '#/definitions/v1RestDataSourceDef' description: defs is the list of definitions for the REST API. providerAuth: type: boolean description: |- provider_auth enables provider authentication for this data source. When enabled, the data source will use the provider's authentication credentials to make requests. description: RestDataSource is the REST data source driver. v1RestDataSourceDef: type: object properties: endpoint: type: string description: |- endpoint is the URL of the REST API. Note that endpoints are templates that can be parameterized with variables. Parametrization is done using RFC 6570. method: type: string description: |- method is the HTTP method to use for the request. If left unset, it will default to "GET". headers: type: object additionalProperties: type: string description: headers is a map of headers to send with the request. bodyobj: type: object description: body is the body of the request. bodystr: type: string description: bodystr is the body of the request as a string. bodyFromField: type: string description: |- body_from_field is the field in the input to use as the body. If the value is an string, it will be used as the body, as is. If the value is an object, it will be serialized as JSON. If the value is not found in the input, the request will fail. parse: type: string description: |- parse is the parse configuration for the response. This allows us to serialize the response into a structured format, or not. If left unset, the response will be treated as a string. If set to "json", the response will be parsed as JSON. fallback: type: array items: type: object $ref: '#/definitions/RestDataSourceDefFallback' description: |- fallback is the fallback configuration for the response in case of an unexpected status code. expectedStatus: type: array items: type: integer format: int32 description: |- expected_status is the expected status code for the response. This may be repeated to allow for multiple expected status codes. If left unset, it will default to 200. inputSchema: type: object description: input_schema is the schema for the input to the REST API. required: - endpoint v1RestType: type: object properties: endpoint: type: string description: |- endpoint is the endpoint to fetch data from. This can be a URL or path on the API. This is a required field and must be set. This is also evaluated via a template which allows us dynamically fill in the values. method: type: string description: |- method is the method to use to fetch data. Go templates may be used to vary the method using the same parameters as the endpoint. headers: type: array items: type: string description: headers are the headers to be sent to the endpoint. body: type: string description: |- body is the body to be sent to the endpoint, which must be valid JSON Go templates may be used to vary the method using the same parameters as the endpoint. parse: type: string description: parse is the parsing mechanism to be used to parse the data. fallback: type: array items: type: object $ref: '#/definitions/v1RestTypeFallback' description: |- fallback provides a body that the ingester would return in case the REST call returns a non-200 status code. description: |- RestType defines the rest data evaluation. This is used to fetch data from a REST endpoint. required: - endpoint v1RestTypeFallback: type: object properties: httpCode: type: integer format: int32 body: type: string description: This is expected to be a valid JSON string. v1Role: type: object properties: name: type: string description: name is the name of the role. displayName: type: string title: display name of the role description: type: string description: description is the description of the role. required: - name - displayName - description v1RoleAssignment: type: object properties: role: type: string description: role is the role that is assigned. subject: type: string description: |- subject is the subject to which the role is assigned. Can be either a UUID or a providername/subject string. displayName: type: string description: display_name is the display name of the subject. project: type: string description: project is the project in which the role is assigned. email: type: string description: email is the email address of the subject used for invitations. firstName: type: string description: first_name is the first name of the subject. lastName: type: string description: last_name is the last name of the subject. required: - role v1RuleEvaluationStatus: type: object properties: profileId: type: string title: profile_id is the id of the profile ruleId: type: string title: rule_id is the id of the rule ruleName: type: string title: >- rule_name is the type of the rule. Deprecated in favor of rule_type_name entity: type: string title: entity is the entity that was evaluated status: type: string title: status is the status of the evaluation lastUpdated: type: string format: date-time title: last_updated is the last time the profile was updated entityInfo: type: object additionalProperties: type: string title: entity_info