Policies

Policies

Policies

Create

client.Policies.New(ctx, body) (*PolicyPolicyPolicyNewResponse, error)

post/api/v1/policies

Get

client.Policies.Get(ctx, id) (*PolicyPolicyPolicyGetResponse, error)

get/api/v1/policies/{id}

Update

client.Policies.Update(ctx, id, body) (*PolicyPolicyPolicyUpdateResponse, error)

post/api/v1/policies/{id}

List

client.Policies.List(ctx, query) (*ListarrayNextPageTokenstringListPolicyResponse, error)

get/api/v1/policies

Delete

client.Policies.Delete(ctx, id, body) (*PolicyDeleteResponse, error)

delete/api/v1/policies/{id}

Test

client.Policies.TestAccountProvision(ctx, body) (*TypestringValuestringPolicyTestAccountProvisionResponse, error)

post/api/v1/policies/test-account-provision-policy

List Policy Response

ListPolicyResponsestruct

The ListPolicyResponse message.

ShowShow

Listarray

optional

[]IDstringCreatedAtTimeDeletedAtTimeDescriptionstringDisplayNamestringPolicyStepsmapPolicyTypePolicyPolicyTypePostActionsarrayReassignTasksToDelegatesboolRulesarraySystemBuiltinboolUpdatedAtTimePolicy

The list of results containing up to X results, where X is the page size defined in the request

Hide ParametersShow Parameters

IDstring

optional

The ID of the Policy.

CreatedAtTime

optional

formatdate-time

DeletedAtTime

optional

formatdate-time

Descriptionstring

optional

The description of the Policy.

DisplayNamestring

optional

The display name of the Policy.

PolicyStepsmap

optional

map[string, PolicyPolicyStep]

A map of string(policy type) to steps in a policy. This structure is leftover from a previous design, and should only ever have one key->value set.

Hide ParametersShow Parameters

Stepsarray

optional

[]AcceptC1APIPolicyV1AcceptApprovalApprovalProvisionProvisionRejectC1APIPolicyV1RejectWaitC1APIPolicyV1WaitC1APIPolicyV1PolicyStep

An array of policy steps indicating the processing flow of a policy. These steps are oneOfs, and only one property may be set for each array index at a time.

Hide ParametersShow Parameters

AcceptAcceptMessagestringC1APIPolicyV1Accept

optional

This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

ApprovalAgentApprovalAgentAllowedReassigneesarrayAllowReassignmentboolAppOwnersApprovalAppOwnersAssignedboolEntitlementOwnersApprovalEntitlementOwnersEscalationApprovalEscalationEscalationEnabledboolExpressionApprovalExpressionGroupApprovalGroupManagerApprovalManagerRequireApprovalReasonboolRequireDenialReasonboolRequireReassignmentReasonboolRequiresStepUpProviderIDstringResourceOwnersApprovalResourceOwnersSelfApprovalSelfUsersApprovalUsersWebhookApprovalWebhookApproval

optional

The Approval message.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

• users
• manager
• appOwners
• group
• self
• entitlementOwners
• expression
• webhook
• resourceOwners
• agent

ProvisionAssignedboolProvisionPolicyC1APIPolicyV1ProvisionPolicyProvisionTargetProvisionProvisionTargetProvision

optional

The provision step references a provision policy for this step.

RejectRejectMessagestringC1APIPolicyV1Reject

optional

This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

WaitCommentOnFirstWaitstringCommentOnTimeoutstringConditionC1APIPolicyV1WaitConditionNamestringTimeoutDurationstringC1APIPolicyV1Wait

optional

Define a Wait step for a policy to wait on a condition to be met.

This message contains a oneof named until. Only a single field of the following list may be set at a time:

• condition

PolicyTypePolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

optional

Indicates the type of this policy. Can also be used to get the value from policySteps.

Hide ParametersShow Parameters

PolicyPolicyTypePolicyTypeUnspecifiedconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_UNSPECIFIED"

PolicyPolicyTypePolicyTypeGrantconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_GRANT"

PolicyPolicyTypePolicyTypeRevokeconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_REVOKE"

PolicyPolicyTypePolicyTypeCertifyconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_CERTIFY"

PolicyPolicyTypePolicyTypeAccessRequestconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_ACCESS_REQUEST"

PolicyPolicyTypePolicyTypeProvisionconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_PROVISION"

PostActionsarray

optional

[]CertifyRemediateImmediatelyboolPolicyPostActions

An array of actions (ordered) to take place after a policy completes processing.

Hide ParametersShow Parameters

CertifyRemediateImmediatelybool

optional

ONLY valid when used in a CERTIFY Ticket Type: Causes any deprovision or change in a grant to be applied when Certify Ticket is closed. This field is part of the action oneof. See the documentation for c1.api.policy.v1.PolicyPostActions for more details.

ReassignTasksToDelegatesbool

optional

A policy configuration option that allows for reassinging tasks to delgated users. This level of delegation refers to the individual delegates users set on their account.

Rulesarray

optional

[]ConditionstringPolicyKeystringRule

The rules field.

Hide ParametersShow Parameters

Conditionstring

optional

The condition field.

PolicyKeystring

optional

This is a reference to a list of policy steps from policy_steps

SystemBuiltinbool

optional

Whether this policy is a builtin system policy. Builtin system policies cannot be edited.

UpdatedAtTime

optional

formatdate-time

NextPageTokenstring

optional

The nextPageToken is shown for the next page if the number of results is larger than the max page size. The server returns one page of results and the nextPageToken until all results are retreived. To retrieve the next page, use the same request and append a pageToken field with the value of nextPageToken shown on the previous page.

