Policy Definitions

Contents

Policy Definitions

Policy definitions represent definitions which specify a set of different rules with a format and syntax specific to a cloud provider that can be added to the cloud provider to enforce said rules as a tool to manage resources from a compliance perspective.

List Policy definitions

GET /v3/policy/definitions

This action returns information about all the policy definitions a user can see through his scope (own, builtin, and definitions applied by an admin customer of its reseller in his cloud account).

Inputs

None

Returns

An array of policy definitions, ordered from less to most recent, with the following fields:

Field Type Description Deprecation notices Notes
id String Identifier of the policy definition.    
name String Logical name of the policy definition.    
description String Description of the policy definition.    
parameters Object An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition.    
builtin Boolean Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it.    
state String State of the definition. It can be any of the following: created, decommissioning.   Available from version 9.3 onwards.
brownfield Boolean Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false).   Available from version 9.3 onwards.
syntax String Syntax of the policy. Expected values are either "AWS" or "Azure".   Available from version 10.3 onwards.
label_ids String List of ids corresponding to the labels the policy definition has assigned.    
resource_type String An identifier for the type of resource, specifically "policy_definition".    

Back to top

Show policy definition

GET /v3/policy/definitions/:id

This action returns information about the policy definition identified by the given id.

Inputs

None

Returns

Field Type Description Deprecation notices Notes
id String Identifier of the policy definition.    
name String Logical name of the policy definition.    
description String Description of the policy definition.    
definition String Definition of the rules a definition declares to be assigned.    
parameters Object An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition.    
builtin Boolean Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it.    
state String State of the definition. It can be any of the following: created, decommissioning.   Available from version 9.3 onwards.
brownfield Boolean Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false).   Available from version 9.3 onwards.
syntax String Syntax of the policy. Expected values are either "AWS" or "Azure".   Available from version 10.3 onwards.
label_ids String List of ids corresponding to the labels the policy definition has assigned.    
resource_type String An identifier for the type of resource, specifically "policy_definition".    

Back to top

Create policy definition

POST /v3/policy/definitions/

This action creates a new policy definition.

Inputs

Field Type Description Required
name String Logical name of the policy definition. Yes           
description String Description of the policy definition. Yes
definition String Definition of the rules a definition declares to be assigned. Yes
syntax String Syntax of the policy. Expected values are either "AWS" or "Azure". Available from version 10.3 onwards. Yes

Returns

Field Type Description Deprecation notices Notes
id String Identifier of the policy definition.    
name String Logical name of the policy definition.    
description String Description of the policy definition.    
definition String Definition of the resources a definition declares to be assigned.    
parameters Object An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition.    
builtin Boolean Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it.    
state String State of the definition. It can be any of the following: created, decommissioning.   Available from version 9.3 onwards.
brownfield Boolean Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false).   Available from version 9.3 onwards.
syntax String Syntax of the policy. Expected values are either "AWS" or "Azure".   Available from version 10.3 onwards.
label_ids String List of ids corresponding to the labels the policy definition has assigned.    
resource_type String An identifier for the type of resource, specifically "policy_definition".    

Back to top

Update policy definition

PUT /v3/policy/definitions/:id

This action modifies the policy definition with the given parameters.

Inputs

Field Type Description Required
name String Logical name of the policy definition. No
description String Description of the policy assignment No

Returns

Field Type Description Deprecation notices Notes
id String Identifier of the policy definition.    
name String Logical name of the policy definition.    
description String Description of the policy definition.    
definition String Definition of the rules a definition declares to be assigned.    
parameters Object An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition.    
builtin Boolean Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it.    
state String State of the definition. It can be any of the following: created, decommissioning.   Available from version 9.3 onwards.
brownfield Boolean Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false).   Available from version 9.3 onwards.
syntax String Syntax of the policy. Expected values are either "AWS" or "Azure".   Available from version 10.3 onwards.
label_ids String List of ids corresponding to the labels the policy definition has assigned.    
resource_type String An identifier for the type of resource, specifically "policy_definition".    

Back to top

Delete policy definition

DELETE /v3/policy/definitions/:id

This action deletes the policy definition with the given id. The policy definition must be not in use to be able to be destroyed.

Inputs

None

Returns

Field Type Description Deprecation notices Notes
id String Identifier of the policy definition.    
name String Logical name of the policy definition.    
description String Description of the policy definition.    
definition String Definition of the rules a definition declares to be assigned.    
parameters Object An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition.    
builtin Boolean Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it.    
state String State of the definition. It can be any of the following: created, decommissioning.   Available from version 9.3 onwards.
brownfield Boolean Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false).   Available from version 9.3 onwards.
syntax String Syntax of the policy. Expected values are either "AWS" or "Azure".   Available from version 10.3 onwards.
label_ids String List of ids corresponding to the labels the policy definition has assigned.    
resource_type String An identifier for the type of resource, specifically "policy_definition".    

Back to top

List policy assignments of a policy definition

GET /v3/policy/definitions/:definition_id/assignments

This action returns the policy assignments that use the policy definition identified by the given definition_id.

Inputs

None

Returns

An array of policy assignments, with the following fields:

Field Type Description Deprecation notices Notes
id String Identifier of the policy assignment.    
name String Logical name of the policy assignment.    
description String Description of the policy definition.    
definition_id String Identifier of the policy definition which the policy assignment belongs.    
remote_id String Identifier of the assignment on the cloud provider.    
state String State of the assignment. It can be one of these values: start, applying, applied, decommissioning, application_error, decommission_error, end.    
cloud_account_id String Identifier of the cloud account where the assignment belongs.    
reseller_applied Boolean Flag indicating if the assignment was assigned by the admin customer of the reseller of the customer of the user (true) or by the customer (false)    
brownfield Boolean Flag indicating if the assignment has been imported from a cloud account (true) or created using IMCO (false).   Available from version 9.3 onwards.
label_ids String List of ids corresponding to the labels the policy assignment has assigned.    
desired_remote_id String Identifier that the user wants to have as Identifier of the resource on the cloud.   Available from version 10.3 onwards.
resource_type String An identifier for the type of resource, specifically "policy_assignment".    

Back to top