openapi: 3.0.0 info: title: API Reference version: '1' description: API reference for the StackRox Kubernetes Security Platform (upstream of Red Hat Advanced Cluster Security). Provides risk analysis, visibility, runtime alerts, policy management, compliance checking, and vulnerability management for containerized workloads. Authentication uses API tokens generated via /v1/apitokens/generate and passed as Bearer tokens. contact: email: support@stackrox.com url: https://www.stackrox.io/ license: name: All Rights Reserved url: https://www.stackrox.com/ paths: /v1/alerts: get: summary: List returns the slim list version of the alerts. operationId: ListAlerts responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListAlertsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - AlertService delete: operationId: DeleteAlerts responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1DeleteAlertsResponse' parameters: - name: query.query in: query required: false schema: type: string - name: query.pagination.limit in: query required: false schema: type: integer format: int32 - name: query.pagination.offset in: query required: false schema: type: integer format: int32 - name: query.pagination.sort_option.field in: query required: false schema: type: string - name: query.pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean - name: confirm in: query required: false schema: type: boolean format: boolean tags: - AlertService /v1/alerts/resolve: patch: summary: ResolveAlertsByQuery marks alerts matching search query as resolved. operationId: ResolveAlerts responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1ResolveAlertsRequest' required: true tags: - AlertService /v1/alerts/summary/counts: get: summary: GetAlertsCounts returns the number of alerts in the requested cluster or category. operationId: GetAlertsCounts responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetAlertsCountsResponse' parameters: - name: request.query in: query required: false schema: type: string - name: request.pagination.limit in: query required: false schema: type: integer format: int32 - name: request.pagination.offset in: query required: false schema: type: integer format: int32 - name: request.pagination.sort_option.field in: query required: false schema: type: string - name: request.pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean - name: groupBy in: query required: false schema: type: string enum: - UNSET - CATEGORY - CLUSTER default: UNSET tags: - AlertService /v1/alerts/summary/groups: get: summary: GetAlertsGroup returns alerts grouped by policy. operationId: GetAlertsGroup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetAlertsGroupResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - AlertService /v1/alerts/summary/timeseries: get: summary: GetAlertTimeseries returns the alerts sorted by time. operationId: GetAlertTimeseries responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetAlertTimeseriesResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - AlertService /v1/alerts/{id}: get: summary: GetAlert returns the alert given its id. operationId: GetAlert responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageAlert' parameters: - name: id in: path required: true schema: type: string tags: - AlertService /v1/alerts/{id}/resolve: patch: summary: ResolveAlert marks the given alert (by ID) as resolved. operationId: ResolveAlert responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/v1ResolveAlertRequest' required: true tags: - AlertService /v1/alerts/{id}/snooze: patch: summary: SnoozeAlert is deprecated. operationId: SnoozeAlert responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/v1SnoozeAlertRequest' required: true tags: - AlertService /v1/alertscount: get: summary: CountAlerts counts how many alerts match the get request. operationId: CountAlerts responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1CountAlertsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - AlertService /v1/apitokens: get: summary: GetAPITokens returns all the API tokens. operationId: GetAPITokens responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetAPITokensResponse' parameters: - name: revoked in: query required: false schema: type: boolean format: boolean tags: - APITokenService /v1/apitokens/generate: post: summary: GenerateToken generates API token for a given user and role. operationId: GenerateToken responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GenerateTokenResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1GenerateTokenRequest' required: true tags: - APITokenService /v1/apitokens/revoke/{id}: patch: summary: RevokeToken removes the API token for a given id. operationId: RevokeToken responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - APITokenService /v1/apitokens/{id}: get: summary: GetAPIToken returns API token metadata for a given id. operationId: GetAPIToken responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageTokenMetadata' parameters: - name: id in: path required: true schema: type: string tags: - APITokenService /v1/auth/status: get: operationId: GetAuthStatus responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1AuthStatus' tags: - AuthService /v1/authProviders: get: operationId: GetAuthProviders responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetAuthProvidersResponse' parameters: - name: name in: query required: false schema: type: string - name: type in: query required: false schema: type: string tags: - AuthProviderService post: operationId: PostAuthProvider responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageAuthProvider' requestBody: $ref: '#/components/requestBodies/storageAuthProvider' tags: - AuthProviderService /v1/authProviders/exchangeToken: post: operationId: ExchangeToken responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ExchangeTokenResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1ExchangeTokenRequest' required: true tags: - AuthProviderService /v1/authProviders/{id}: get: operationId: GetAuthProvider responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageAuthProvider' parameters: - name: id in: path required: true schema: type: string tags: - AuthProviderService delete: operationId: DeleteAuthProvider responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - AuthProviderService put: operationId: PutAuthProvider responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageAuthProvider' parameters: - name: id in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageAuthProvider' tags: - AuthProviderService patch: operationId: UpdateAuthProvider responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageAuthProvider' parameters: - name: id in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/v1UpdateAuthProviderRequest' required: true tags: - AuthProviderService /v1/login/authproviders: get: operationId: GetLoginAuthProviders responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetLoginAuthProvidersResponse' tags: - AuthProviderService /v1/externalbackups: get: operationId: GetExternalBackups responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetExternalBackupsResponse' tags: - ExternalBackupService post: operationId: PostExternalBackup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageExternalBackup' requestBody: $ref: '#/components/requestBodies/storageExternalBackup' tags: - ExternalBackupService /v1/externalbackups/test: post: operationId: TestExternalBackup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: $ref: '#/components/requestBodies/storageExternalBackup' tags: - ExternalBackupService /v1/externalbackups/{id}: get: operationId: GetExternalBackup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageExternalBackup' parameters: - name: id in: path required: true schema: type: string tags: - ExternalBackupService delete: operationId: DeleteExternalBackup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - ExternalBackupService post: operationId: TriggerExternalBackup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - ExternalBackupService put: operationId: PutExternalBackup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageExternalBackup' parameters: - name: id in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageExternalBackup' tags: - ExternalBackupService /v1/clusters: get: operationId: GetClusters responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ClustersList' parameters: - name: query in: query required: false schema: type: string tags: - ClustersService post: operationId: PostCluster responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ClusterResponse' requestBody: $ref: '#/components/requestBodies/storageCluster' tags: - ClustersService /v1/clusters/{id}: get: operationId: GetCluster responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ClusterResponse' parameters: - name: id in: path required: true schema: type: string tags: - ClustersService delete: operationId: DeleteCluster responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - ClustersService put: operationId: PutCluster responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ClusterResponse' parameters: - name: id in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageCluster' tags: - ClustersService /v1/complianceManagement/runs: get: operationId: GetRecentRuns responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetRecentComplianceRunsResponse' parameters: - name: clusterId in: query required: false schema: type: string - name: standardId in: query required: false schema: type: string - name: since in: query required: false schema: type: string format: date-time tags: - ComplianceManagementService /v1/compliancemanagement/runs: post: operationId: TriggerRuns responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1TriggerComplianceRunsResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1TriggerComplianceRunsRequest' required: true tags: - ComplianceManagementService /v1/compliancemanagement/runstatuses: get: operationId: GetRunStatuses responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetComplianceRunStatusesResponse' parameters: - name: runIds in: query required: false explode: true schema: type: array items: type: string tags: - ComplianceManagementService /v1/compliance/aggregatedresults: get: operationId: GetAggregatedResults responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/ComplianceAggregationResponse' parameters: - name: groupBy in: query required: false explode: true schema: type: array items: type: string enum: - UNKNOWN - STANDARD - CLUSTER - CATEGORY - CONTROL - NAMESPACE - NODE - DEPLOYMENT - CHECK - name: unit in: query required: false schema: type: string enum: - UNKNOWN - STANDARD - CLUSTER - CATEGORY - CONTROL - NAMESPACE - NODE - DEPLOYMENT - CHECK default: UNKNOWN - name: where.query in: query required: false schema: type: string - name: where.pagination.limit in: query required: false schema: type: integer format: int32 - name: where.pagination.offset in: query required: false schema: type: integer format: int32 - name: where.pagination.sort_option.field in: query required: false schema: type: string - name: where.pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - ComplianceService /v1/compliance/results: get: operationId: GetComplianceControlResults responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ComplianceControlResultsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - ComplianceService /v1/compliance/runresults: get: operationId: GetRunResults responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetComplianceRunResultsResponse' parameters: - name: clusterId in: query required: false schema: type: string - name: standardId in: query required: false schema: type: string - name: runId description: "Specifies the run ID for which to return results. If empty,\ \ the most recent run is returned.\nCAVEAT: Setting this field circumvents\ \ the results cache on the server-side, which may lead to significantly\n\ \ increased memory pressure and decreased performance." in: query required: false schema: type: string tags: - ComplianceService /v1/compliance/standards: get: operationId: GetStandards responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetComplianceStandardsResponse' tags: - ComplianceService /v1/compliance/standards/{id}: get: operationId: GetStandard responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetComplianceStandardResponse' parameters: - name: id in: path required: true schema: type: string tags: - ComplianceService /v1/config: get: operationId: GetConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageConfig' tags: - ConfigService put: operationId: PutConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageConfig' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1PutConfigRequest' required: true tags: - ConfigService /v1/config/private: get: operationId: GetPrivateConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storagePrivateConfig' tags: - ConfigService /v1/config/public: get: operationId: GetPublicConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storagePublicConfig' tags: - ConfigService /v1/db/exportcaps: get: operationId: GetExportCapabilities responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetDBExportCapabilitiesResponse' tags: - DBService /v1/db/interruptrestore/{processId}/{attemptId}: post: operationId: InterruptRestoreProcess responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1InterruptDBRestoreProcessResponse' parameters: - name: processId in: path required: true schema: type: string - name: attemptId in: path required: true schema: type: string tags: - DBService /v1/db/restore: get: operationId: GetActiveRestoreProcess responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetActiveDBRestoreProcessResponse' tags: - DBService /v1/db/restore/{id}: delete: operationId: CancelRestoreProcess responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - DBService /v1/debug/loglevel: get: summary: Get the current logging level for StackRox services. operationId: GetLogLevel responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1LogLevelResponse' parameters: - name: modules in: query required: false explode: true schema: type: array items: type: string tags: - DebugService patch: summary: Set logging level for StackRox services. operationId: SetLogLevel responses: '200': description: A successful response. content: application/json: schema: properties: {} requestBody: content: application/json: schema: $ref: '#/components/schemas/v1LogLevelRequest' required: true tags: - DebugService /v1/deployments: get: summary: ListDeployments returns the list of deployments. operationId: ListDeployments responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListDeploymentsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - DeploymentService /v1/deployments/metadata/labels: get: summary: GetLabels returns the labels used by deployments. operationId: GetLabels responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1DeploymentLabelsResponse' tags: - DeploymentService /v1/deployments/{id}: get: summary: GetDeployment returns a deployment given its ID. operationId: GetDeployment responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageDeployment' parameters: - name: id in: path required: true schema: type: string tags: - DeploymentService /v1/deploymentscount: get: summary: CountDeployments returns the list of deployments. operationId: CountDeployments responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1CountDeploymentsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - DeploymentService /v1/deploymentswithprocessinfo: get: summary: ListDeploymentsWithProcessInfo returns the list of deployments with process information. operationId: ListDeploymentsWithProcessInfo responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListDeploymentsWithProcessInfoResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - DeploymentService /v1/deploymentswithrisk/{id}: get: summary: GetDeploymentWithRisk returns a deployment and its risk given its ID. operationId: GetDeploymentWithRisk responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetDeploymentWithRiskResponse' parameters: - name: id in: path required: true schema: type: string tags: - DeploymentService /v1/detect/build: post: summary: DetectBuildTime checks if any