minder/v1/minder.proto
Services
ArtifactService
EvalResultsService
HealthService
Simple Health Check Service
replies with OK
InviteService
OAuthService
PermissionsService
ProfileService
ProjectsService
RepositoryService
RuleTypeService
UserService
manage Users CRUD
Method Name | Request Type | Response Type | Description |
---|
CreateUser | CreateUserRequest | CreateUserResponse | |
DeleteUser | DeleteUserRequest | DeleteUserResponse | |
GetUser | GetUserRequest | GetUserResponse | |
ListInvitations | ListInvitationsRequest | ListInvitationsResponse | ListInvitations returns a list of invitations for the user based on the user's registered email address. Note that a user who receives an invitation code may still accept the invitation even if the code was directed to a different email address. This is because understanding the routing of email messages is beyond the scope of Minder. This API endpoint may be called without the logged-in user previously having called CreateUser . |
ResolveInvitation | ResolveInvitationRequest | ResolveInvitationResponse | ResolveInvitation allows a user to accept or decline an invitation to a project given the code for the invitation. A user may call ResolveInvitation to accept or decline an invitation even if they have not called CreateUser. If a user accepts an invitation via this call before calling CreateUser, a Minder user record will be created, but no additional projects will be created (unlike CreateUser, which will also create a default project). |
Messages
Artifact
ArtifactType
ArtifactType defines the artifact data evaluation.
ArtifactVersion
AssignRoleRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the role assignment is evaluated. |
role_assignment | RoleAssignment | | role_assignment is the role assignment to be created. |
AssignRoleResponse
Field | Type | Label | Description |
---|
role_assignment | RoleAssignment | | role_assignment is the role assignment that was created. |
invitation | Invitation | | invitation contains the details of the invitation for the assigned user to join the project if the user is not already a member. |
AuthorizationParams
Field | Type | Label | Description |
---|
authorization_url | string | | authorization_url is an external URL to use to authorize the provider. |
AutoRegistration
AutoRegistration is the configuration for auto-registering entities.
When nothing is set, it means that auto-registration is disabled. There is no difference between disabled
and undefined so for the "let's not auto-register anything" case we'd just let the repeated string empty
AutoRegistration.EntitiesEntry
BranchProtection
Field | Type | Label | Description |
---|
branch | string | | |
is_protected | bool | | Add other relevant fields |
Build
BuiltinType
BuiltinType defines the builtin data evaluation.
Field | Type | Label | Description |
---|
method | string | | |
CheckHealthRequest
CheckHealthResponse
Field | Type | Label | Description |
---|
status | string | | |
Context
Context defines the context in which a rule is evaluated.
this normally refers to a combination of the provider, organization and project.
Removing the 'optional' keyword from the following two fields below will break
buf compatibility checks.
Field | Type | Label | Description |
---|
provider | string | optional | name of the provider |
project | string | optional | ID of the project |
retired_organization | string | optional | |
ContextV2
ContextV2 defines the context in which a rule is evaluated.
Field | Type | Label | Description |
---|
project_id | string | | project is the project ID |
provider | string | | name of the provider. Set to empty string when not applicable. |
CreateEntityReconciliationTaskRequest
Field | Type | Label | Description |
---|
entity | EntityTypedId | | entity is the entity to be reconciled. |
context | Context | | context is the context in which the entity reconciliation task is created. |
CreateEntityReconciliationTaskResponse
CreateProfileRequest
Profile service
Field | Type | Label | Description |
---|
profile | Profile | | |
CreateProfileResponse
Field | Type | Label | Description |
---|
profile | Profile | | |
CreateProjectRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the project is created. |
name | string | | name is the name of the project to create. |
CreateProjectResponse
Field | Type | Label | Description |
---|
project | Project | | project is the project that was created. |
CreateProviderRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the provider is created. |
provider | Provider | | provider is the provider to be created. |
CreateProviderResponse
Field | Type | Label | Description |
---|
provider | Provider | | provider is the provider that was created. |
authorization | AuthorizationParams | | authorization provides additional authorization information needed to complete the initialization of the provider. |
CreateRuleTypeRequest
CreateRuleTypeRequest is the request to create a rule type.
Field | Type | Label | Description |
---|
rule_type | RuleType | | rule_type is the rule type to be created. |
CreateRuleTypeResponse
CreateRuleTypeResponse is the response to create a rule type.