Policy

Policystruct

A policy describes the behavior of the ConductorOne system when processing a task. You can describe the type, approvers, fallback behavior, and escalation processes.

ShowShow

IDstring

optional

The ID of the Policy.

CreatedAtTime

optional

formatdate-time

DeletedAtTime

optional

formatdate-time

Descriptionstring

optional

The description of the Policy.

DisplayNamestring

optional

The display name of the Policy.

PolicyStepsmap

optional

map[string, PolicyPolicyStep]

A map of string(policy type) to steps in a policy. This structure is leftover from a previous design, and should only ever have one key->value set.

Hide ParametersShow Parameters

Stepsarray

optional

[]AcceptC1APIPolicyV1AcceptApprovalApprovalProvisionProvisionRejectC1APIPolicyV1RejectWaitC1APIPolicyV1WaitC1APIPolicyV1PolicyStep

An array of policy steps indicating the processing flow of a policy. These steps are oneOfs, and only one property may be set for each array index at a time.

Hide ParametersShow Parameters

AcceptAcceptMessagestringC1APIPolicyV1Accept

optional

This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

ApprovalAgentApprovalAgentAllowedReassigneesarrayAllowReassignmentboolAppOwnersApprovalAppOwnersAssignedboolEntitlementOwnersApprovalEntitlementOwnersEscalationApprovalEscalationEscalationEnabledboolExpressionApprovalExpressionGroupApprovalGroupManagerApprovalManagerRequireApprovalReasonboolRequireDenialReasonboolRequireReassignmentReasonboolRequiresStepUpProviderIDstringResourceOwnersApprovalResourceOwnersSelfApprovalSelfUsersApprovalUsersWebhookApprovalWebhookApproval

optional

The Approval message.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

• users
• manager
• appOwners
• group
• self
• entitlementOwners
• expression
• webhook
• resourceOwners
• agent

ProvisionAssignedboolProvisionPolicyC1APIPolicyV1ProvisionPolicyProvisionTargetProvisionProvisionTargetProvision

optional

The provision step references a provision policy for this step.

RejectRejectMessagestringC1APIPolicyV1Reject

optional

This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

WaitCommentOnFirstWaitstringCommentOnTimeoutstringConditionC1APIPolicyV1WaitConditionNamestringTimeoutDurationstringC1APIPolicyV1Wait

optional

Define a Wait step for a policy to wait on a condition to be met.

This message contains a oneof named until. Only a single field of the following list may be set at a time:

• condition

PolicyTypePolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

optional

Indicates the type of this policy. Can also be used to get the value from policySteps.

Hide ParametersShow Parameters

PolicyPolicyTypePolicyTypeUnspecifiedconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_UNSPECIFIED"

PolicyPolicyTypePolicyTypeGrantconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_GRANT"

PolicyPolicyTypePolicyTypeRevokeconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_REVOKE"

PolicyPolicyTypePolicyTypeCertifyconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_CERTIFY"

PolicyPolicyTypePolicyTypeAccessRequestconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_ACCESS_REQUEST"

PolicyPolicyTypePolicyTypeProvisionconst

PolicyPolicyTypePolicyTypeUnspecifiedPolicyPolicyTypePolicyPolicyTypePolicyTypeGrantPolicyPolicyTypePolicyPolicyTypePolicyTypeRevokePolicyPolicyTypePolicyPolicyTypePolicyTypeCertifyPolicyPolicyTypePolicyPolicyTypePolicyTypeAccessRequestPolicyPolicyTypePolicyPolicyTypePolicyTypeProvisionPolicyPolicyTypePolicyPolicyType

"POLICY_TYPE_PROVISION"

PostActionsarray

optional

[]CertifyRemediateImmediatelyboolPolicyPostActions

An array of actions (ordered) to take place after a policy completes processing.

Hide ParametersShow Parameters

CertifyRemediateImmediatelybool

optional

ONLY valid when used in a CERTIFY Ticket Type: Causes any deprovision or change in a grant to be applied when Certify Ticket is closed. This field is part of the action oneof. See the documentation for c1.api.policy.v1.PolicyPostActions for more details.

ReassignTasksToDelegatesbool

optional

A policy configuration option that allows for reassinging tasks to delgated users. This level of delegation refers to the individual delegates users set on their account.

Rulesarray

optional

[]ConditionstringPolicyKeystringRule

The rules field.

Hide ParametersShow Parameters

Conditionstring

optional

The condition field.

PolicyKeystring

optional

This is a reference to a list of policy steps from policy_steps

SystemBuiltinbool

optional

Whether this policy is a builtin system policy. Builtin system policies cannot be edited.

UpdatedAtTime

optional

formatdate-time

Policy Post Actions

PolicyPostActionsstruct

These are actions to happen after a policy is complete.

This message contains a oneof named action. Only a single field of the following list may be set at a time:

• certifyRemediateImmediately

ShowShow

CertifyRemediateImmediatelybool

optional

ONLY valid when used in a CERTIFY Ticket Type: Causes any deprovision or change in a grant to be applied when Certify Ticket is closed. This field is part of the action oneof. See the documentation for c1.api.policy.v1.PolicyPostActions for more details.

Rule

Rulestruct

The Rule message.

ShowShow

Conditionstring

optional

The condition field.

PolicyKeystring

optional

This is a reference to a list of policy steps from policy_steps

PoliciesValidate

Validate Cel

client.Policies.Validate.ValidateCel(ctx, body) (*MarkersarrayPolicyValidateValidateCelResponse, error)

post/api/v1/policies/validate/cel