images violate build time policies. operationId: DetectBuildTime responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1BuildDetectionResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1BuildDetectionRequest' required: true tags: - DetectionService /v1/detect/deploy: post: summary: DetectDeployTime checks if any deployments violate deploy time policies. operationId: DetectDeployTime responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1DeployDetectionResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1DeployDetectionRequest' required: true tags: - DetectionService /v1/detect/deploy/yaml: post: summary: DetectDeployTimeFromYAML checks if the given deployment yaml violates any deploy time policies. operationId: DetectDeployTimeFromYAML responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1DeployDetectionResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1DeployYAMLDetectionRequest' required: true tags: - DetectionService /v1/featureflags: get: operationId: GetFeatureFlags responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetFeatureFlagsResponse' tags: - FeatureFlagService /v1/groups: get: operationId: GetGroup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageGroup' parameters: - name: authProviderId in: query required: false schema: type: string - name: key in: query required: false schema: type: string - name: value in: query required: false schema: type: string tags: - GroupService delete: operationId: DeleteGroup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: authProviderId in: query required: false schema: type: string - name: key in: query required: false schema: type: string - name: value in: query required: false schema: type: string tags: - GroupService post: operationId: CreateGroup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: $ref: '#/components/requestBodies/storageGroup' tags: - GroupService put: operationId: UpdateGroup responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: $ref: '#/components/requestBodies/storageGroup' tags: - GroupService /v1/groupsbatch: post: operationId: BatchUpdate responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1GroupBatchUpdateRequest' required: true tags: - GroupService /v1/imageintegrations: get: summary: GetImageIntegrations returns all image integrations. operationId: GetImageIntegrations responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetImageIntegrationsResponse' parameters: - name: name in: query required: false schema: type: string - name: cluster in: query required: false schema: type: string tags: - ImageIntegrationService post: summary: PostImageIntegration creates a image integraton. operationId: PostImageIntegration responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageImageIntegration' requestBody: $ref: '#/components/requestBodies/storageImageIntegration' tags: - ImageIntegrationService /v1/imageintegrations/test: post: summary: TestImageIntegration checks if the given image integration is correctly configured. operationId: TestImageIntegration responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: $ref: '#/components/requestBodies/storageImageIntegration' tags: - ImageIntegrationService /v1/imageintegrations/{id}: get: summary: GetImageIntegration returns the image integration given its ID. operationId: GetImageIntegration responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageImageIntegration' parameters: - name: id in: path required: true schema: type: string tags: - ImageIntegrationService delete: summary: DeleteImageIntegration removes a image integration given its ID. operationId: DeleteImageIntegration responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - ImageIntegrationService put: summary: PutImageIntegration modifies a given image integration. operationId: PutImageIntegration responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageImageIntegration' tags: - ImageIntegrationService /v1/images: get: summary: ListImages returns all the images. operationId: ListImages responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListImagesResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - ImageService delete: summary: DeleteImage removes the images based on a query operationId: DeleteImages responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1DeleteImagesResponse' parameters: - name: query.query in: query required: false schema: type: string - name: query.pagination.limit in: query required: false schema: type: integer format: int32 - name: query.pagination.offset in: query required: false schema: type: integer format: int32 - name: query.pagination.sort_option.field in: query required: false schema: type: string - name: query.pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean - name: confirm in: query required: false schema: type: boolean format: boolean tags: - ImageService /v1/images/cache/invalidate: get: summary: InvalidateScanAndRegistryCaches removes the image metadata cache. operationId: InvalidateScanAndRegistryCaches responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' tags: - ImageService /v1/images/scan: post: summary: ScanImage scans a single image and returns the result operationId: ScanImage responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageImage' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1ScanImageRequest' required: true tags: - ImageService /v1/images/{id}: get: summary: GetImage returns the image given its ID. operationId: GetImage responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageImage' parameters: - name: id in: path required: true schema: type: string tags: - ImageService /v1/imagescount: get: summary: ListImages returns all the images. operationId: CountImages responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1CountImagesResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - ImageService /v1/licenses/add: post: operationId: AddLicense responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1AddLicenseResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1AddLicenseRequest' required: true tags: - LicenseService /v1/licenses/expiration: get: operationId: GetActiveLicenseExpiration responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetActiveLicenseExpirationResponse' tags: - LicenseService /v1/licenses/list: get: operationId: GetLicenses responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetLicensesResponse' parameters: - name: active in: query required: false schema: type: boolean format: boolean - name: statuses in: query required: false explode: true schema: type: array items: type: string enum: - UNKNOWN - VALID - REVOKED - NOT_YET_VALID - EXPIRED - OTHER tags: - LicenseService /v1/metadata: get: operationId: GetMetadata responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Metadata' tags: - MetadataService /v1/namespaces: get: operationId: GetNamespaces responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetNamespacesResponse' tags: - NamespaceService /v1/namespaces/{id}: get: operationId: GetNamespace responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Namespace' parameters: - name: id in: path required: true schema: type: string tags: - NamespaceService /v1/networkgraph/cluster/{clusterId}: get: operationId: GetNetworkGraph responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1NetworkGraph' parameters: - name: clusterId in: path required: true schema: type: string - name: query in: query required: false schema: type: string - name: since in: query required: false schema: type: string format: date-time tags: - NetworkGraphService /v1/networkpolicies: get: operationId: GetNetworkPolicies responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1NetworkPoliciesResponse' parameters: - name: clusterId in: query required: false schema: type: string - name: deploymentQuery in: query required: false schema: type: string tags: - NetworkPolicyService /v1/networkpolicies/apply/{clusterId}: post: operationId: ApplyNetworkPolicy responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: clusterId in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageNetworkPolicyModification' tags: - NetworkPolicyService /v1/networkpolicies/cluster/{clusterId}: get: operationId: GetNetworkGraph responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1NetworkGraph' parameters: - name: clusterId in: path required: true schema: type: string - name: query in: query required: false schema: type: string tags: - NetworkPolicyService /v1/networkpolicies/generate/{clusterId}: get: operationId: GenerateNetworkPolicies responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GenerateNetworkPoliciesResponse' parameters: - name: clusterId in: path required: true schema: type: string - name: query in: query required: false schema: type: string - name: deleteExisting in: query required: false schema: type: string enum: - UNKNOWN - NONE - GENERATED_ONLY - ALL default: UNKNOWN - name: networkDataSince in: query required: false schema: type: string format: date-time tags: - NetworkPolicyService /v1/networkpolicies/graph/epoch: get: operationId: GetNetworkGraphEpoch responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1NetworkGraphEpoch' parameters: - name: clusterId in: query required: false schema: type: string tags: - NetworkPolicyService /v1/networkpolicies/simulate/{clusterId}: post: operationId: SimulateNetworkGraph responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1SimulateNetworkGraphResponse' parameters: - name: clusterId in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageNetworkPolicyModification' tags: - NetworkPolicyService /v1/networkpolicies/simulate/{clusterId}/notify: post: operationId: SendNetworkPolicyYAML responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: clusterId in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageNetworkPolicyModification' tags: - NetworkPolicyService /v1/networkpolicies/undo/{clusterId}: get: operationId: GetUndoModification responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetUndoModificationResponse' parameters: - name: clusterId in: path required: true schema: type: string tags: - NetworkPolicyService /v1/networkpolicies/{id}: get: operationId: GetNetworkPolicy responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageNetworkPolicy' parameters: - name: id in: path required: true schema: type: string tags: - NetworkPolicyService /v1/nodes/{clusterId}: get: operationId: ListNodes responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListNodesResponse' parameters: - name: clusterId in: path required: true schema: type: string tags: - NodeService /v1/nodes/{clusterId}/{nodeId}: get: operationId: GetNode responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageNode' parameters: - name: clusterId in: path required: true schema: type: string - name: nodeId in: path required: true schema: type: string tags: - NodeService /v1/notifiers: get: operationId: GetNotifiers responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetNotifiersResponse' parameters: - name: name in: query required: false schema: type: string - name: type in: query required: false schema: type: string tags: - NotifierService post: operationId: PostNotifier responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageNotifier' requestBody: $ref: '#/components/requestBodies/storageNotifier' tags: - NotifierService /v1/notifiers/test: post: operationId: TestNotifier responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: $ref: '#/components/requestBodies/storageNotifier' tags: - NotifierService /v1/notifiers/{id}: get: operationId: GetNotifier responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageNotifier' parameters: - name: id in: path required: true schema: type: string tags: - NotifierService delete: operationId: DeleteNotifier responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string - name: force in: query required: false schema: type: boolean format: boolean tags: - NotifierService put: operationId: PutNotifier responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageNotifier' tags: - NotifierService /v1/ping: get: operationId: Ping responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1PongMessage' tags: - PingService /v1/policies: get: summary: ListPolicies returns the list of policies. operationId: ListPolicies responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListPoliciesResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - PolicyService post: summary: PostPolicy creates a new policy. operationId: PostPolicy responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storagePolicy' requestBody: $ref: '#/components/requestBodies/storagePolicy' tags: - PolicyService /v1/policies/dryrun: post: summary: DryRunPolicy evaluates the given policy and returns any alerts without creating the policy. operationId: DryRunPolicy responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1DryRunResponse' requestBody: $ref: '#/components/requestBodies/storagePolicy' tags: - PolicyService /v1/policies/reassess: post: summary: ReassessPolicies reevaluates all the policies. operationId: ReassessPolicies responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' tags: - PolicyService /v1/policies/{id}: get: summary: GetPolicy returns the requested policy by ID. operationId: GetPolicy responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storagePolicy' parameters: - name: id in: path required: true schema: type: string tags: - PolicyService delete: summary: DeletePolicy removes a policy by ID. operationId: DeletePolicy responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - PolicyService put: summary: PutPolicy modifies an existing policy. operationId: PutPolicy responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storagePolicy' tags: - PolicyService patch: summary: PatchPolicy edits an existing policy. operationId: PatchPolicy responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/v1PatchPolicyRequest' required: true tags: - PolicyService /v1/policies/{policyId}/notifiers: patch: summary: EnableDisablePolicyNotification enables or disables notifications for a policy by ID. operationId: EnableDisablePolicyNotification responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: policyId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/v1EnableDisablePolicyNotificationRequest' required: true tags: - PolicyService /v1/policyCategories: get: summary: GetPolicyCategories returns the policy categories. operationId: GetPolicyCategories responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1PolicyCategoriesResponse' tags: - PolicyService /v1/policyCategories/{category}: delete: summary: DeletePolicyCategory removes the given policy category. operationId: DeletePolicyCategory responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: category in: path required: true schema: type: string tags: - PolicyService /v1/policyCategories/{oldCategory}: put: summary: RenamePolicyCategory renames the given policy category. operationId: RenamePolicyCategory responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: oldCategory in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/v1RenamePolicyCategoryRequest' required: true tags: - PolicyService /v1/probeupload/getexisting: post: operationId: GetExistingProbes responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetExistingProbesResponse' tags: - ProbeUploadService /v1/processes/deployment/{deploymentId}: get: summary: GetProcessesByDeployment returns the processes executed in the given deployment. operationId: GetProcessesByDeployment responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetProcessesResponse' parameters: - name: deploymentId in: path required: true schema: type: string tags: - ProcessService /v1/processes/deployment/{deploymentId}/grouped: get: summary: GetGroupedProcessByDeployment returns all the processes executed grouped by deployment. operationId: GetGroupedProcessByDeployment responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetGroupedProcessesResponse' parameters: - name: deploymentId in: path required: true schema: type: string tags: - ProcessService /v1/processes/deployment/{deploymentId}/grouped/container: get: summary: GetGroupedProcessByDeploymentAndContainer returns all the processes executed grouped by deployment and container. operationId: GetGroupedProcessByDeploymentAndContainer responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetGroupedProcessesWithContainerResponse' parameters: - name: deploymentId in: path required: true schema: type: string tags: - ProcessService /v1/processwhitelists: put: summary: AddToProcessWhitelists adds a list of process names to each of a list of process whitelists operationId: UpdateProcessWhitelists responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1UpdateProcessWhitelistsResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1UpdateProcessWhitelistsRequest' required: true tags: - ProcessWhitelistService /v1/processwhitelists/key: get: summary: GetProcessWhitelistById returns the single process whitelist referenced by the given ID. operationId: GetProcessWhitelist responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageProcessWhitelist' parameters: - name: key.deploymentId description: 'The idea is for the keys to be flexible. Only certain combinations of these will be supported.' in: query required: false schema: type: string - name: key.containerName in: query required: false schema: type: string - name: key.clusterId in: query required: false schema: type: string - name: key.namespace in: query required: false schema: type: string tags: - ProcessWhitelistService /v1/processwhitelists/lock: put: summary: LockProcessWhitelists accepts a list of whitelist IDs, locks those whitelists, and returns the updated whitelist objects operationId: LockProcessWhitelists responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1UpdateProcessWhitelistsResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1LockProcessWhitelistsRequest' required: true tags: - ProcessWhitelistService /v1/rbac/bindings: get: operationId: ListRoleBindings responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListRoleBindingsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - RbacService /v1/rbac/bindings/{id}: get: operationId: GetRoleBinding responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetRoleBindingResponse' parameters: - name: id in: path required: true schema: type: string tags: - RbacService /v1/rbac/roles: get: operationId: ListRoles responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListRolesResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - RbacService /v1/rbac/roles/{id}: get: operationId: GetRole responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetRoleResponse' parameters: - name: id in: path required: true schema: type: string tags: - RbacService /v1/rbac/subject/{id}: get: summary: 'Subjects served from this API are Groups and Users only. Id in this case is the Name field, since for users and groups, that is unique, and subjects do not have IDs.' operationId: GetSubject responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetSubjectResponse' parameters: - name: id in: path required: true schema: type: string tags: - RbacService /v1/rbac/subjects: get: operationId: ListSubjects responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListSubjectsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - RbacService /v1/mypermissions: get: operationId: GetMyPermissions responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageRole' tags: - RoleService /v1/resources: get: operationId: GetResources responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetResourcesResponse' tags: - RoleService /v1/roles: get: operationId: GetRoles responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetRolesResponse' tags: - RoleService /v1/roles/{id}: get: operationId: GetRole responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageRole' parameters: - name: id in: path required: true schema: type: string tags: - RoleService delete: operationId: DeleteRole responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - RoleService /v1/roles/{name}: post: operationId: CreateRole responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: name in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageRole' tags: - RoleService put: operationId: UpdateRole responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: name in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageRole' tags: - RoleService /v1/scopedaccessctrl/config: post: operationId: AddAuthzPluginConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageAuthzPluginConfig' requestBody: $ref: '#/components/requestBodies/storageAuthzPluginConfig' tags: - ScopedAccessControlService /v1/scopedaccessctrl/config/{config.id}: put: operationId: UpdateAuthzPluginConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageAuthzPluginConfig' parameters: - name: config.id in: path required: true schema: type: string requestBody: $ref: '#/components/requestBodies/storageAuthzPluginConfig' tags: - ScopedAccessControlService /v1/scopedaccessctrl/config/{id}: delete: operationId: DeleteAuthzPluginConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - ScopedAccessControlService /v1/scopedaccessctrl/configs: get: operationId: GetAuthzPluginConfigs responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetAuthzPluginConfigsResponse' tags: - ScopedAccessControlService /v1/scopedaccessctrl/test: post: operationId: DryRunAuthzPluginConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: $ref: '#/components/requestBodies/storageAuthzPluginConfig' tags: - ScopedAccessControlService /v1/search: get: operationId: Search responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1SearchResponse' parameters: - name: query in: query required: false schema: type: string - name: categories in: query required: false explode: true schema: type: array items: type: string enum: - SEARCH_UNSET - ALERTS - IMAGES - POLICIES - DEPLOYMENTS - SECRETS - PROCESS_INDICATORS - COMPLIANCE - CLUSTERS - NAMESPACES - NODES - COMPLIANCE_STANDARD - COMPLIANCE_CONTROL_GROUP - COMPLIANCE_CONTROL - SERVICE_ACCOUNTS - ROLES - ROLEBINDINGS - PROCESS_WHITELISTS - SUBJECTS - RISKS - IMAGE_COMPONENTS - VULNERABILITIES tags: - SearchService /v1/search/autocomplete: get: operationId: Autocomplete responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1AutocompleteResponse' parameters: - name: query in: query required: false schema: type: string - name: categories in: query required: false explode: true schema: type: array items: type: string enum: - SEARCH_UNSET - ALERTS - IMAGES - POLICIES - DEPLOYMENTS - SECRETS - PROCESS_INDICATORS - COMPLIANCE - CLUSTERS - NAMESPACES - NODES - COMPLIANCE_STANDARD - COMPLIANCE_CONTROL_GROUP - COMPLIANCE_CONTROL - SERVICE_ACCOUNTS - ROLES - ROLEBINDINGS - PROCESS_WHITELISTS - SUBJECTS - RISKS - IMAGE_COMPONENTS - VULNERABILITIES tags: - SearchService /v1/search/metadata/options: get: operationId: Options responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1SearchOptionsResponse' parameters: - name: categories in: query required: false explode: true schema: type: array items: type: string enum: - SEARCH_UNSET - ALERTS - IMAGES - POLICIES - DEPLOYMENTS - SECRETS - PROCESS_INDICATORS - COMPLIANCE - CLUSTERS - NAMESPACES - NODES - COMPLIANCE_STANDARD - COMPLIANCE_CONTROL_GROUP - COMPLIANCE_CONTROL - SERVICE_ACCOUNTS - ROLES - ROLEBINDINGS - PROCESS_WHITELISTS - SUBJECTS - RISKS - IMAGE_COMPONENTS - VULNERABILITIES tags: - SearchService /v1/secrets: get: operationId: ListSecrets responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListSecretsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - SecretService /v1/secrets/{id}: get: operationId: GetSecret responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageSecret' parameters: - name: id in: path required: true schema: type: string tags: - SecretService /v1/secretscount: get: operationId: CountSecrets responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1CountSecretsResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - SecretService /v1/sensorupgrades/cluster/{id}: post: operationId: TriggerSensorUpgrade responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' parameters: - name: id in: path required: true schema: type: string tags: - SensorUpgradeService /v1/sensorupgrades/config: get: operationId: GetSensorUpgradeConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetSensorUpgradeConfigResponse' tags: - SensorUpgradeService post: operationId: UpdateSensorUpgradeConfig responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Empty' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1UpdateSensorUpgradeConfigRequest' required: true tags: - SensorUpgradeService /v1/serviceaccounts: get: operationId: ListServiceAccounts responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ListServiceAccountResponse' parameters: - name: query in: query required: false schema: type: string - name: pagination.limit in: query required: false schema: type: integer format: int32 - name: pagination.offset in: query required: false schema: type: integer format: int32 - name: pagination.sort_option.field in: query required: false schema: type: string - name: pagination.sort_option.reversed in: query required: false schema: type: boolean format: boolean tags: - ServiceAccountService /v1/serviceaccounts/{id}: get: operationId: GetServiceAccount responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetServiceAccountResponse' parameters: - name: id in: path required: true schema: type: string tags: - ServiceAccountService /v1/authorities: get: summary: GetAuthorities returns the authorities currently in use. operationId: GetAuthorities responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1Authorities' tags: - ServiceIdentityService /v1/serviceIdentities: get: operationId: GetServiceIdentities responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1ServiceIdentityResponse' tags: - ServiceIdentityService post: summary: 'CreateServiceIdentity creates a new key pair and certificate. The key and certificate are not retained and can never be retrieved again.' operationId: CreateServiceIdentity responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1CreateServiceIdentityResponse' requestBody: content: application/json: schema: $ref: '#/components/schemas/v1CreateServiceIdentityRequest' required: true tags: - ServiceIdentityService /v1/summary/counts: get: operationId: GetSummaryCounts responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1SummaryCountsResponse' tags: - SummaryService /v1/users: get: operationId: GetUsers responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetUsersResponse' tags: - UserService /v1/users/{id}: get: operationId: GetUser responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/storageUser' parameters: - name: id in: path required: true schema: type: string tags: - UserService /v1/usersattributes: get: operationId: GetUsersAttributes responses: '200': description: A successful response. content: application/json: schema: $ref: '#/components/schemas/v1GetUsersAttributesResponse' tags: - UserService servers: - url: https://{central-host} description: StackRox Central API server variables: central-host: default: stackrox.localhost description: StackRox Central hostname or IP components: requestBodies: storageGroup: content: application/json: schema: $ref: '#/components/schemas/storageGroup' required: true storageNetworkPolicyModification: content: application/json: schema: $ref: '#/components/schemas/storageNetworkPolicyModification' required: true storageAuthzPluginConfig: content: application/json: schema: $ref: '#/components/schemas/storageAuthzPluginConfig' required: true storageRole: content: application/json: schema: $ref: '#/components/schemas/storageRole' required: true storageImageIntegration: content: application/json: schema: $ref: '#/components/schemas/storageImageIntegration' required: true storageAuthProvider: content: application/json: schema: $ref: '#/components/schemas/storageAuthProvider' required: true storageExternalBackup: content: application/json: schema: $ref: '#/components/schemas/storageExternalBackup' required: true storageCluster: content: application/json: schema: $ref: '#/components/schemas/storageCluster' required: true storageNotifier: content: application/json: schema: $ref: '#/components/schemas/storageNotifier' required: true storagePolicy: content: application/json: schema: $ref: '#/components/schemas/storagePolicy' required: true schemas: AlertDeploymentContainer: type: object properties: image: $ref: '#/components/schemas/storageContainerImage' name: type: string AlertEnforcement: type: object properties: action: $ref: '#/components/schemas/storageEnforcementAction' message: type: string AlertGroupAlertCounts: type: object properties: severity: $ref: '#/components/schemas/storageSeverity' count: type: string format: int64 AlertProcessViolation: type: object properties: message: type: string processes: type: array items: $ref: '#/components/schemas/storageProcessIndicator' AlertViolation: type: object properties: message: type: string DEPRECATEDProcesses: type: array items: $ref: '#/components/schemas/storageProcessIndicator' ClusterAlertsAlertEvents: type: object properties: severity: $ref: '#/components/schemas/storageSeverity' events: type: array items: $ref: '#/components/schemas/v1AlertEvent' EnvironmentConfigEnvVarSource: type: string enum: - UNSET - RAW - SECRET_KEY - CONFIG_MAP_KEY - FIELD - RESOURCE_FIELD - UNKNOWN default: UNSET title: For any update to EnvVarSource, please also update 'ui/src/messages/common.js' GetAlertTimeseriesResponseClusterAlerts: type: object properties: cluster: type: string severities: type: array items: $ref: '#/components/schemas/ClusterAlertsAlertEvents' GetAlertsCountsRequestRequestGroup: type: string enum: - UNSET - CATEGORY - CLUSTER default: UNSET GetAlertsCountsResponseAlertGroup: type: object properties: group: type: string counts: type: array items: $ref: '#/components/schemas/AlertGroupAlertCounts' GetAlertsGroupResponsePolicyGroup: type: object properties: policy: $ref: '#/components/schemas/storageListAlertPolicy' numAlerts: type: string format: int64 PortConfigExposureLevel: type: string enum: - UNSET - EXTERNAL - NODE - INTERNAL - HOST default: UNSET storageAlert: type: object properties: id: type: string policy: $ref: '#/components/schemas/storagePolicy' lifecycleStage: $ref: '#/components/schemas/storageLifecycleStage' deployment: $ref: '#/components/schemas/storageAlertDeployment' violations: type: array items: $ref: '#/components/schemas/AlertViolation' processViolation: $ref: '#/components/schemas/AlertProcessViolation' enforcement: $ref: '#/components/schemas/AlertEnforcement' time: type: string format: date-time firstOccurred: type: string format: date-time state: $ref: '#/components/schemas/storageViolationState' snoozeTill: type: string format: date-time storageAlertDeployment: type: object properties: id: type: string name: type: string type: type: string namespace: type: string labels: type: object additionalProperties: type: string clusterId: type: string clusterName: type: string containers: type: array items: $ref: '#/components/schemas/AlertDeploymentContainer' annotations: type: object additionalProperties: type: string inactive: type: boolean format: boolean storageComparator: type: string enum: - LESS_THAN - LESS_THAN_OR_EQUALS - EQUALS - GREATER_THAN_OR_EQUALS - GREATER_THAN default: LESS_THAN storageComponent: type: object properties: name: type: string version: type: string storageContainerImage: type: object properties: id: type: string title: These tags maintain backwards compatibiltiy with the previously embedded storage.Image name: $ref: '#/components/schemas/storageImageName' notPullable: type: boolean format: boolean storageDockerfileLineRuleField: type: object properties: instruction: type: string value: type: string storageEnforcementAction: type: string enum: - UNSET_ENFORCEMENT - SCALE_TO_ZERO_ENFORCEMENT - UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT - KILL_POD_ENFORCEMENT - FAIL_BUILD_ENFORCEMENT default: UNSET_ENFORCEMENT storageHostMountPolicy: type: object properties: readOnly: type: boolean format: boolean storageImageName: type: object properties: registry: type: string remote: type: string tag: type: string fullName: type: string storageImageNamePolicy: type: object properties: registry: type: string remote: type: string tag: type: string storageKeyValuePolicy: type: object properties: key: type: string value: type: string envVarSource: $ref: '#/components/schemas/EnvironmentConfigEnvVarSource' storageLifecycleStage: type: string enum: - DEPLOY - BUILD - RUNTIME default: DEPLOY storageListAlert: type: object properties: id: type: string lifecycleStage: $ref: '#/components/schemas/storageLifecycleStage' time: type: string format: date-time policy: $ref: '#/components/schemas/storageListAlertPolicy' deployment: $ref: '#/components/schemas/storageListAlertDeployment' state: $ref: '#/components/schemas/storageViolationState' enforcementCount: type: integer format: int32 storageListAlertDeployment: type: object properties: id: type: string name: type: string clusterName: type: string namespace: type: string clusterId: type: string inactive: type: boolean format: boolean storageListAlertPolicy: type: object properties: id: type: string name: type: string severity: $ref: '#/components/schemas/storageSeverity' description: type: string categories: type: array items: type: string storageNumericalPolicy: type: object properties: op: $ref: '#/components/schemas/storageComparator' value: type: number format: float storagePermissionLevel: type: string enum: - UNSET - NONE - DEFAULT - ELEVATED_IN_NAMESPACE - ELEVATED_CLUSTER_WIDE - CLUSTER_ADMIN default: UNSET title: 'For any update to PermissionLevel, also update: - central/searchbasedpolicies/builders/k8s_rbac.go - ui/src/messages/common.js' storagePermissionPolicy: type: object properties: permissionLevel: $ref: '#/components/schemas/storagePermissionLevel' description: K8S RBAC Permission level configuration. storagePolicy: type: object properties: id: type: string name: type: string description: type: string rationale: type: string remediation: type: string disabled: type: boolean format: boolean categories: type: array items: type: string fields: $ref: '#/components/schemas/storagePolicyFields' lifecycleStages: type: array items: $ref: '#/components/schemas/storageLifecycleStage' whitelists: type: array items: $ref: '#/components/schemas/storageWhitelist' scope: type: array items: $ref: '#/components/schemas/storageScope' severity: $ref: '#/components/schemas/storageSeverity' enforcementActions: type: array items: $ref: '#/components/schemas/storageEnforcementAction' notifiers: type: array items: type: string lastUpdated: type: string format: date-time storagePolicyFields: type: object properties: imageName: $ref: '#/components/schemas/storageImageNamePolicy' imageAgeDays: type: string format: int64 lineRule: $ref: '#/components/schemas/storageDockerfileLineRuleField' cvss: $ref: '#/components/schemas/storageNumericalPolicy' cve: type: string component: $ref: '#/components/schemas/storageComponent' scanAgeDays: type: string format: int64 noScanExists: type: boolean format: boolean env: $ref: '#/components/schemas/storageKeyValuePolicy' command: type: string args: type: string directory: type: string user: type: string volumePolicy: $ref: '#/components/schemas/storageVolumePolicy' portPolicy: $ref: '#/components/schemas/storagePortPolicy' requiredLabel: $ref: '#/components/schemas/storageKeyValuePolicy' requiredAnnotation: $ref: '#/components/schemas/storageKeyValuePolicy' disallowedAnnotation: $ref: '#/components/schemas/storageKeyValuePolicy' privileged: type: boolean format: boolean dropCapabilities: type: array items: type: string addCapabilities: type: array items: type: string containerResourcePolicy: $ref: '#/components/schemas/storageResourcePolicy' processPolicy: $ref: '#/components/schemas/storageProcessPolicy' readOnlyRootFs: type: boolean format: boolean fixedBy: type: string portExposurePolicy: $ref: '#/components/schemas/storagePortExposurePolicy' permissionPolicy: $ref: '#/components/schemas/storagePermissionPolicy' hostMountPolicy: $ref: '#/components/schemas/storageHostMountPolicy' whitelistEnabled: type: boolean format: boolean title: 'Next Available Tag: 29' storagePortExposurePolicy: type: object properties: exposureLevels: type: array items: $ref: '#/components/schemas/PortConfigExposureLevel' storagePortPolicy: type: object properties: port: type: integer format: int32 protocol: type: string storageProcessIndicator: type: object properties: id: type: string title: A unique uuid for the Indicator message deploymentId: type: string deploymentStateTs: type: string format: int64 containerName: type: string podId: type: string signal: $ref: '#/components/schemas/storageProcessSignal' clusterId: type: string namespace: type: string containerStartTime: type: string format: date-time title: 'Next available tag: 11' storageProcessPolicy: type: object properties: name: type: string args: type: string ancestor: type: string uid: type: string storageProcessSignal: type: object properties: id: type: string description: 'A unique UUID for identifying the message We have this here instead of at the top level because we want to have each message to be self contained.' containerId: type: string title: ID of container associated with this process time: type: string format: date-time title: Process creation time name: type: string title: Process name args: type: string title: Process arguments execFilePath: type: string title: Process executable file path pid: type: integer format: int64 title: Host process ID uid: type: integer format: int64 title: Real user ID gid: type: integer format: int64 title: Real group ID lineage: type: array items: type: string title: Process Lineage storageResourcePolicy: type: object properties: cpuResourceRequest: $ref: '#/components/schemas/storageNumericalPolicy' cpuResourceLimit: $ref: '#/components/schemas/storageNumericalPolicy' memoryResourceRequest: $ref: '#/components/schemas/storageNumericalPolicy' memoryResourceLimit: $ref: '#/components/schemas/storageNumericalPolicy' storageScope: type: object properties: cluster: type: string namespace: type: string label: $ref: '#/components/schemas/storageScopeLabel' storageScopeLabel: type: object properties: key: type: string value: type: string storageSeverity: type: string enum: - UNSET_SEVERITY - LOW_SEVERITY - MEDIUM_SEVERITY - HIGH_SEVERITY - CRITICAL_SEVERITY default: UNSET_SEVERITY storageViolationState: type: string enum: - ACTIVE - SNOOZED - RESOLVED default: ACTIVE storageVolumePolicy: type: object properties: name: type: string source: type: string destination: type: string readOnly: type: boolean format: boolean type: type: string storageWhitelist: type: object properties: name: type: string deployment: $ref: '#/components/schemas/storageWhitelistDeployment' image: $ref: '#/components/schemas/storageWhitelistImage' expiration: type: string format: date-time storageWhitelistDeployment: type: object properties: name: type: string scope: $ref: '#/components/schemas/storageScope' storageWhitelistImage: type: object properties: name: type: string v1AlertEvent: type: object properties: time: type: string format: int64 type: $ref: '#/components/schemas/v1Type' id: type: string v1CountAlertsResponse: type: object properties: count: type: integer format: int32 v1DeleteAlertsResponse: type: object properties: numDeleted: type: integer format: int64 dryRun: type: boolean format: boolean v1Empty: type: object v1GetAlertTimeseriesResponse: type: object properties: clusters: type: array items: $ref: '#/components/schemas/GetAlertTimeseriesResponseClusterAlerts' v1GetAlertsCountsResponse: type: object properties: groups: type: array items: $ref: '#/components/schemas/GetAlertsCountsResponseAlertGroup' v1GetAlertsGroupResponse: type: object properties: alertsByPolicies: type: array items: $ref: '#/components/schemas/GetAlertsGroupResponsePolicyGroup' v1ListAlertsRequest: type: object properties: query: type: string pagination: $ref: '#/components/schemas/v1Pagination' v1ListAlertsResponse: type: object properties: alerts: type: array items: $ref: '#/components/schemas/storageListAlert' v1Pagination: type: object properties: limit: type: integer format: int32 offset: type: integer format: int32 sortOption: $ref: '#/components/schemas/v1SortOption' v1RawQuery: type: object properties: query: type: string pagination: $ref: '#/components/schemas/v1Pagination' description: 'RawQuery represents the search query string. The format of the query string is ":+:+..." For example: To search for deployments named "central" and "sensor" in the namespace "stackrox", the query string would be "Deployment:central,sensor+Namespace:stackrox" RawQuery is used in ListAPIs to search for a particular object.' v1ResolveAlertRequest: type: object properties: id: type: string whitelist: type: boolean format: boolean v1ResolveAlertsRequest: type: object properties: query: type: string v1SnoozeAlertRequest: type: object properties: id: type: string snoozeTill: type: string format: date-time v1SortOption: type: object properties: field: type: string reversed: type: boolean format: boolean v1Type: type: string enum: - CREATED - REMOVED default: CREATED storageTokenMetadata: type: object properties: id: type: string name: type: string role: type: string issuedAt: type: string format: date-time expiration: type: string format: date-time revoked: type: boolean format: boolean v1GenerateTokenRequest: type: object properties: name: type: string role: type: string v1GenerateTokenResponse: type: object properties: token: type: string metadata: $ref: '#/components/schemas/storageTokenMetadata' v1GetAPITokensResponse: type: object properties: tokens: type: array items: $ref: '#/components/schemas/storageTokenMetadata' storageAuthProvider: type: object properties: id: type: string name: type: string type: type: string uiEndpoint: type: string enabled: type: boolean format: boolean config: type: object additionalProperties: type: string loginUrl: type: string description: The login URL will be provided by the backend, and may not be specified in a request. validated: type: boolean format: boolean extraUiEndpoints: type: array items: type: string description: 'UI endpoints which to allow in addition to `ui_endpoint`. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.' active: type: boolean format: boolean title: 'Next Tag: 9' storageServiceIdentity: type: object properties: serial: type: string format: int64 serialStr: type: string id: type: string type: $ref: '#/components/schemas/storageServiceType' storageServiceType: type: string enum: - UNKNOWN_SERVICE - SENSOR_SERVICE - CENTRAL_SERVICE - REMOTE_SERVICE - COLLECTOR_SERVICE - MONITORING_UI_SERVICE - MONITORING_DB_SERVICE - MONITORING_CLIENT_SERVICE - BENCHMARK_SERVICE - SCANNER_SERVICE default: UNKNOWN_SERVICE v1AuthStatus: type: object properties: userId: type: string serviceId: $ref: '#/components/schemas/storageServiceIdentity' expires: type: string format: date-time refreshUrl: type: string authProvider: $ref: '#/components/schemas/storageAuthProvider' GetLoginAuthProvidersResponseLoginAuthProvider: type: object properties: id: type: string name: type: string type: type: string loginUrl: type: string v1ExchangeTokenRequest: type: object properties: externalToken: type: string type: type: string state: type: string v1ExchangeTokenResponse: type: object properties: token: type: string clientState: type: string v1GetAuthProvidersResponse: type: object properties: authProviders: type: array items: $ref: '#/components/schemas/storageAuthProvider' v1GetLoginAuthProvidersResponse: type: object properties: authProviders: type: array items: $ref: '#/components/schemas/GetLoginAuthProvidersResponseLoginAuthProvider' v1UpdateAuthProviderRequest: type: object properties: id: type: string name: type: string enabled: type: boolean format: boolean ScheduleIntervalType: type: string enum: - UNSET - DAILY - WEEKLY default: UNSET ScheduleWeeklyInterval: type: object properties: day: type: integer format: int32 storageExternalBackup: type: object properties: id: type: string name: type: string type: type: string schedule: $ref: '#/components/schemas/storageSchedule' backupsToKeep: type: integer format: int32 s3: $ref: '#/components/schemas/storageS3Config' storageS3Config: type: object properties: bucket: type: string useIam: type: boolean format: boolean accessKeyId: type: string secretAccessKey: type: string region: type: string objectPrefix: type: string storageSchedule: type: object properties: intervalType: $ref: '#/components/schemas/ScheduleIntervalType' hour: type: integer format: int32 minute: type: integer format: int32 weekly: $ref: '#/components/schemas/ScheduleWeeklyInterval' v1GetExternalBackupsResponse: type: object properties: externalBackups: type: array items: $ref: '#/components/schemas/storageExternalBackup' ClusterUpgradeStatusUpgradability: type: string enum: - UNSET - UP_TO_DATE - MANUAL_UPGRADE_REQUIRED - AUTO_UPGRADE_POSSIBLE - SENSOR_VERSION_HIGHER default: UNSET description: ' - SENSOR_VERSION_HIGHER: SENSOR_VERSION_HIGHER occurs when we detect that the sensor is running a newer version than this Central. This is unexpected, but can occur depending on the patches a customer does. In this case, we will NOT automatically "upgrade" the sensor, since that would be a downgrade, even if the autoupgrade setting is on. The user will be allowed to manually trigger the upgrade, but they are strongly discouraged from doing so without upgrading Central first, since this is an unsupported configuration.' ClusterUpgradeStatusUpgradeProcessStatus: type: object properties: active: type: boolean format: boolean id: type: string targetVersion: type: string upgraderImage: type: string initiatedAt: type: string format: date-time progress: $ref: '#/components/schemas/storageUpgradeProgress' UpgradeProgressUpgradeState: type: string enum: - UPGRADE_INITIALIZING - UPGRADER_LAUNCHING - UPGRADER_LAUNCHED - PRE_FLIGHT_CHECKS_COMPLETE - UPGRADE_OPERATIONS_DONE - UPGRADE_COMPLETE - UPGRADE_INITIALIZATION_ERROR - PRE_FLIGHT_CHECKS_FAILED - UPGRADE_ERROR_ROLLING_BACK - UPGRADE_ERROR_ROLLED_BACK - UPGRADE_ERROR_ROLLBACK_FAILED - UPGRADE_ERROR_UNKNOWN - UPGRADE_TIMED_OUT default: UPGRADE_INITIALIZING description: " - UPGRADER_LAUNCHING: In-progress states.\n - UPGRADE_COMPLETE:\ \ The success state.\nPLEASE NUMBER ALL IN-PROGRESS STATES ABOVE THIS\nAND\ \ ALL ERROR STATES BELOW THIS.