Field | Type | Label | Description |
---|
rule_type | RuleType | | rule_type is the rule type that was created. |
CreateUserRequest
User service
CreateUserResponse
Cursor
Cursor message to be used in request messages. Its purpose is to
allow clients to specify the subset of records to retrieve by means
of index within a collection, along with the number of items to
retrieve.
Field | Type | Label | Description |
---|
cursor | string | | cursor is the index to start from within the collection being retrieved. It's an opaque payload specified and interpreted on an per-rpc basis. |
size | uint32 | | size is the number of items to retrieve from the collection. |
CursorPage
CursorPage message used in response messages. Its purpose is to
send to clients links pointing to next and/or previous collection
subsets with respect to the one containing this struct.
Field | Type | Label | Description |
---|
total_records | uint32 | | Total number of records matching the request. This is optional. |
next | Cursor | | Cursor pointing to retrieve results logically placed after the ones shipped with the message containing this struct. |
prev | Cursor | | Cursor pointing to retrieve results logically placed before the ones shipped with the message containing this struct. |
DeleteProfileRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the rule type is evaluated. |
id | string | | id is the id of the profile to delete |
DeleteProfileResponse
DeleteProjectRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the project is deleted. |
DeleteProjectResponse
Field | Type | Label | Description |
---|
project_id | string | | project_id is the id of the project that was deleted. |
DeleteProviderByIDRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the provider is deleted. Only the project is required in this context. |
id | string | | id is the id of the provider to delete |
DeleteProviderByIDResponse
Field | Type | Label | Description |
---|
id | string | | id is the id of the provider that was deleted |
DeleteProviderRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the provider is deleted. Both project and provider are required in this context. |
DeleteProviderResponse
Field | Type | Label | Description |
---|
name | string | | name is the name of the provider that was deleted |
DeleteRepositoryByIdRequest
DeleteRepositoryByIdResponse
Field | Type | Label | Description |
---|
repository_id | string | | |
DeleteRepositoryByNameRequest
DeleteRepositoryByNameResponse
Field | Type | Label | Description |
---|
name | string | | |
DeleteRuleTypeRequest
DeleteRuleTypeRequest is the request to delete a rule type.
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the rule type is evaluated. |
id | string | | id is the id of the rule type to be deleted. |
DeleteRuleTypeResponse
DeleteRuleTypeResponse is the response to delete a rule type.
DeleteUserRequest
DeleteUserResponse
DiffType
DiffType defines the diff data ingester.
Field | Type | Label | Description |
---|
ecosystems | DiffType.Ecosystem | repeated | ecosystems is the list of ecosystems to be used for the "dep" diff type. |
type | string | | type is the type of diff ingestor to use. The default is "dep" which will leverage the ecosystems array. |
DiffType.Ecosystem
Field | Type | Label | Description |
---|
name | string | | name is the name of the ecosystem. |
depfile | string | | depfile is the file that contains the dependencies for this ecosystem |
DockerHubProviderConfig
DockerHubProviderConfig contains the configuration for the DockerHub provider.
Namespace: is the namespace for the DockerHub provider.
Field | Type | Label | Description |
---|
namespace | string | optional | namespace is the namespace for the DockerHub provider. |
EntityAutoRegistrationConfig
Field | Type | Label | Description |
---|
enabled | bool | optional | |
EntityInstance
Field | Type | Label | Description |
---|
id | string | | id is the unique identifier of the entity. |
context | ContextV2 | | context is the context in which the entity is evaluated. |
name | string | | name is the name of the entity. |
type | Entity | | type is the type of the entity. DISCUSSION: If we're aiming for a BYO entity type, we should probably have this be a string, and have the user provide the type. |
properties | google.protobuf.Struct | | properties is a map of properties of the entity. |
EntityTypedId
EntiryTypeId is a message that carries an ID together with a type to uniquely identify an entity
such as (repo, 1), (artifact, 2), ...
