Policies

Create

client.policies.create(, ?):

post/api/v1/policies

Get

client.policies.retrieve(, ?):

get/api/v1/policies/{id}

Update

client.policies.update(, ?, ?):

post/api/v1/policies/{id}

List

client.policies.list(?, ?):

get/api/v1/policies

Delete

client.policies.delete(, ?, ?): PolicyDeleteResponse

delete/api/v1/policies/{id}

Test

client.policies.testAccountProvision(?, ?):

post/api/v1/policies/test-account-provision-policy

List Policy Response

ListPolicyResponse

The ListPolicyResponse message.

ShowShow

listunion

optional

Array<> | null

The list of results containing up to X results, where X is the page size defined in the request

Hide ParametersShow Parameters

idstring

optional

The ID of the Policy.

createdAtstring

optional

formatdate-time

deletedAtstring

optional

formatdate-time

descriptionstring

optional

The description of the Policy.

displayNamestring

optional

The display name of the Policy.

policyStepsRecord<string, PolicySteps>

optional

A map of string(policy type) to steps in a policy. This structure is leftover from a previous design, and should only ever have one key->value set.

Hide ParametersShow Parameters

stepsunion

optional

Array<> | null

An array of policy steps indicating the processing flow of a policy. These steps are oneOfs, and only one property may be set for each array index at a time.

Hide ParametersShow Parameters

acceptunion

optional

| null

This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

approvalunion

optional

| null

The Approval message.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

users
manager
appOwners
group
self
entitlementOwners
expression
webhook
resourceOwners
agent

provisionunion

optional

| null

The provision step references a provision policy for this step.

rejectunion

optional

| null

This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

waitunion

optional

| null

Define a Wait step for a policy to wait on a condition to be met.

This message contains a oneof named until. Only a single field of the following list may be set at a time:

condition

policyTypeunion

optional

"POLICY_TYPE_UNSPECIFIED" | "POLICY_TYPE_GRANT" | "POLICY_TYPE_REVOKE" | 3 more

Indicates the type of this policy. Can also be used to get the value from policySteps.

Hide ParametersShow Parameters

"POLICY_TYPE_UNSPECIFIED"

"POLICY_TYPE_GRANT"

"POLICY_TYPE_REVOKE"

"POLICY_TYPE_CERTIFY"

"POLICY_TYPE_ACCESS_REQUEST"

"POLICY_TYPE_PROVISION"

postActionsunion

optional

Array<> | null

An array of actions (ordered) to take place after a policy completes processing.

Hide ParametersShow Parameters

certifyRemediateImmediatelyunion

optional

boolean | null

ONLY valid when used in a CERTIFY Ticket Type: Causes any deprovision or change in a grant to be applied when Certify Ticket is closed. This field is part of the action oneof. See the documentation for c1.api.policy.v1.PolicyPostActions for more details.

reassignTasksToDelegatesboolean

optional

A policy configuration option that allows for reassinging tasks to delgated users. This level of delegation refers to the individual delegates users set on their account.

rulesunion

optional

Array<> | null

The rules field.

Hide ParametersShow Parameters

conditionstring

optional

The condition field.

policyKeystring

optional

This is a reference to a list of policy steps from policy_steps

systemBuiltinboolean

optional

Whether this policy is a builtin system policy. Builtin system policies cannot be edited.

updatedAtstring

optional

formatdate-time

nextPageTokenstring

optional

The nextPageToken is shown for the next page if the number of results is larger than the max page size. The server returns one page of results and the nextPageToken until all results are retreived. To retrieve the next page, use the same request and append a pageToken field with the value of nextPageToken shown on the previous page.

Policy

A policy describes the behavior of the ConductorOne system when processing a task. You can describe the type, approvers, fallback behavior, and escalation processes.

ShowShow

idstring

optional

The ID of the Policy.

createdAtstring

optional

formatdate-time

deletedAtstring

optional

formatdate-time

descriptionstring

optional

The description of the Policy.

displayNamestring

optional

The display name of the Policy.

policyStepsRecord<string, PolicySteps>

optional

A map of string(policy type) to steps in a policy. This structure is leftover from a previous design, and should only ever have one key->value set.

Hide ParametersShow Parameters

stepsunion

optional

Array<> | null

An array of policy steps indicating the processing flow of a policy. These steps are oneOfs, and only one property may be set for each array index at a time.

Hide ParametersShow Parameters

acceptunion

optional

| null

This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

approvalunion

optional

| null

The Approval message.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

users
manager
appOwners
group
self
entitlementOwners
expression
webhook
resourceOwners
agent

provisionunion

optional

| null

The provision step references a provision policy for this step.

rejectunion

optional

| null

This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

waitunion

optional

| null

Define a Wait step for a policy to wait on a condition to be met.

This message contains a oneof named until. Only a single field of the following list may be set at a time:

condition

policyTypeunion

optional

"POLICY_TYPE_UNSPECIFIED" | "POLICY_TYPE_GRANT" | "POLICY_TYPE_REVOKE" | 3 more

Indicates the type of this policy. Can also be used to get the value from policySteps.

Hide ParametersShow Parameters

"POLICY_TYPE_UNSPECIFIED"

"POLICY_TYPE_GRANT"

"POLICY_TYPE_REVOKE"

"POLICY_TYPE_CERTIFY"

"POLICY_TYPE_ACCESS_REQUEST"

"POLICY_TYPE_PROVISION"

postActionsunion

optional

Array<> | null

An array of actions (ordered) to take place after a policy completes processing.

Hide ParametersShow Parameters

certifyRemediateImmediatelyunion

optional

boolean | null

reassignTasksToDelegatesboolean

optional

A policy configuration option that allows for reassinging tasks to delgated users. This level of delegation refers to the individual delegates users set on their account.

rulesunion

optional

Array<> | null

The rules field.

Hide ParametersShow Parameters

conditionstring

optional

The condition field.

policyKeystring

optional

This is a reference to a list of policy steps from policy_steps

systemBuiltinboolean

optional

Whether this policy is a builtin system policy. Builtin system policies cannot be edited.

updatedAtstring

optional

formatdate-time

Policy Post Actions

PolicyPostActions

These are actions to happen after a policy is complete.

This message contains a oneof named action. Only a single field of the following list may be set at a time:

certifyRemediateImmediately

ShowShow

certifyRemediateImmediatelyunion

optional

boolean | null

Rule

The Rule message.

ShowShow

conditionstring

optional

The condition field.

policyKeystring

optional

This is a reference to a list of policy steps from policy_steps

PoliciesValidate

Validate Cel

client.policies.validate.validateCel(?, ?):

post/api/v1/policies/validate/cel