\n - UPGRADE_INITIALIZATION_ERROR: Error states." storageAWSProviderMetadata: type: object properties: accountId: type: string storageAdmissionControllerConfig: type: object properties: enabled: type: boolean format: boolean timeoutSeconds: type: integer format: int32 scanInline: type: boolean format: boolean disableBypass: type: boolean format: boolean storageAzureProviderMetadata: type: object properties: subscriptionId: type: string storageCluster: type: object properties: id: type: string name: type: string type: $ref: '#/components/schemas/storageClusterType' mainImage: type: string collectorImage: type: string centralApiEndpoint: type: string runtimeSupport: type: boolean format: boolean monitoringEndpoint: type: string collectionMethod: $ref: '#/components/schemas/storageCollectionMethod' DEPRECATEDProviderMetadata: $ref: '#/components/schemas/storageProviderMetadata' admissionController: type: boolean format: boolean DEPRECATEDOrchestratorMetadata: $ref: '#/components/schemas/storageOrchestratorMetadata' status: $ref: '#/components/schemas/storageClusterStatus' dynamicConfig: $ref: '#/components/schemas/storageDynamicClusterConfig' tolerationsConfig: $ref: '#/components/schemas/storageTolerationsConfig' priority: type: string format: int64 storageClusterStatus: type: object properties: sensorVersion: type: string lastContact: type: string format: date-time providerMetadata: $ref: '#/components/schemas/storageProviderMetadata' orchestratorMetadata: $ref: '#/components/schemas/storageOrchestratorMetadata' upgradeStatus: $ref: '#/components/schemas/storageClusterUpgradeStatus' storageClusterType: type: string enum: - GENERIC_CLUSTER - KUBERNETES_CLUSTER - OPENSHIFT_CLUSTER default: GENERIC_CLUSTER storageClusterUpgradeStatus: type: object properties: upgradability: $ref: '#/components/schemas/ClusterUpgradeStatusUpgradability' upgradabilityStatusReason: type: string mostRecentProcess: $ref: '#/components/schemas/ClusterUpgradeStatusUpgradeProcessStatus' storageCollectionMethod: type: string enum: - UNSET_COLLECTION - NO_COLLECTION - KERNEL_MODULE - EBPF default: UNSET_COLLECTION storageDynamicClusterConfig: type: object properties: admissionControllerConfig: $ref: '#/components/schemas/storageAdmissionControllerConfig' registryOverride: type: string storageGoogleProviderMetadata: type: object properties: project: type: string clusterName: type: string storageOrchestratorMetadata: type: object properties: version: type: string buildDate: type: string format: date-time apiVersions: type: array items: type: string storageProviderMetadata: type: object properties: region: type: string zone: type: string google: $ref: '#/components/schemas/storageGoogleProviderMetadata' aws: $ref: '#/components/schemas/storageAWSProviderMetadata' azure: $ref: '#/components/schemas/storageAzureProviderMetadata' verified: type: boolean format: boolean storageTolerationsConfig: type: object properties: disabled: type: boolean format: boolean storageUpgradeProgress: type: object properties: upgradeState: $ref: '#/components/schemas/UpgradeProgressUpgradeState' upgradeStatusDetail: type: string since: type: string format: date-time v1ClusterResponse: type: object properties: cluster: $ref: '#/components/schemas/storageCluster' v1ClustersList: type: object properties: clusters: type: array items: $ref: '#/components/schemas/storageCluster' v1ComplianceRun: type: object properties: id: type: string clusterId: type: string standardId: type: string scheduleId: type: string startTime: type: string format: date-time finishTime: type: string format: date-time state: $ref: '#/components/schemas/v1ComplianceRunState' errorMessage: type: string v1ComplianceRunSelection: type: object properties: clusterId: type: string description: The ID of the cluster. "*" means "all clusters". standardId: type: string description: The ID of the compliance standard. "*" means "all standards". v1ComplianceRunState: type: string enum: - INVALID - READY - STARTED - WAIT_FOR_DATA - EVALUTING_CHECKS - FINISHED default: INVALID v1GetComplianceRunStatusesResponse: type: object properties: invalidRunIds: type: array items: type: string runs: type: array items: $ref: '#/components/schemas/v1ComplianceRun' v1GetRecentComplianceRunsResponse: type: object properties: complianceRuns: type: array items: $ref: '#/components/schemas/v1ComplianceRun' v1TriggerComplianceRunsRequest: type: object properties: selection: $ref: '#/components/schemas/v1ComplianceRunSelection' v1TriggerComplianceRunsResponse: type: object properties: startedRuns: type: array items: $ref: '#/components/schemas/v1ComplianceRun' ComplianceAggregationAggregationKey: type: object properties: scope: $ref: '#/components/schemas/v1ComplianceAggregationScope' id: type: string title: 'Next available tag: 3' ComplianceAggregationResponse: type: object properties: results: type: array items: $ref: '#/components/schemas/v1ComplianceAggregationResult' sources: type: array items: $ref: '#/components/schemas/ComplianceAggregationSource' title: 'Next available tag: 3' ComplianceAggregationSource: type: object properties: clusterId: type: string standardId: type: string successfulRun: $ref: '#/components/schemas/storageComplianceRunMetadata' failedRuns: type: array items: $ref: '#/components/schemas/storageComplianceRunMetadata' title: 'Next available tag: 5' ComplianceResourceClusterName: type: object properties: id: type: string name: type: string ComplianceResourceDeploymentName: type: object properties: cluster: $ref: '#/components/schemas/ComplianceResourceClusterName' id: type: string name: type: string namespace: type: string ComplianceResourceNodeName: type: object properties: cluster: $ref: '#/components/schemas/ComplianceResourceClusterName' id: type: string name: type: string ComplianceResultValueEvidence: type: object properties: state: $ref: '#/components/schemas/storageComplianceState' message: type: string messageId: type: integer format: int32 ComplianceRunResultsEntityResults: type: object properties: controlResults: type: object additionalProperties: $ref: '#/components/schemas/storageComplianceResultValue' ContainerConfigEnvironmentConfig: type: object properties: key: type: string value: type: string envVarSource: $ref: '#/components/schemas/EnvironmentConfigEnvVarSource' LabelSelectorRequirement: type: object properties: key: type: string op: $ref: '#/components/schemas/storageLabelSelectorOperator' values: type: array items: type: string title: 'Next available tag: 4' PortConfigExposureInfo: type: object properties: level: $ref: '#/components/schemas/PortConfigExposureLevel' serviceName: type: string title: only set if level is not HOST serviceId: type: string serviceClusterIp: type: string servicePort: type: integer format: int32 nodePort: type: integer format: int32 title: only set if level is HOST, NODE, or EXTERNAL externalIps: type: array items: type: string title: only set if level is EXTERNAL externalHostnames: type: array items: type: string SecurityContextSELinux: type: object properties: user: type: string role: type: string type: type: string level: type: string storageComplianceControlResult: type: object properties: resource: $ref: '#/components/schemas/storageComplianceResource' controlId: type: string value: $ref: '#/components/schemas/storageComplianceResultValue' storageComplianceDomain: type: object properties: cluster: $ref: '#/components/schemas/storageCluster' nodes: type: object additionalProperties: $ref: '#/components/schemas/storageNode' deployments: type: object additionalProperties: $ref: '#/components/schemas/storageDeployment' storageComplianceResource: type: object properties: cluster: $ref: '#/components/schemas/ComplianceResourceClusterName' deployment: $ref: '#/components/schemas/ComplianceResourceDeploymentName' node: $ref: '#/components/schemas/ComplianceResourceNodeName' image: $ref: '#/components/schemas/storageImageName' storageComplianceResultValue: type: object properties: evidence: type: array items: $ref: '#/components/schemas/ComplianceResultValueEvidence' overallState: $ref: '#/components/schemas/storageComplianceState' storageComplianceRunMetadata: type: object properties: runId: type: string standardId: type: string clusterId: type: string startTimestamp: type: string format: date-time finishTimestamp: type: string format: date-time success: type: boolean format: boolean errorMessage: type: string title: 'Next available tag: 5' storageComplianceRunResults: type: object properties: domain: $ref: '#/components/schemas/storageComplianceDomain' runMetadata: $ref: '#/components/schemas/storageComplianceRunMetadata' clusterResults: $ref: '#/components/schemas/ComplianceRunResultsEntityResults' nodeResults: type: object additionalProperties: $ref: '#/components/schemas/ComplianceRunResultsEntityResults' deploymentResults: type: object additionalProperties: $ref: '#/components/schemas/ComplianceRunResultsEntityResults' title: 'Next available tag: 6' storageComplianceState: type: string enum: - COMPLIANCE_STATE_UNKNOWN - COMPLIANCE_STATE_SKIP - COMPLIANCE_STATE_NOTE - COMPLIANCE_STATE_SUCCESS - COMPLIANCE_STATE_FAILURE - COMPLIANCE_STATE_ERROR default: COMPLIANCE_STATE_UNKNOWN storageContainer: type: object properties: id: type: string config: $ref: '#/components/schemas/storageContainerConfig' image: $ref: '#/components/schemas/storageContainerImage' securityContext: $ref: '#/components/schemas/storageSecurityContext' volumes: type: array items: $ref: '#/components/schemas/storageVolume' ports: type: array items: $ref: '#/components/schemas/storagePortConfig' secrets: type: array items: $ref: '#/components/schemas/storageEmbeddedSecret' resources: $ref: '#/components/schemas/storageResources' instances: type: array items: $ref: '#/components/schemas/storageContainerInstance' name: type: string storageContainerConfig: type: object properties: env: type: array items: $ref: '#/components/schemas/ContainerConfigEnvironmentConfig' command: type: array items: type: string args: type: array items: type: string directory: type: string user: type: string uid: type: string format: int64 storageContainerInstance: type: object properties: instanceId: $ref: '#/components/schemas/storageContainerInstanceID' containingPodId: type: string description: The pod containing this container instance (kubernetes only). containerIps: type: array items: type: string description: The IP addresses of this container. started: type: string format: date-time title: The start time of the container description: ContainerInstanceID allows to uniquely identify a container within a cluster. storageContainerInstanceID: type: object properties: containerRuntime: $ref: '#/components/schemas/storageContainerRuntime' id: type: string description: The ID of the container, specific to the given runtime. node: type: string description: The node on which this container runs. storageContainerRuntime: type: string enum: - UNKNOWN_CONTAINER_RUNTIME - DOCKER_CONTAINER_RUNTIME - CRIO_CONTAINER_RUNTIME default: UNKNOWN_CONTAINER_RUNTIME storageContainerRuntimeInfo: type: object properties: type: $ref: '#/components/schemas/storageContainerRuntime' version: type: string storageDeployment: type: object properties: id: type: string name: type: string hash: type: string format: uint64 type: type: string namespace: type: string namespaceId: type: string replicas: type: string format: int64 labels: type: object additionalProperties: type: string podLabels: type: object additionalProperties: type: string labelSelector: $ref: '#/components/schemas/storageLabelSelector' created: type: string format: date-time clusterId: type: string clusterName: type: string containers: type: array items: $ref: '#/components/schemas/storageContainer' annotations: type: object additionalProperties: type: string priority: type: string format: int64 inactive: type: boolean format: boolean imagePullSecrets: type: array items: type: string serviceAccount: type: string automountServiceAccountToken: type: boolean format: boolean hostNetwork: type: boolean format: boolean tolerations: type: array items: $ref: '#/components/schemas/storageToleration' ports: type: array items: $ref: '#/components/schemas/storagePortConfig' stateTimestamp: type: string format: int64 title: 'Next available tag: 28' storageEmbeddedSecret: type: object properties: name: type: string path: type: string storageLabelSelector: type: object properties: matchLabels: type: object additionalProperties: type: string description: This is actually a oneof, but we can't make it one due to backwards compatibility constraints. requirements: type: array items: $ref: '#/components/schemas/LabelSelectorRequirement' title: 'Next available tag: 3' storageLabelSelectorOperator: type: string enum: - UNKNOWN - IN - NOT_IN - EXISTS - NOT_EXISTS default: UNKNOWN storageNode: type: object properties: id: type: string description: A unique ID identifying this node. name: type: string description: The (host)name of the node. Might or might not be the same as ID. taints: type: array items: $ref: '#/components/schemas/storageTaint' title: Taints on the host clusterId: type: string clusterName: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string internalIpAddresses: type: array items: type: string title: node internal IP addresses externalIpAddresses: type: array items: type: string title: node external IP addresses containerRuntimeVersion: type: string title: From NodeInfo containerRuntime: $ref: '#/components/schemas/storageContainerRuntimeInfo' kernelVersion: type: string osImage: type: string joinedAt: type: string format: date-time title: When the cluster reported the node was added kubeletVersion: type: string title: 'Node represents information about a node in the cluster. next available tag: 16' storagePortConfig: type: object properties: name: type: string containerPort: type: integer format: int32 protocol: type: string exposure: $ref: '#/components/schemas/PortConfigExposureLevel' exposedPort: type: integer format: int32 exposureInfos: type: array items: $ref: '#/components/schemas/PortConfigExposureInfo' title: 'Next Available Tag: 6' storageResources: type: object properties: cpuCoresRequest: type: number format: float cpuCoresLimit: type: number format: float memoryMbRequest: type: number format: float memoryMbLimit: type: number format: float storageSecurityContext: type: object properties: privileged: type: boolean format: boolean selinux: $ref: '#/components/schemas/SecurityContextSELinux' dropCapabilities: type: array items: type: string addCapabilities: type: array items: type: string readOnlyRootFilesystem: type: boolean format: boolean storageTaint: type: object properties: key: type: string value: type: string taintEffect: $ref: '#/components/schemas/storageTaintEffect' storageTaintEffect: type: string enum: - UNKNOWN_TAINT_EFFECT - NO_SCHEDULE_TAINT_EFFECT - PREFER_NO_SCHEDULE_TAINT_EFFECT - NO_EXECUTE_TAINT_EFFECT default: UNKNOWN_TAINT_EFFECT storageToleration: type: object properties: key: type: string operator: $ref: '#/components/schemas/storageTolerationOperator' value: type: string taintEffect: $ref: '#/components/schemas/storageTaintEffect' storageTolerationOperator: type: string enum: - TOLERATION_OPERATION_UNKNOWN - TOLERATION_OPERATOR_EXISTS - TOLERATION_OPERATOR_EQUAL default: TOLERATION_OPERATION_UNKNOWN storageVolume: type: object properties: name: type: string source: type: string destination: type: string readOnly: type: boolean format: boolean type: type: string v1ComplianceAggregationResult: type: object properties: aggregationKeys: type: array items: $ref: '#/components/schemas/ComplianceAggregationAggregationKey' unit: $ref: '#/components/schemas/v1ComplianceAggregationScope' numPassing: type: integer format: int32 numFailing: type: integer format: int32 title: 'Next available tag: 5' v1ComplianceAggregationScope: type: string enum: - UNKNOWN - STANDARD - CLUSTER - CATEGORY - CONTROL - NAMESPACE - NODE - DEPLOYMENT - CHECK default: UNKNOWN v1ComplianceControl: type: object properties: id: type: string standardId: type: string groupId: type: string name: type: string description: type: string implemented: type: boolean format: boolean interpretationText: type: string v1ComplianceControlGroup: type: object properties: id: type: string standardId: type: string name: type: string description: type: string numImplementedChecks: type: integer format: int32 v1ComplianceControlResultsResponse: type: object properties: results: type: array items: $ref: '#/components/schemas/storageComplianceControlResult' v1ComplianceStandard: type: object properties: metadata: $ref: '#/components/schemas/v1ComplianceStandardMetadata' groups: type: array items: $ref: '#/components/schemas/v1ComplianceControlGroup' controls: type: array items: $ref: '#/components/schemas/v1ComplianceControl' v1ComplianceStandardMetadata: type: object properties: id: type: string name: type: string description: type: string numImplementedChecks: type: integer format: int32 v1GetComplianceRunResultsResponse: type: object properties: results: $ref: '#/components/schemas/storageComplianceRunResults' failedRuns: type: array items: $ref: '#/components/schemas/storageComplianceRunMetadata' v1GetComplianceStandardResponse: type: object properties: standard: $ref: '#/components/schemas/v1ComplianceStandard' v1GetComplianceStandardsResponse: type: object properties: standards: type: array items: $ref: '#/components/schemas/v1ComplianceStandardMetadata' BannerConfigSize: type: string enum: - UNSET - SMALL - MEDIUM - LARGE default: UNSET storageAlertRetentionConfig: type: object properties: resolvedDeployRetentionDurationDays: type: integer format: int32 deletedRuntimeRetentionDurationDays: type: integer format: int32 allRuntimeRetentionDurationDays: type: integer format: int32 storageBannerConfig: type: object properties: enabled: type: boolean format: boolean text: type: string size: $ref: '#/components/schemas/BannerConfigSize' color: type: string backgroundColor: type: string storageConfig: type: object properties: publicConfig: $ref: '#/components/schemas/storagePublicConfig' privateConfig: $ref: '#/components/schemas/storagePrivateConfig' storageLoginNotice: type: object properties: enabled: type: boolean format: boolean text: type: string storagePrivateConfig: type: object properties: DEPRECATEDAlertRetentionDurationDays: type: integer format: int32 title: will be deprecated after migration is ready alertConfig: $ref: '#/components/schemas/storageAlertRetentionConfig' imageRetentionDurationDays: type: integer format: int32 title: 'next available tag: 4' storagePublicConfig: type: object properties: loginNotice: $ref: '#/components/schemas/storageLoginNotice' header: $ref: '#/components/schemas/storageBannerConfig' footer: $ref: '#/components/schemas/storageBannerConfig' v1PutConfigRequest: type: object properties: config: $ref: '#/components/schemas/storageConfig' DBExportManifestEncodingType: type: string enum: - UNKNOWN - UNCOMPREESSED - DEFLATED default: UNKNOWN description: The encoding of the file data in the restore body, usually for compression purposes. DBRestoreProcessStatusResumeInfo: type: object properties: pos: type: string format: int64 DBRestoreRequestHeaderLocalFileInfo: type: object properties: path: type: string description: The full path of the file. bytesSize: type: string format: int64 description: The size of the file, in bytes. 