Field | Type | Label | Description |
---|
type | Entity | | entity is the entity to get status for. Incompatible with all |
id | string | | id is the ID of the entity to get status for. Incompatible with all |
EvalResultAlert
EvalResultAlert holds the alert details for a given rule evaluation
Field | Type | Label | Description |
---|
status | string | | status is the status of the alert |
last_updated | google.protobuf.Timestamp | | last_updated is the last time the alert was performed or attempted |
details | string | | details is the description of the alert attempt if any |
url | string | | url is the URL to the alert |
EvaluationHistory
EvaluationHistoryAlert
Field | Type | Label | Description |
---|
status | string | | status is one of (on, off, error, skipped, not available) not using enums to mirror the behaviour of the existing API contracts. |
details | string | | details contains optional details about the alert. the structure and contents are alert specific, and are subject to change. |
EvaluationHistoryEntity
Field | Type | Label | Description |
---|
id | string | | id is the unique identifier of the entity. |
type | Entity | | type is the entity type. |
name | string | | name is the entity name. |
EvaluationHistoryRemediation
Field | Type | Label | Description |
---|
status | string | | status is one of (success, error, failure, skipped, not available) not using enums to mirror the behaviour of the existing API contracts. |
details | string | | details contains optional details about the remediation. the structure and contents are remediation specific, and are subject to change. |
EvaluationHistoryRule
Field | Type | Label | Description |
---|
name | string | | name is the name of the rule instance. |
rule_type | string | | type is the name of the rule type. |
profile | string | | profile is the name of the profile which contains the rule. |
severity | Severity | | severity is the severity of the rule type. |
EvaluationHistoryStatus
Field | Type | Label | Description |
---|
status | string | | status is one of (success, error, failure, skipped) not using enums to mirror the behaviour of the existing API contracts. |
details | string | | details contains optional details about the evaluation. the structure and contents are rule type specific, and are subject to change. |
GHCRProviderConfig
GHCRProviderConfig contains the configuration for the GHCR provider.
Namespace: is the namespace for the GHCR provider.
Field | Type | Label | Description |
---|
namespace | string | optional | namespace is the namespace for the GHCR provider. |
GetArtifactByIdRequest
GetArtifactByIdResponse
GetArtifactByNameRequest
GetArtifactByNameResponse
GetAuthorizationURLRequest
GetAuthorizationURLResponse
GetEvaluationHistoryRequest
GetEvaluationHistoryRequest represents a request for the GetEvaluationHistory endpoint
GetEvaluationHistoryResponse
GetEvaluationHistoryResponse represents a response message for the
GetEvaluationHistory RPC.
GetInviteDetailsRequest
Field | Type | Label | Description |
---|
code | string | | Invite nonce/code to retrieve details for |
GetInviteDetailsResponse
Field | Type | Label | Description |
---|
project_display | string | | Project associated with the invite |
sponsor_display | string | | Sponsor of the invite |
expires_at | google.protobuf.Timestamp | | expires_at is the time at which the invitation expires. |
expired | bool | | expired is true if the invitation has expired |
GetProfileByIdRequest
get profile by id
Field | Type | Label | Description |
---|
context | Context | | context is the context which contains the profiles |
id | string | | id is the id of the profile to get |
GetProfileByIdResponse
Field | Type | Label | Description |
---|
profile | Profile | | |
GetProfileByNameRequest
get profile by name
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the rule type is evaluated. |
name | string | | name is the name of the profile to get |
GetProfileByNameResponse
Field | Type | Label | Description |
---|
profile | Profile | | |
GetProfileStatusByNameRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the rule type is evaluated. |
name | string | | name is the name of the profile to get |
entity | EntityTypedId | | |
all | bool | | |
rule | string | | Deprecated. rule is the type of the rule. Deprecated in favor of rule_type |
rule_type | string | | |
rule_name | string | | |
GetProfileStatusByNameResponse
Field | Type | Label | Description |
---|
profile_status | ProfileStatus | | profile_status is the status of the profile |
rule_evaluation_status | RuleEvaluationStatus | repeated | rule_evaluation_status is the status of the rules |
GetProfileStatusByProjectRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the rule type is evaluated. |
GetProfileStatusByProjectResponse
Field | Type | Label | Description |
---|
profile_status | ProfileStatus | repeated | profile_status is the status of the profile |
GetProviderRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the provider is evaluated. |
name | string | | name is the name of the provider to get. |
GetProviderResponse
Field | Type | Label | Description |
---|
provider | Provider | | provider is the provider that was retrieved. |
GetRepositoryByIdRequest
GetRepositoryByIdResponse
GetRepositoryByNameRequest
GetRepositoryByNameResponse
GetRuleTypeByIdRequest
GetRuleTypeByIdRequest is the request to get a rule type by id.