is the information about the entity details: type: string title: details is the description of the evaluation if any guidance: type: string title: guidance is the guidance for the evaluation if any remediationStatus: type: string title: remediation_status is the status of the remediation remediationLastUpdated: type: string format: date-time title: >- remediation_last_updated is the last time the remediation was performed or attempted remediationDetails: type: string title: >- remediation_details is the description of the remediation attempt if any ruleTypeName: type: string title: rule_type_name is the name of the rule ruleDescriptionName: type: string title: rule_description_name is the name to describe the rule alert: $ref: '#/definitions/v1EvalResultAlert' title: >- alert holds the alert details if the rule generated an alert in an external system severity: $ref: '#/definitions/v1Severity' description: severity is the severity of the rule. This may be empty. ruleEvaluationId: type: string title: rule_evaluation_id is the id of the rule evaluation remediationUrl: type: string title: >- remediation_url is a url to get more data about a remediation, for PRs is the link to the PR ruleDisplayName: type: string title: rule_display_name captures the display name of the rule releasePhase: $ref: '#/definitions/v1RuleTypeReleasePhase' title: release_phase is the phase of the release output: description: |- output optionally contains the structured rule evaluation output. Because output may be multiple KB, it is only returned if include_outputs is set. Historical evaluations may discard structured output sooner than status results. title: get the status of the rules for a given profile required: - ruleId - entity - status - ruleTypeName - releasePhase v1RuleType: type: object properties: version: type: string description: version is the version of the rule type API. type: type: string description: type is the type of the rule. id: type: string description: |- id is the id of the rule type. This is mostly optional and is set by the server. name: type: string description: name is the name of the rule type. displayName: type: string description: display_name is the display name of the rule type. shortFailureMessage: type: string description: >- short_failure_message is the message to display when the evaluation fails. context: $ref: '#/definitions/v1Context' description: context is the context in which the rule is evaluated. def: $ref: '#/definitions/RuleTypeDefinition' description: def is the definition of the rule type. description: type: string description: |- description is the description of the rule type. This is expected to be a valid markdown formatted string. guidance: type: string description: |- guidance are instructions we give the user in case a rule fails. This is expected to be a valid markdown formatted string. severity: $ref: '#/definitions/v1Severity' description: severity is the severity of the rule type. releasePhase: $ref: '#/definitions/v1RuleTypeReleasePhase' description: >- release_phase is the release phase of the rule type, i.e. alpha, beta, ga, deprecated. description: |- RuleType defines rules that may or may not be user defined. The version is assumed from the folder's version. required: - name - def - description - guidance v1RuleTypeReleasePhase: type: string enum: - RULE_TYPE_RELEASE_PHASE_UNSPECIFIED - RULE_TYPE_RELEASE_PHASE_ALPHA - RULE_TYPE_RELEASE_PHASE_BETA - RULE_TYPE_RELEASE_PHASE_GA - RULE_TYPE_RELEASE_PHASE_DEPRECATED default: RULE_TYPE_RELEASE_PHASE_UNSPECIFIED description: RuleTypeReleasePhase defines the release phase of the rule type. v1Severity: type: object properties: value: $ref: '#/definitions/v1SeverityValue' description: value is the severity value. description: Severity defines the severity of the rule. v1SeverityValue: type: string enum: - VALUE_UNSPECIFIED - VALUE_UNKNOWN - VALUE_INFO - VALUE_LOW - VALUE_MEDIUM - VALUE_HIGH - VALUE_CRITICAL default: VALUE_UNSPECIFIED description: |- Value enumerates the severity values. - VALUE_UNKNOWN: unknown severity means that the severity is unknown or hasn't been set. - VALUE_INFO: info severity means that the severity is informational and does not incur risk. - VALUE_LOW: low severity means that the severity is low and does not incur significant risk. - VALUE_MEDIUM: medium severity means that the severity is medium and may incur some risk. - VALUE_HIGH: high severity means that the severity is high and may incur significant risk. - VALUE_CRITICAL: critical severity means that the severity is critical and requires immediate attention. v1StoreProviderTokenRequest: type: object properties: provider: type: string accessToken: type: string description: access_token is the token to store. owner: type: string description: >- owner is the owner (e.g GitHub org) that the provider is associated with. This is optional, but an empty string is allowed as existing clients may set the field unconditionally. context: $ref: '#/definitions/v1Context' required: - accessToken v1StoreProviderTokenResponse: type: object v1StructDataSource: type: object properties: def: type: object additionalProperties: $ref: '#/definitions/v1StructDataSourceDef' description: defs is the list of definitions for the structured data API. description: StructDataSource is the structured data source driver. v1StructDataSourceDef: type: object properties: path: $ref: '#/definitions/DefPath' description: Path is the path specification for the structured data source. required: - path v1UpdateDataSourceRequest: type: object properties: dataSource: $ref: '#/definitions/v1DataSource' v1UpdateDataSourceResponse: type: object properties: dataSource: $ref: '#/definitions/v1DataSource' v1UpdateProfileRequest: type: object properties: profile: $ref: '#/definitions/v1Profile' required: - profile v1UpdateProfileResponse: type: object properties: profile: $ref: '#/definitions/v1Profile' required: - profile v1UpdateProjectRequest: type: object properties: context: $ref: '#/definitions/v1Context' description: context is the context in which the project is updated. displayName: type: string description: |- display_name is the display name of the project to update. This is optional. description: type: string description: |- description is the description of the project to update. This is optional. v1UpdateProjectResponse: type: object properties: project: $ref: '#/definitions/v1Project' description: project is the project that was updated. required: - project v1UpdateRoleRequest: type: object properties: context: $ref: '#/definitions/v1Context' description: context is the context in which the role assignment is evaluated. subject: type: string title: |- subject is the account to change permissions for. The account must already have permissions on the project roles: type: array items: type: string description: >- All subject roles are _replaced_ with the following role assignments. Must be non-empty, use RemoveRole to remove permissions entirely from the project. email: type: string title: >- email is the email address of the subject used for updating invitations required: - roles v1UpdateRoleResponse: type: object properties: roleAssignments: type: array items: type: object $ref: '#/definitions/v1RoleAssignment' description: role_assignments are the role assignments that were updated. invitations: type: array items: type: object $ref: '#/definitions/v1Invitation' description: invitations contains the details of the invitations that were updated. v1UpdateRuleTypeRequest: type: object properties: ruleType: $ref: '#/definitions/v1RuleType' description: rule_type is the rule type to be updated. description: UpdateRuleTypeRequest is the request to update a rule type. required: - ruleType v1UpdateRuleTypeResponse: type: object properties: ruleType: $ref: '#/definitions/v1RuleType' description: rule_type is the rule type that was updated. description: UpdateRuleTypeResponse is the response to update a rule type. required: - ruleType v1UpstreamEntityRef: type: object properties: context: $ref: '#/definitions/v1ContextV2' title: |- context is the context in which the entity is evaluated. Note that the context is included here since users of this message may return upstream references from multiple providers type: $ref: '#/definitions/v1Entity' description: type is the type of the entity. properties: type: object description: |- properties is a map of properties of the entity. This will be used to identify the entity in the upstream system and will be a subset of the properties of the entity that will be stored in Minder. description: |- UpstreamEntityRef providers enough information for the provider to identify the entity in the upstream system. v1UpstreamRepositoryRef: type: object properties: owner: type: string description: >- owner is the owner (e.g GitHub org) that the provider is associated with. This is optional. name: type: string repoId: type: string format: int64 description: |- The upstream identity of the repository, as an integer. This is only set on output, and is ignored on input. context: $ref: '#/definitions/v1Context' registered: type: boolean description: |- True if the repository is already registered in Minder. This is only set on output, and is ignored on input. required: - name v1UserRecord: type: object properties: id: type: integer format: int32 identitySubject: type: string createdAt: type: string format: date-time updatedAt: type: string format: date-time title: user record to be returned required: - id - identitySubject - createdAt - updatedAt v1VerifyProviderCredentialResponse: type: object properties: created: type: boolean description: created is true if the provider was created. providerName: type: string description: |- provider_name is the name of the provider that was created. This is populated if creation was successful. title: >- VerifyProviderCredentialRequest responds with a boolean indicating if the provider has been created and the provider name, if it has been created required: - created v1VerifyProviderTokenFromResponse: type: object properties: status: type: string required: - status