0 if unknown. description: 'LocalFileInfo provides information about the file on the local machine of the user initiating the restore process, in order to provide information to other users about ongoing restore processes.' v1DBExportFormat: type: object properties: formatName: type: string files: type: array items: $ref: '#/components/schemas/v1DBExportFormatFile' description: DBExportFormat describes a format (= a collection of files) for the database export. v1DBExportFormatFile: type: object properties: name: type: string optional: type: boolean format: boolean v1DBExportManifest: type: object properties: files: type: array items: $ref: '#/components/schemas/v1DBExportManifestFile' description: 'A DB export manifest describes the file contents of a restore request. To prevent data loss, a manifest is always interpreted as binding, i.e., the server must ensure that it will read and make use of every file listed in the manifest, otherwise it must reject the request.' v1DBExportManifestFile: type: object properties: name: type: string description: 'The name of the file. This may or may not be a (relative) file path and up to the server to interpret. For databases exported as ZIP files, this is the path relative to the root of the archive.' encoding: $ref: '#/components/schemas/DBExportManifestEncodingType' encodedSize: type: string format: int64 decodedSize: type: string format: int64 decodedCrc32: type: integer format: int64 description: The CRC32 (IEEE) checksum of the decoded(!) data. description: A single file in the restore body. v1DBRestoreProcessMetadata: type: object properties: id: type: string description: An ID identifying the restore process. Auto-assigned. header: $ref: '#/components/schemas/v1DBRestoreRequestHeader' startTime: type: string format: date-time description: The time at which the restore process was started. initiatingUserName: type: string description: The user who initiated the database restore process. description: 'The metadata of an ongoing or completed restore process. This is the *static* metadata, which will not change (i.e., it is not a status).' v1DBRestoreProcessStatus: type: object properties: metadata: $ref: '#/components/schemas/v1DBRestoreProcessMetadata' attemptId: type: string state: $ref: '#/components/schemas/v1DBRestoreProcessStatusState' resumeInfo: $ref: '#/components/schemas/DBRestoreProcessStatusResumeInfo' error: type: string bytesRead: type: string format: int64 filesProcessed: type: string format: int64 v1DBRestoreProcessStatusState: type: string enum: - UNKNOWN - NOT_STARTED - IN_PROGRESS - PAUSED - COMPLETED default: UNKNOWN v1DBRestoreRequestHeader: type: object properties: formatName: type: string description: The name of the database export format. Mandatory. manifest: $ref: '#/components/schemas/v1DBExportManifest' localFile: $ref: '#/components/schemas/DBRestoreRequestHeaderLocalFileInfo' v1GetActiveDBRestoreProcessResponse: type: object properties: activeStatus: $ref: '#/components/schemas/v1DBRestoreProcessStatus' v1GetDBExportCapabilitiesResponse: type: object properties: formats: type: array items: $ref: '#/components/schemas/v1DBExportFormat' supportedEncodings: type: array items: $ref: '#/components/schemas/DBExportManifestEncodingType' v1InterruptDBRestoreProcessResponse: type: object properties: resumeInfo: $ref: '#/components/schemas/DBRestoreProcessStatusResumeInfo' v1LogLevelRequest: type: object properties: level: type: string modules: type: array items: type: string v1LogLevelResponse: type: object properties: level: type: string moduleLevels: type: array items: $ref: '#/components/schemas/v1ModuleLevel' v1ModuleLevel: type: object properties: module: type: string level: type: string ContainerNameAndWhitelistStatusWhitelistStatus: type: string enum: - INVALID - NOT_GENERATED - UNLOCKED - LOCKED default: INVALID DeploymentLabelsResponseLabelValues: type: object properties: values: type: array items: type: string ListDeploymentsWithProcessInfoResponseDeploymentWithProcessInfo: type: object properties: deployment: $ref: '#/components/schemas/storageListDeployment' whitelistStatuses: type: array items: $ref: '#/components/schemas/storageContainerNameAndWhitelistStatus' ResultFactor: type: object properties: message: type: string url: type: string storageContainerNameAndWhitelistStatus: type: object properties: containerName: type: string whitelistStatus: $ref: '#/components/schemas/ContainerNameAndWhitelistStatusWhitelistStatus' anomalousProcessesExecuted: type: boolean format: boolean description: ContainerNameAndWhitelistStatus represents a cached result of process evaluation on a specific container name. storageListDeployment: type: object properties: id: type: string hash: type: string format: uint64 name: type: string cluster: type: string clusterId: type: string namespace: type: string created: type: string format: date-time priority: type: string format: int64 title: 'Next available tag: 9' storageRisk: type: object properties: id: type: string subject: $ref: '#/components/schemas/storageRiskSubject' score: type: number format: float results: type: array items: $ref: '#/components/schemas/storageRiskResult' storageRiskResult: type: object properties: name: type: string factors: type: array items: $ref: '#/components/schemas/ResultFactor' score: type: number format: float storageRiskSubject: type: object properties: id: type: string namespace: type: string clusterId: type: string type: $ref: '#/components/schemas/storageRiskSubjectType' storageRiskSubjectType: type: string enum: - UNKNOWN - DEPLOYMENT - NAMESPACE - CLUSTER - IMAGE - IMAGE_COMPONENT - SERVICEACCOUNT default: UNKNOWN v1CountDeploymentsResponse: type: object properties: count: type: integer format: int32 v1DeploymentLabelsResponse: type: object properties: labels: type: object additionalProperties: $ref: '#/components/schemas/DeploymentLabelsResponseLabelValues' values: type: array items: type: string v1GetDeploymentWithRiskResponse: type: object properties: deployment: $ref: '#/components/schemas/storageDeployment' risk: $ref: '#/components/schemas/storageRisk' v1ListDeploymentsResponse: type: object properties: deployments: type: array items: $ref: '#/components/schemas/storageListDeployment' v1ListDeploymentsWithProcessInfoResponse: type: object properties: deployments: type: array items: $ref: '#/components/schemas/ListDeploymentsWithProcessInfoResponseDeploymentWithProcessInfo' DeployDetectionResponseRun: type: object properties: name: type: string type: type: string alerts: type: array items: $ref: '#/components/schemas/storageAlert' v1BuildDetectionRequest: type: object properties: image: $ref: '#/components/schemas/storageContainerImage' imageName: type: string noExternalMetadata: type: boolean format: boolean v1BuildDetectionResponse: type: object properties: alerts: type: array items: $ref: '#/components/schemas/storageAlert' v1DeployDetectionRequest: type: object properties: deployment: $ref: '#/components/schemas/storageDeployment' noExternalMetadata: type: boolean format: boolean enforcementOnly: type: boolean format: boolean clusterId: type: string v1DeployDetectionResponse: type: object properties: runs: type: array items: $ref: '#/components/schemas/DeployDetectionResponseRun' v1DeployYAMLDetectionRequest: type: object properties: yaml: type: string noExternalMetadata: type: boolean format: boolean enforcementOnly: type: boolean format: boolean v1FeatureFlag: type: object properties: name: type: string envVar: type: string enabled: type: boolean format: boolean v1GetFeatureFlagsResponse: type: object properties: featureFlags: type: array items: $ref: '#/components/schemas/v1FeatureFlag' storageGroup: type: object properties: props: $ref: '#/components/schemas/storageGroupProperties' roleName: type: string description: This is the name of the role that will apply to users in this group. description: 'Group is a GroupProperties : Role mapping.' storageGroupProperties: type: object properties: authProviderId: type: string key: type: string value: type: string description: 'GroupProperties defines the properties of a unique group. Groups apply to users when their properties match. For instance: If the GroupProperties on has a auth_provider_id, then that group applies to all users logged in with that auth provider. If it has a claim key, then it applies to all users with that auth provider and claim key, etc. This can be used to create default groups/roles for All source provider (no fields set), a specific auth provider (only auth_provider_id field set) etc.' v1GetGroupsResponse: type: object properties: groups: type: array items: $ref: '#/components/schemas/storageGroup' title: 'API for updating Groups and getting users. Next Available Tag: 2' v1GroupBatchUpdateRequest: type: object properties: previousGroups: type: array items: $ref: '#/components/schemas/storageGroup' description: 'Previous groups are the groups expected to be present in the store. Performs a diff on the GroupProperties present in previous_groups and required_groups: 1) if in previous_groups but not required_groups, it gets deleted. 2) if in previous_groups and required_groups, it gets updated. 3) if not in previous_groups but in required_groups, it gets added.' requiredGroups: type: array items: $ref: '#/components/schemas/storageGroup' description: Required groups are the groups we want to mutate the previous groups into. title: 'GroupBatchUpdateRequest is an in transaction batch update to the groups present. Next Available Tag: 3' storageAnchoreConfig: type: object properties: endpoint: type: string username: type: string password: type: string storageClairConfig: type: object properties: endpoint: type: string storageClairifyConfig: type: object properties: endpoint: type: string storageDTRConfig: type: object properties: username: type: string password: type: string endpoint: type: string insecure: type: boolean format: boolean storageDockerConfig: type: object properties: endpoint: type: string username: type: string password: type: string insecure: type: boolean format: boolean storageECRConfig: type: object properties: registryId: type: string accessKeyId: type: string secretAccessKey: type: string region: type: string useIam: type: boolean format: boolean storageGoogleConfig: type: object properties: endpoint: type: string serviceAccount: type: string project: type: string storageIBMRegistryConfig: type: object properties: endpoint: type: string apiKey: type: string storageImageIntegration: type: object properties: id: type: string name: type: string type: type: string clusters: type: array items: type: string description: If a list of clusters is provided, the integration will only be accessed from the specified clusters' sensors. categories: type: array items: $ref: '#/components/schemas/storageImageIntegrationCategory' dtr: $ref: '#/components/schemas/storageDTRConfig' clairify: $ref: '#/components/schemas/storageClairifyConfig' docker: $ref: '#/components/schemas/storageDockerConfig' quay: $ref: '#/components/schemas/storageQuayConfig' ecr: $ref: '#/components/schemas/storageECRConfig' tenable: $ref: '#/components/schemas/storageTenableConfig' google: $ref: '#/components/schemas/storageGoogleConfig' clair: $ref: '#/components/schemas/storageClairConfig' anchore: $ref: '#/components/schemas/storageAnchoreConfig' scannerv2: $ref: '#/components/schemas/storageScannerV2Config' ibm: $ref: '#/components/schemas/storageIBMRegistryConfig' autogenerated: type: boolean format: boolean clusterId: type: string skipTestIntegration: type: boolean format: boolean storageImageIntegrationCategory: type: string enum: - REGISTRY - SCANNER default: REGISTRY storageQuayConfig: type: object properties: endpoint: type: string oauthToken: type: string storageScannerV2Config: type: object properties: endpoint: type: string storageTenableConfig: type: object properties: accessKey: type: string secretKey: type: string v1GetImageIntegrationsResponse: type: object properties: integrations: type: array items: $ref: '#/components/schemas/storageImageIntegration' CVSSV2AccessComplexity: type: string enum: - ACCESS_HIGH - ACCESS_MEDIUM - ACCESS_LOW default: ACCESS_HIGH CVSSV2Authentication: type: string enum: - AUTH_MULTIPLE - AUTH_SINGLE - AUTH_NONE default: AUTH_MULTIPLE CVSSV3Complexity: type: string enum: - COMPLEXITY_LOW - COMPLEXITY_HIGH default: COMPLEXITY_LOW CVSSV3Privileges: type: string enum: - PRIVILEGE_NONE - PRIVILEGE_LOW - PRIVILEGE_HIGH default: PRIVILEGE_NONE CVSSV3UserInteraction: type: string enum: - UI_NONE - UI_REQUIRED default: UI_NONE EmbeddedImageScanComponentSourceType: type: string enum: - OS - PYTHON - JAVA - RUBY - NODEJS default: OS EmbeddedVulnerabilityVulnerabilityType: type: string enum: - UNKNOWN_VULNERABILITY - IMAGE_VULNERABILITY - K8S_VULNERABILITY - ISTIO_VULNERABILITY default: UNKNOWN_VULNERABILITY storageCVSSV2: type: object properties: vector: type: string attackVector: $ref: '#/components/schemas/storageCVSSV2AttackVector' accessComplexity: $ref: '#/components/schemas/CVSSV2AccessComplexity' authentication: $ref: '#/components/schemas/CVSSV2Authentication' confidentiality: $ref: '#/components/schemas/storageCVSSV2Impact' integrity: $ref: '#/components/schemas/storageCVSSV2Impact' availability: $ref: '#/components/schemas/storageCVSSV2Impact' exploitabilityScore: type: number format: float impactScore: type: number format: float score: type: number format: float severity: $ref: '#/components/schemas/storageCVSSV2Severity' storageCVSSV2AttackVector: type: string enum: - ATTACK_LOCAL - ATTACK_ADJACENT - ATTACK_NETWORK default: ATTACK_LOCAL storageCVSSV2Impact: type: string enum: - IMPACT_NONE - IMPACT_PARTIAL - IMPACT_COMPLETE default: IMPACT_NONE storageCVSSV2Severity: type: string enum: - UNKNOWN - LOW - MEDIUM - HIGH default: UNKNOWN storageCVSSV3: type: object properties: vector: type: string exploitabilityScore: type: number format: float impactScore: type: number format: float attackVector: $ref: '#/components/schemas/storageCVSSV3AttackVector' attackComplexity: $ref: '#/components/schemas/CVSSV3Complexity' privilegesRequired: $ref: '#/components/schemas/CVSSV3Privileges' userInteraction: $ref: '#/components/schemas/CVSSV3UserInteraction' scope: $ref: '#/components/schemas/storageCVSSV3Scope' confidentiality: $ref: '#/components/schemas/storageCVSSV3Impact' integrity: $ref: '#/components/schemas/storageCVSSV3Impact' availability: $ref: '#/components/schemas/storageCVSSV3Impact' score: type: number format: float severity: $ref: '#/components/schemas/storageCVSSV3Severity' storageCVSSV3AttackVector: type: string enum: - ATTACK_LOCAL - ATTACK_ADJACENT - ATTACK_NETWORK - ATTACK_PHYSICAL default: ATTACK_LOCAL storageCVSSV3Impact: type: string enum: - IMPACT_NONE - IMPACT_LOW - IMPACT_HIGH default: IMPACT_NONE storageCVSSV3Scope: type: string enum: - UNCHANGED - CHANGED default: UNCHANGED storageCVSSV3Severity: type: string enum: - UNKNOWN - NONE - LOW - MEDIUM - HIGH - CRITICAL default: UNKNOWN storageEmbeddedImageScanComponent: type: object properties: name: type: string version: type: string license: $ref: '#/components/schemas/storageLicense' vulns: type: array items: $ref: '#/components/schemas/storageEmbeddedVulnerability' layerIndex: type: integer format: int32 priority: type: string format: int64 source: $ref: '#/components/schemas/EmbeddedImageScanComponentSourceType' location: type: string title: 'TODO: Remove when migration is in place' storageEmbeddedVulnerability: type: object properties: