Policy Definitions
Contents
Policy Definitions
Policy definitions represent definitions which specify a set of different rules with a format and syntax specific to a cloud provider that can be added to the cloud provider to enforce said rules as a tool to manage resources from a compliance perspective.
List Policy definitions
GET /v3/policy/definitions
This action returns information about all the policy definitions a user can see through his scope (own, builtin, and definitions applied by an admin customer of its reseller in his cloud account).
Inputs
None
Returns
An array of policy definitions, ordered from less to most recent, with the following fields:
Field | Type | Description | Deprecation notices | Notes |
---|---|---|---|---|
id | String | Identifier of the policy definition. | ||
name | String | Logical name of the policy definition. | ||
description | String | Description of the policy definition. | ||
parameters | Object | An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition. | ||
builtin | Boolean | Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it. | ||
state | String | State of the definition. It can be any of the following: created, decommissioning. | Available from version 9.3 onwards. | |
brownfield | Boolean | Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false). | Available from version 9.3 onwards. | |
syntax | String | Syntax of the policy. Expected values are either "AWS" or "Azure". | Available from version 10.3 onwards. | |
label_ids | String | List of ids corresponding to the labels the policy definition has assigned. | ||
resource_type | String | An identifier for the type of resource, specifically "policy_definition". |
Show policy definition
GET /v3/policy/definitions/:id
This action returns information about the policy definition identified by the given id.
Inputs
None
Returns
Field | Type | Description | Deprecation notices | Notes |
---|---|---|---|---|
id | String | Identifier of the policy definition. | ||
name | String | Logical name of the policy definition. | ||
description | String | Description of the policy definition. | ||
definition | String | Definition of the rules a definition declares to be assigned. | ||
parameters | Object | An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition. | ||
builtin | Boolean | Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it. | ||
state | String | State of the definition. It can be any of the following: created, decommissioning. | Available from version 9.3 onwards. | |
brownfield | Boolean | Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false). | Available from version 9.3 onwards. | |
syntax | String | Syntax of the policy. Expected values are either "AWS" or "Azure". | Available from version 10.3 onwards. | |
label_ids | String | List of ids corresponding to the labels the policy definition has assigned. | ||
resource_type | String | An identifier for the type of resource, specifically "policy_definition". |
Create policy definition
POST /v3/policy/definitions/
This action creates a new policy definition.
Inputs
Field | Type | Description | Required |
---|---|---|---|
name | String | Logical name of the policy definition. | Yes |
description | String | Description of the policy definition. | Yes |
definition | String | Definition of the rules a definition declares to be assigned. | Yes |
syntax | String | Syntax of the policy. Expected values are either "AWS" or "Azure". Available from version 10.3 onwards. | Yes |
Returns
Field | Type | Description | Deprecation notices | Notes |
---|---|---|---|---|
id | String | Identifier of the policy definition. | ||
name | String | Logical name of the policy definition. | ||
description | String | Description of the policy definition. | ||
definition | String | Definition of the resources a definition declares to be assigned. | ||
parameters | Object | An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition. | ||
builtin | Boolean | Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it. | ||
state | String | State of the definition. It can be any of the following: created, decommissioning. | Available from version 9.3 onwards. | |
brownfield | Boolean | Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false). | Available from version 9.3 onwards. | |
syntax | String | Syntax of the policy. Expected values are either "AWS" or "Azure". | Available from version 10.3 onwards. | |
label_ids | String | List of ids corresponding to the labels the policy definition has assigned. | ||
resource_type | String | An identifier for the type of resource, specifically "policy_definition". |
Update policy definition
PUT /v3/policy/definitions/:id
This action modifies the policy definition with the given parameters.
Inputs
Field | Type | Description | Required |
---|---|---|---|
name | String | Logical name of the policy definition. | No |
description | String | Description of the policy assignment | No |
Returns
Field | Type | Description | Deprecation notices | Notes |
---|---|---|---|---|
id | String | Identifier of the policy definition. | ||
name | String | Logical name of the policy definition. | ||
description | String | Description of the policy definition. | ||
definition | String | Definition of the rules a definition declares to be assigned. | ||
parameters | Object | An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition. | ||
builtin | Boolean | Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it. | ||
state | String | State of the definition. It can be any of the following: created, decommissioning. | Available from version 9.3 onwards. | |
brownfield | Boolean | Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false). | Available from version 9.3 onwards. | |
syntax | String | Syntax of the policy. Expected values are either "AWS" or "Azure". | Available from version 10.3 onwards. | |
label_ids | String | List of ids corresponding to the labels the policy definition has assigned. | ||
resource_type | String | An identifier for the type of resource, specifically "policy_definition". |
Delete policy definition
DELETE /v3/policy/definitions/:id
This action deletes the policy definition with the given id. The policy definition must be not in use to be able to be destroyed.
Inputs
None
Returns
Field | Type | Description | Deprecation notices | Notes |
---|---|---|---|---|
id | String | Identifier of the policy definition. | ||
name | String | Logical name of the policy definition. | ||
description | String | Description of the policy definition. | ||
definition | String | Definition of the rules a definition declares to be assigned. | ||
parameters | Object | An object defining the parameters the definition will use to set values to it. Each element has a definition of the parameter with certain information to describe the parameter. This is generated from the definition of the definition. | ||
builtin | Boolean | Flag indicating if the policy definition is builtin, so it is already specified in the cloud provider, for all users to use it. | ||
state | String | State of the definition. It can be any of the following: created, decommissioning. | Available from version 9.3 onwards. | |
brownfield | Boolean | Flag indicating if the policy definition was imported from a cloud account (true) or created using IMCO (false). | Available from version 9.3 onwards. | |
syntax | String | Syntax of the policy. Expected values are either "AWS" or "Azure". | Available from version 10.3 onwards. | |
label_ids | String | List of ids corresponding to the labels the policy definition has assigned. | ||
resource_type | String | An identifier for the type of resource, specifically "policy_definition". |
List policy assignments of a policy definition
GET /v3/policy/definitions/:definition_id/assignments
This action returns the policy assignments that use the policy definition identified by the given definition_id.
Inputs
None
Returns
An array of policy assignments, with the following fields:
Field | Type | Description | Deprecation notices | Notes |
---|---|---|---|---|
id | String | Identifier of the policy assignment. | ||
name | String | Logical name of the policy assignment. | ||
description | String | Description of the policy definition. | ||
definition_id | String | Identifier of the policy definition which the policy assignment belongs. | ||
remote_id | String | Identifier of the assignment on the cloud provider. | ||
state | String | State of the assignment. It can be one of these values: start, applying, applied, decommissioning, application_error, decommission_error, end. | ||
cloud_account_id | String | Identifier of the cloud account where the assignment belongs. | ||
reseller_applied | Boolean | Flag indicating if the assignment was assigned by the admin customer of the reseller of the customer of the user (true) or by the customer (false) | ||
brownfield | Boolean | Flag indicating if the assignment has been imported from a cloud account (true) or created using IMCO (false). | Available from version 9.3 onwards. | |
label_ids | String | List of ids corresponding to the labels the policy assignment has assigned. | ||
desired_remote_id | String | Identifier that the user wants to have as Identifier of the resource on the cloud. | Available from version 10.3 onwards. | |
resource_type | String | An identifier for the type of resource, specifically "policy_assignment". |