cve: type: string cvss: type: number format: float summary: type: string link: type: string fixedBy: type: string scoreVersion: $ref: '#/components/schemas/storageEmbeddedVulnerabilityScoreVersion' cvssV2: $ref: '#/components/schemas/storageCVSSV2' cvssV3: $ref: '#/components/schemas/storageCVSSV3' publishedOn: type: string format: date-time lastModified: type: string format: date-time vulnerabilityType: $ref: '#/components/schemas/EmbeddedVulnerabilityVulnerabilityType' title: 'TODO: Remove when migration is in place' storageEmbeddedVulnerabilityScoreVersion: type: string enum: - V2 - V3 default: V2 storageImage: type: object properties: id: type: string name: $ref: '#/components/schemas/storageImageName' metadata: $ref: '#/components/schemas/storageImageMetadata' scan: $ref: '#/components/schemas/storageImageScan' components: type: integer format: int32 cves: type: integer format: int32 fixableCves: type: integer format: int32 lastUpdated: type: string format: date-time notPullable: type: boolean format: boolean priority: type: string format: int64 title: 'Next Tag: 12' storageImageLayer: type: object properties: instruction: type: string value: type: string created: type: string format: date-time author: type: string DEPRECATEDComponents: type: array items: $ref: '#/components/schemas/storageEmbeddedImageScanComponent' empty: type: boolean format: boolean storageImageMetadata: type: object properties: v1: $ref: '#/components/schemas/storageV1Metadata' v2: $ref: '#/components/schemas/storageV2Metadata' layerShas: type: array items: type: string title: We never need both sets of layers so consolidate them. They will be ordered by oldest->newest storageImageScan: type: object properties: scanTime: type: string format: date-time components: type: array items: $ref: '#/components/schemas/storageEmbeddedImageScanComponent' storageLicense: type: object properties: name: type: string type: type: string url: type: string storageListImage: type: object properties: id: type: string name: type: string components: type: integer format: int32 cves: type: integer format: int32 fixableCves: type: integer format: int32 created: type: string format: date-time lastUpdated: type: string format: date-time priority: type: string format: int64 storageV1Metadata: type: object properties: digest: type: string created: type: string format: date-time author: type: string layers: type: array items: $ref: '#/components/schemas/storageImageLayer' user: type: string command: type: array items: type: string entrypoint: type: array items: type: string volumes: type: array items: type: string storageV2Metadata: type: object properties: digest: type: string v1CountImagesResponse: type: object properties: count: type: integer format: int32 v1DeleteImagesResponse: type: object properties: numDeleted: type: integer format: int64 dryRun: type: boolean format: boolean v1ListImagesResponse: type: object properties: images: type: array items: $ref: '#/components/schemas/storageListImage' v1ScanImageRequest: type: object properties: imageName: type: string force: type: boolean format: boolean LicenseContact: type: object properties: phone: type: string email: type: string url: type: string name: type: string LicenseRestrictions: type: object properties: notValidBefore: type: string format: date-time notValidAfter: type: string format: date-time enforcementUrl: type: string description: URL for on-line license enforcement. Must be set unless allow_offline is true. allowOffline: type: boolean format: boolean description: Allow offline use (i.e., no online license enforcement). maxNodes: type: integer format: int32 description: Maximum number of nodes. Must be set unless no_node_restriction is true. noNodeRestriction: type: boolean format: boolean description: Do not restrict the number of nodes. buildFlavors: type: array items: type: string description: 'Build flavors of the product this license is valid for (e.g., "development" or "release"). Must be set unless no_build_flavor_restriction is true.' noBuildFlavorRestriction: type: boolean format: boolean description: Do not restrict license to certain build flavors. deploymentEnvironments: type: array items: type: string description: 'Deployment environments that are valid for the product, such as `gcp` or `gcp/ultra-current-825`. Must be set unless no_deployment_environment_restriction is true.' noDeploymentEnvironmentRestriction: type: boolean format: boolean description: Do not restrict license to certain deployment environments. licenseLicense: type: object properties: metadata: $ref: '#/components/schemas/licenseLicenseMetadata' supportContact: $ref: '#/components/schemas/LicenseContact' restrictions: $ref: '#/components/schemas/LicenseRestrictions' licenseLicenseMetadata: type: object properties: id: type: string signingKeyId: type: string issueDate: type: string format: date-time licensedForId: type: string licensedForName: type: string v1AddLicenseRequest: type: object properties: licenseKey: type: string activate: type: boolean format: boolean description: Indicates whether the license represented by this key should be made the active license. v1AddLicenseResponse: type: object properties: license: $ref: '#/components/schemas/v1LicenseInfo' accepted: type: boolean format: boolean description: 'Indicates whether or not the license was accepted by the product. Only licenses which are either valid or not yet valid will be accepted. Note that we prefer this over a GRPC error, as it might be helpful to show the, e.g., contact information from the decoded blob.' v1GetActiveLicenseExpirationResponse: type: object properties: expirationTime: type: string format: date-time v1GetLicensesResponse: type: object properties: licenses: type: array items: $ref: '#/components/schemas/v1LicenseInfo' v1LicenseInfo: type: object properties: license: $ref: '#/components/schemas/licenseLicense' status: $ref: '#/components/schemas/v1LicenseInfoStatus' statusReason: type: string active: type: boolean format: boolean v1LicenseInfoStatus: type: string enum: - UNKNOWN - VALID - REVOKED - NOT_YET_VALID - EXPIRED - OTHER default: UNKNOWN MetadataLicenseStatus: type: string enum: - NONE - INVALID - EXPIRED - RESTARTING - VALID default: NONE v1Metadata: type: object properties: version: type: string buildFlavor: type: string releaseBuild: type: boolean format: boolean licenseStatus: $ref: '#/components/schemas/MetadataLicenseStatus' storageNamespaceMetadata: type: object properties: id: type: string name: type: string clusterId: type: string clusterName: type: string labels: type: object additionalProperties: type: string creationTime: type: string format: date-time priority: type: string format: int64 v1GetNamespacesResponse: type: object properties: namespaces: type: array items: $ref: '#/components/schemas/v1Namespace' v1Namespace: type: object properties: metadata: $ref: '#/components/schemas/storageNamespaceMetadata' numDeployments: type: integer format: int32 numSecrets: type: integer format: int32 numNetworkPolicies: type: integer format: int32 storageL4Protocol: type: string enum: - L4_PROTOCOL_UNKNOWN - L4_PROTOCOL_TCP - L4_PROTOCOL_UDP - L4_PROTOCOL_ICMP - L4_PROTOCOL_RAW default: L4_PROTOCOL_UNKNOWN storageNetworkEntityInfo: type: object properties: type: $ref: '#/components/schemas/storageNetworkEntityInfoType' id: type: string deployment: $ref: '#/components/schemas/storageNetworkEntityInfoDeployment' storageNetworkEntityInfoDeployment: type: object properties: name: type: string namespace: type: string cluster: type: string storageNetworkEntityInfoType: type: string enum: - UNKNOWN_TYPE - DEPLOYMENT - INTERNET default: UNKNOWN_TYPE v1NetworkEdgeProperties: type: object properties: port: type: integer format: int64 protocol: $ref: '#/components/schemas/storageL4Protocol' lastActiveTimestamp: type: string format: date-time v1NetworkEdgePropertiesBundle: type: object properties: properties: type: array items: $ref: '#/components/schemas/v1NetworkEdgeProperties' v1NetworkGraph: type: object properties: epoch: type: integer format: int64 nodes: type: array items: $ref: '#/components/schemas/v1NetworkNode' v1NetworkNode: type: object properties: entity: $ref: '#/components/schemas/storageNetworkEntityInfo' internetAccess: type: boolean format: boolean policyIds: type: array items: type: string nonIsolatedIngress: type: boolean format: boolean nonIsolatedEgress: type: boolean format: boolean outEdges: type: object additionalProperties: $ref: '#/components/schemas/v1NetworkEdgePropertiesBundle' GenerateNetworkPoliciesRequestDeleteExistingPoliciesMode: type: string enum: - UNKNOWN - NONE - GENERATED_ONLY - ALL default: UNKNOWN storageIPBlock: type: object properties: cidr: type: string except: type: array items: type: string storageNetworkPolicy: type: object properties: id: type: string name: type: string clusterId: type: string clusterName: type: string namespace: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string spec: $ref: '#/components/schemas/storageNetworkPolicySpec' yaml: type: string apiVersion: type: string created: type: string format: date-time storageNetworkPolicyApplicationUndoRecord: type: object properties: user: type: string applyTimestamp: type: string format: date-time originalModification: $ref: '#/components/schemas/storageNetworkPolicyModification' undoModification: $ref: '#/components/schemas/storageNetworkPolicyModification' storageNetworkPolicyEgressRule: type: object properties: ports: type: array items: $ref: '#/components/schemas/storageNetworkPolicyPort' to: type: array items: $ref: '#/components/schemas/storageNetworkPolicyPeer' storageNetworkPolicyIngressRule: type: object properties: ports: type: array items: $ref: '#/components/schemas/storageNetworkPolicyPort' from: type: array items: $ref: '#/components/schemas/storageNetworkPolicyPeer' storageNetworkPolicyModification: type: object properties: applyYaml: type: string toDelete: type: array items: $ref: '#/components/schemas/storageNetworkPolicyReference' title: 'Next available tag: 3' storageNetworkPolicyPeer: type: object properties: podSelector: $ref: '#/components/schemas/storageLabelSelector' namespaceSelector: $ref: '#/components/schemas/storageLabelSelector' ipBlock: $ref: '#/components/schemas/storageIPBlock' storageNetworkPolicyPort: type: object properties: protocol: $ref: '#/components/schemas/storageProtocol' port: type: integer format: int32 storageNetworkPolicyReference: type: object properties: namespace: type: string name: type: string title: 'Next available tag: 3' storageNetworkPolicySpec: type: object properties: podSelector: $ref: '#/components/schemas/storageLabelSelector' ingress: type: array items: $ref: '#/components/schemas/storageNetworkPolicyIngressRule' egress: type: array items: $ref: '#/components/schemas/storageNetworkPolicyEgressRule' policyTypes: type: array items: $ref: '#/components/schemas/storageNetworkPolicyType' storageNetworkPolicyType: type: string enum: - UNSET_NETWORK_POLICY_TYPE - INGRESS_NETWORK_POLICY_TYPE - EGRESS_NETWORK_POLICY_TYPE default: UNSET_NETWORK_POLICY_TYPE storageProtocol: type: string enum: - UNSET_PROTOCOL - TCP_PROTOCOL - UDP_PROTOCOL default: UNSET_PROTOCOL v1GenerateNetworkPoliciesResponse: type: object properties: modification: $ref: '#/components/schemas/storageNetworkPolicyModification' title: 'Next available tag: 2' v1GetUndoModificationResponse: type: object properties: undoRecord: $ref: '#/components/schemas/storageNetworkPolicyApplicationUndoRecord' v1NetworkGraphDiff: type: object properties: nodeDiffs: type: object additionalProperties: $ref: '#/components/schemas/v1NetworkNodeDiff' v1NetworkGraphEpoch: type: object properties: epoch: type: integer format: int64 v1NetworkNodeDiff: type: object properties: policyIds: type: array items: type: string outEdges: type: object additionalProperties: $ref: '#/components/schemas/v1NetworkEdgePropertiesBundle' nonIsolatedIngress: type: boolean format: boolean nonIsolatedEgress: type: boolean format: boolean v1NetworkPoliciesResponse: type: object properties: networkPolicies: type: array items: $ref: '#/components/schemas/storageNetworkPolicy' v1NetworkPolicyInSimulation: type: object properties: policy: $ref: '#/components/schemas/storageNetworkPolicy' status: $ref: '#/components/schemas/v1NetworkPolicyInSimulationStatus' oldPolicy: $ref: '#/components/schemas/storageNetworkPolicy' v1NetworkPolicyInSimulationStatus: type: string enum: - INVALID - UNCHANGED - MODIFIED - ADDED - DELETED default: INVALID v1SimulateNetworkGraphResponse: type: object properties: simulatedGraph: $ref: '#/components/schemas/v1NetworkGraph' policies: type: array items: $ref: '#/components/schemas/v1NetworkPolicyInSimulation' added: $ref: '#/components/schemas/v1NetworkGraphDiff' removed: $ref: '#/components/schemas/v1NetworkGraphDiff' v1ListNodesResponse: type: object properties: nodes: type: array items: $ref: '#/components/schemas/storageNode' storageCSCC: type: object properties: serviceAccount: type: string sourceId: type: string storageEmail: type: object properties: server: type: string sender: type: string username: type: string password: type: string disableTLS: type: boolean format: boolean useSTARTTLS: type: boolean format: boolean from: type: string storageGeneric: type: object properties: endpoint: type: string skipTLSVerify: type: boolean format: boolean caCert: type: string username: type: string password: type: string headers: type: array items: $ref: '#/components/schemas/storageKeyValuePair' extraFields: type: array items: $ref: '#/components/schemas/storageKeyValuePair' auditLoggingEnabled: type: boolean format: boolean storageJira: type: object properties: url: type: string username: type: string password: type: string issueType: type: string storageKeyValuePair: type: object properties: key: type: string value: type: string storageNotifier: type: object properties: id: type: string name: type: string type: type: string uiEndpoint: type: string enabled: type: boolean format: boolean labelKey: type: string labelDefault: type: string jira: $ref: '#/components/schemas/storageJira' email: $ref: '#/components/schemas/storageEmail' cscc: $ref: '#/components/schemas/storageCSCC' splunk: $ref: '#/components/schemas/storageSplunk' pagerduty: $ref: '#/components/schemas/storagePagerDuty' generic: $ref: '#/components/schemas/storageGeneric' sumologic: $ref: '#/components/schemas/storageSumoLogic' storagePagerDuty: type: object properties: apiKey: type: string storageSplunk: type: object properties: httpToken: type: string httpEndpoint: type: string insecure: type: boolean format: boolean truncate: type: string format: int64 auditLoggingEnabled: type: boolean format: boolean storageSumoLogic: type: object properties: httpSourceAddress: type: string skipTLSVerify: type: boolean format: boolean v1GetNotifiersResponse: type: object properties: notifiers: type: array items: $ref: '#/components/schemas/storageNotifier' v1PongMessage: type: object properties: status: type: string DryRunResponseExcluded: type: object properties: deployment: type: string whitelist: $ref: '#/components/schemas/storageWhitelist' storageListPolicy: type: object properties: id: type: string name: type: string description: type: string severity: $ref: '#/components/schemas/storageSeverity' disabled: type: boolean format: boolean lifecycleStages: type: array items: $ref: '#/components/schemas/storageLifecycleStage' notifiers: type: array items: type: string lastUpdated: type: string format: date-time v1DryRunResponse: type: object properties: alerts: type: array items: $ref: '#/components/schemas/v1DryRunResponseAlert' excluded: type: array items: $ref: '#/components/schemas/DryRunResponseExcluded' v1DryRunResponseAlert: type: object properties: deployment: type: string violations: type: array items: type: string v1EnableDisablePolicyNotificationRequest: type: object properties: policyId: type: string notifierIds: type: array items: type: string disable: type: boolean format: boolean v1ListPoliciesResponse: type: object properties: policies: type: array items: $ref: '#/components/schemas/storageListPolicy' v1PatchPolicyRequest: type: object properties: id: type: string disabled: type: boolean format: boolean v1PolicyCategoriesResponse: type: object properties: categories: type: array items: type: string v1RenamePolicyCategoryRequest: type: object properties: oldCategory: type: string newCategory: type: string v1GetExistingProbesResponse: type: object properties: existingFiles: type: array items: $ref: '#/components/schemas/v1ProbeUploadManifestFile' v1ProbeUploadManifestFile: type: object properties: name: type: string size: type: string format: int64 crc32: type: integer format: int64 v1GetGroupedProcessesResponse: type: object properties: groups: type: array items: $ref: '#/components/schemas/v1ProcessNameGroup' v1GetGroupedProcessesWithContainerResponse: type: object properties: groups: type: array items: $ref: '#/components/schemas/v1ProcessNameAndContainerNameGroup' v1GetProcessesResponse: type: object properties: processes: type: array items: $ref: '#/components/schemas/storageProcessIndicator' v1ProcessGroup: type: object properties: args: type: string signals: type: array items: $ref: '#/components/schemas/storageProcessIndicator' v1ProcessNameAndContainerNameGroup: type: object properties: name: type: string containerName: type: string timesExecuted: type: integer format: int64 groups: type: array items: $ref: '#/components/schemas/v1ProcessGroup' suspicious: type: boolean format: boolean v1ProcessNameGroup: type: object properties: name: type: string timesExecuted: type: integer format: int64 groups: type: array items: $ref: '#/components/schemas/v1ProcessGroup' storageProcessWhitelist: type: object properties: id: type: string key: $ref: '#/components/schemas/storageProcessWhitelistKey' elements: type: array items: $ref: '#/components/schemas/storageWhitelistElement' elementGraveyard: type: array items: $ref: '#/components/schemas/storageWhitelistElement' created: type: string format: date-time userLockedTimestamp: type: string format: date-time stackRoxLockedTimestamp: type: string format: date-time lastUpdate: type: string format: date-time storageProcessWhitelistKey: type: object properties: deploymentId: type: string description: 'The idea is for the keys to be flexible. Only certain combinations of these will be supported.' containerName: type: string clusterId: type: string namespace: type: string storageWhitelistElement: type: object properties: element: $ref: '#/components/schemas/storageWhitelistItem' auto: type: boolean format: boolean storageWhitelistItem: type: object properties: processName: type: string v1LockProcessWhitelistsRequest: type: object properties: keys: type: array items: $ref: '#/components/schemas/storageProcessWhitelistKey' locked: type: boolean format: boolean v1ProcessWhitelistUpdateError: type: object properties: error: type: string key: $ref: '#/components/schemas/storageProcessWhitelistKey' v1UpdateProcessWhitelistsRequest: type: object properties: keys: type: array items: $ref: '#/components/schemas/storageProcessWhitelistKey' addElements: type: array items: $ref: '#/components/schemas/storageWhitelistItem' removeElements: type: array items: $ref: '#/components/schemas/storageWhitelistItem' v1UpdateProcessWhitelistsResponse: type: object properties: whitelists: type: array items: $ref: '#/components/schemas/storageProcessWhitelist' errors: type: array items: $ref: '#/components/schemas/v1ProcessWhitelistUpdateError' storageK8sRole: type: object properties: id: type: string name: type: string namespace: type: string clusterId: type: string clusterName: type: string clusterRole: type: boolean format: boolean labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string createdAt: type: string format: date-time rules: type: array items: $ref: '#/components/schemas/storagePolicyRule' title: 'Properties of an individual k8s Role or ClusterRole. ////////////////////////////////////////' storageK8sRoleBinding: type: object properties: id: type: string name: type: string namespace: type: string clusterId: type: string clusterName: type: string clusterRole: type: boolean format: boolean labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string createdAt: type: string format: date-time subjects: type: array items: $ref: '#/components/schemas/storageSubject' roleId: type: string title: 'Properties of an individual k8s RoleBinding or ClusterRoleBinding. ////////////////////////////////////////' storagePolicyRule: type: object properties: verbs: type: array items: type: string apiGroups: type: array items: type: string resources: type: array items: type: string nonResourceUrls: type: array items: type: string resourceNames: type: array items: type: string title: 'Properties of an individual rules that grant permissions to resources. ////////////////////////////////////////' storageSubject: type: object properties: kind: $ref: '#/components/schemas/storageSubjectKind' name: type: string namespace: type: string title: 'Properties of an individual subjects who are granted roles via role bindings. ////////////////////////////////////////' storageSubjectKind: type: string enum: - UNSET_KIND - SERVICE_ACCOUNT - USER - GROUP default: UNSET_KIND v1GetRoleBindingResponse: type: object properties: binding: $ref: '#/components/schemas/storageK8sRoleBinding' v1GetRoleResponse: type: object properties: role: $ref: '#/components/schemas/storageK8sRole' v1GetSubjectResponse: type: object properties: subject: $ref: '#/components/schemas/storageSubject' clusterRoles: type: array items: $ref: '#/components/schemas/storageK8sRole' scopedRoles: type: array items: $ref: '#/components/schemas/v1ScopedRoles' v1ListRoleBindingsResponse: type: object properties: bindings: type: array items: $ref: '#/components/schemas/storageK8sRoleBinding' title: 'A list of k8s role bindings (free of scoped information) Next Tag: 2' v1ListRolesResponse: type: object properties: roles: type: array items: $ref: '#/components/schemas/storageK8sRole' title: 'A list of k8s roles (free of scoped information) Next Tag: 2' v1ListSubjectsResponse: type: object properties: subjectAndRoles: type: array items: $ref: '#/components/schemas/v1SubjectAndRoles' title: 'A list of k8s subjects (users and groups only, for service accounts, try the service account service) Next Tag: 2' v1ScopedRoles: type: object properties: namespace: type: string roles: type: array items: $ref: '#/components/schemas/storageK8sRole' v1SubjectAndRoles: type: object properties: subject: $ref: '#/components/schemas/storageSubject' roles: type: array items: $ref: '#/components/schemas/storageK8sRole' storageAccess: type: string enum: - NO_ACCESS - READ_ACCESS - READ_WRITE_ACCESS default: NO_ACCESS storageRole: type: object properties: name: type: string globalAccess: $ref: '#/components/schemas/storageAccess' resourceToAccess: type: object additionalProperties: $ref: '#/components/schemas/storageAccess' v1GetResourcesResponse: type: object properties: resources: type: array items: type: string v1GetRolesResponse: type: object properties: roles: type: array items: $ref: '#/components/schemas/storageRole' storageAuthzPluginConfig: type: object properties: id: type: string name: type: string enabled: type: boolean format: boolean endpointConfig: $ref: '#/components/schemas/storageHTTPEndpointConfig' storageHTTPEndpointConfig: type: object properties: endpoint: type: string skipTlsVerify: type: boolean format: boolean caCert: type: string username: type: string password: type: string headers: type: array items: $ref: '#/components/schemas/storageKeyValuePair' clientCertPem: type: string clientKeyPem: type: string v1GetAuthzPluginConfigsResponse: type: object properties: configs: type: array items: $ref: '#/components/schemas/storageAuthzPluginConfig' SearchResponseCount: type: object properties: category: $ref: '#/components/schemas/v1SearchCategory' count: type: string format: int64 SearchResultMatches: type: object properties: values: type: array items: type: string v1AutocompleteResponse: type: object properties: values: type: array items: type: string v1SearchCategory: type: string enum: - SEARCH_UNSET - ALERTS - IMAGES - POLICIES - DEPLOYMENTS - SECRETS - PROCESS_INDICATORS - COMPLIANCE - CLUSTERS - NAMESPACES - NODES - COMPLIANCE_STANDARD - COMPLIANCE_CONTROL_GROUP - COMPLIANCE_CONTROL - SERVICE_ACCOUNTS - ROLES - ROLEBINDINGS - PROCESS_WHITELISTS - SUBJECTS - RISKS - IMAGE_COMPONENTS - VULNERABILITIES default: SEARCH_UNSET v1SearchOptionsResponse: type: object properties: options: type: array items: type: string v1SearchResponse: type: object properties: results: type: array items: $ref: '#/components/schemas/v1SearchResult' counts: type: array items: $ref: '#/components/schemas/SearchResponseCount' v1SearchResult: type: object properties: id: type: string name: type: string category: $ref: '#/components/schemas/v1SearchCategory' fieldToMatches: type: object additionalProperties: $ref: '#/components/schemas/SearchResultMatches' score: type: number format: double location: type: string ImagePullSecretRegistry: type: object properties: name: type: string username: type: string storageCert: type: object properties: subject: $ref: '#/components/schemas/storageCertName' issuer: $ref: '#/components/schemas/storageCertName' sans: type: array items: type: string startDate: type: string format: date-time endDate: type: string format: date-time algorithm: type: string storageCertName: type: object properties: commonName: type: string country: type: string organization: type: string organizationUnit: type: string locality: type: string province: type: string streetAddress: type: string postalCode: type: string names: type: array items: type: string storageImagePullSecret: type: object properties: registries: type: array items: $ref: '#/components/schemas/ImagePullSecretRegistry' storageListSecret: type: object properties: id: type: string name: type: string clusterName: type: string namespace: type: string types: type: array items: $ref: '#/components/schemas/storageSecretType' createdAt: type: string format: date-time storageSecret: type: object properties: id: type: string name: type: string clusterId: type: string clusterName: type: string namespace: type: string type: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string createdAt: type: string format: date-time files: type: array items: $ref: '#/components/schemas/storageSecretDataFile' relationship: $ref: '#/components/schemas/storageSecretRelationship' title: 'Flat secret object. Any properties of an individual secret. (regardless of time, scope, or context) ////////////////////////////////////////' storageSecretContainerRelationship: type: object properties: id: type: string description: Id of the container the secret is mounted in. path: type: string description: Path is a container specific mounting directory. title: 'Secrets can be mounted in a path in a container. Next Tag: 3' storageSecretDataFile: type: object properties: name: type: string type: $ref: '#/components/schemas/storageSecretType' cert: $ref: '#/components/schemas/storageCert' imagePullSecret: $ref: '#/components/schemas/storageImagePullSecret' storageSecretDeploymentRelationship: type: object properties: id: type: string description: Id of the deployment using the secret within a container. name: type: string description: Name of the deployment. title: 'Secrets can be used by a deployment. Next Tag: 3' storageSecretRelationship: type: object properties: id: type: string title: Secret id containerRelationships: type: array items: $ref: '#/components/schemas/storageSecretContainerRelationship' title: Container id to relationship.s deploymentRelationships: type: array items: $ref: '#/components/schemas/storageSecretDeploymentRelationship' description: Deployment id to relationship. title: 'The combined relationships that belong to the secret. Next Tag: 6' storageSecretType: type: string enum: - UNDETERMINED - PUBLIC_CERTIFICATE - CERTIFICATE_REQUEST - PRIVACY_ENHANCED_MESSAGE - OPENSSH_PRIVATE_KEY - PGP_PRIVATE_KEY - EC_PRIVATE_KEY - RSA_PRIVATE_KEY - DSA_PRIVATE_KEY - CERT_PRIVATE_KEY - ENCRYPTED_PRIVATE_KEY - IMAGE_PULL_SECRET default: UNDETERMINED v1CountSecretsResponse: type: object properties: count: type: integer format: int32 v1ListSecretsResponse: type: object properties: secrets: type: array items: $ref: '#/components/schemas/storageListSecret' title: 'A list of secrets with their relationships. Next Tag: 2' storageSensorUpgradeConfig: type: object properties: enableAutoUpgrade: type: boolean format: boolean description: Whether to automatically trigger upgrades for out-of-date sensors. description: SensorUpgradeConfig encapsulates configuration relevant to sensor auto-upgrades. v1GetSensorUpgradeConfigResponse: type: object properties: config: $ref: '#/components/schemas/storageSensorUpgradeConfig' v1UpdateSensorUpgradeConfigRequest: type: object properties: config: $ref: '#/components/schemas/storageSensorUpgradeConfig' storageServiceAccount: type: object properties: id: type: string name: type: string namespace: type: string clusterName: type: string clusterId: type: string labels: type: object additionalProperties: type: string annotations: type: object additionalProperties: type: string createdAt: type: string format: date-time automountToken: type: boolean format: boolean secrets: type: array items: type: string imagePullSecrets: type: array items: type: string title: 'Any properties of an individual service account. (regardless of time, scope, or context) ////////////////////////////////////////' v1GetServiceAccountResponse: type: object properties: saAndRole: $ref: '#/components/schemas/v1ServiceAccountAndRoles' title: 'One service account Next Tag: 2' v1ListServiceAccountResponse: type: object properties: saAndRoles: type: array items: $ref: '#/components/schemas/v1ServiceAccountAndRoles' title: 'A list of service accounts (free of scoped information) Next Tag: 2' v1SADeploymentRelationship: type: object properties: id: type: string title: Id of the deployment using the service account name: type: string description: Name of the deployment. title: 'Service accounts can be used by a deployment. Next Tag: 3' v1ServiceAccountAndRoles: type: object properties: serviceAccount: $ref: '#/components/schemas/storageServiceAccount' clusterRoles: type: array items: $ref: '#/components/schemas/storageK8sRole' scopedRoles: type: array items: $ref: '#/components/schemas/v1ScopedRoles' deploymentRelationships: type: array items: $ref: '#/components/schemas/v1SADeploymentRelationship' title: 'A service account and the roles that reference it Next Tag: 5' v1Authorities: type: object properties: authorities: type: array items: $ref: '#/components/schemas/v1Authority' v1Authority: type: object properties: certificatePem: type: string format: byte v1CreateServiceIdentityRequest: type: object properties: id: type: string type: $ref: '#/components/schemas/storageServiceType' v1CreateServiceIdentityResponse: type: object properties: identity: $ref: '#/components/schemas/storageServiceIdentity' certificatePem: type: string format: byte privateKeyPem: type: string format: byte v1ServiceIdentityResponse: type: object properties: identities: type: array items: $ref: '#/components/schemas/storageServiceIdentity' v1SummaryCountsResponse: type: object properties: numAlerts: type: string format: int64 numClusters: type: string format: int64 numDeployments: type: string format: int64 numImages: type: string format: int64 numSecrets: type: string format: int64 numNodes: type: string format: int64 storageUser: type: object properties: id: type: string authProviderId: type: string attributes: type: array items: $ref: '#/components/schemas/storageUserAttribute' description: User is an object that allows us to track the roles a user is tied to, and how they logged in. storageUserAttribute: type: object properties: key: type: string value: type: string v1GetUsersAttributesResponse: type: object properties: usersAttributes: type: array items: $ref: '#/components/schemas/v1UserAttributeTuple' title: 'Next Tag: 2' v1GetUsersResponse: type: object properties: users: type: array items: $ref: '#/components/schemas/storageUser' title: 'Next Tag: 2' v1UserAttributeTuple: type: object properties: authProviderId: type: string key: type: string value: type: string title: 'UserAttributeTuple descript the auth:key:value tuple that decides group membership. Next Tag: 4' securitySchemes: ApiToken: type: apiKey in: header name: Authorization description: 'StackRox API token. Format: Bearer {token}' security: - ApiToken: []