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the rule type is evaluated. |
id | string | | id is the id of the rule type. |
GetRuleTypeByIdResponse
GetRuleTypeByIdResponse is the response to get a rule type by id.
Field | Type | Label | Description |
---|
rule_type | RuleType | | rule_type is the rule type. |
GetRuleTypeByNameRequest
GetRuleTypeByNameRequest is the request to get a rule type by name.
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the rule type is evaluated. |
name | string | | name is the name of the rule type. |
GetRuleTypeByNameResponse
GetRuleTypeByNameResponse is the response to get a rule type by name.
Field | Type | Label | Description |
---|
rule_type | RuleType | | rule_type is the rule type. |
GetUnclaimedProvidersRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the set of providers are evaluated. |
GetUnclaimedProvidersResponse
Field | Type | Label | Description |
---|
providers | ProviderParameter | repeated | providers is a set of parameters which can be supplied to allow the user to assign existing unclaimed credentials to a new provider in the project via CreateProvider(). |
GetUserRequest
get user
GetUserResponse
Field | Type | Label | Description |
---|
user | UserRecord | optional | |
projects | Project | repeated | Deprecated. This will be deprecated in favor of the project_roles field |
project_roles | ProjectRole | repeated | |
GitHubAppParams
GitHubAppParams is the parameters for a GitHub App provider.
Field | Type | Label | Description |
---|
installation_id | int64 | | The GitHub installation ID for the app. On create, this is the only parameter used; the organization parameters are ignored. |
organization | string | | The GitHub organization slug where the app is installed. This is an output-only parameter, and is validated on input if set (i.e. the value must be either empty or match the org of the installation_id). |
organization_id | int64 | | The GitHub organization ID where the app is installed. This is an output-only parameter, and is validated on input if set (i.e. the value must be either empty or match the org of the installation_id). |
GitHubAppProviderConfig
GitHubAppProviderConfig contains the configuration for the GitHub App provider
Field | Type | Label | Description |
---|
endpoint | string | optional | Endpoint is the GitHub API endpoint. If using the public GitHub API, Endpoint can be left blank. |
GitHubProviderConfig
GitHubProviderConfig contains the configuration for the GitHub client
Endpoint: is the GitHub API endpoint
If using the public GitHub API, Endpoint can be left blank
disable revive linting for this struct as there is nothing wrong with the
naming convention
Field | Type | Label | Description |
---|
endpoint | string | optional | Endpoint is the GitHub API endpoint. If using the public GitHub API, Endpoint can be left blank. |
GitLabProviderConfig
GitLabProviderConfig contains the configuration for the GitLab provider.
Endpoint: is the GitLab API endpoint
If using the public GitLab API, Endpoint can be left blank
Field | Type | Label | Description |
---|
endpoint | string | | Endpoint is the GitLab API endpoint. If using the public GitLab API, Endpoint can be left blank. |
group | string | | group is the GitLab group to use for the provider |
GitType
GitType defines the git data ingester.
Field | Type | Label | Description |
---|
clone_url | string | | clone_url is the url of the git repository. |
branch | string | | branch is the branch of the git repository. |
Invitation
Field | Type | Label | Description |
---|
role | string | | role is the role that would be assigned if the user accepts the invitation. |
email | string | | email is the email address of the invited user. This is presented as a convenience for display purposes, and does not affect who can accept the invitation using the code. |
project | string | | project is the project to which the user is invited. |
code | string | | code is a unique identifier for the invitation, which can be used by the recipient to accept or reject the invitation. The code is only transmitted in response to AssignRole or ListInvitations RPCs, and not transmitted in ListRoleAssignments or other calls. |
created_at | google.protobuf.Timestamp | | created_at is the time at which the invitation was created. |
expires_at | google.protobuf.Timestamp | | expires_at is the time at which the invitation expires. |
expired | bool | | expired is true if the invitation has expired. |
sponsor | string | | sponsor is the account (ID) of the user who created the invitation. |
sponsor_display | string | | sponsor_display is the display name of the user who created the invitation. |
project_display | string | | project_display is the display name of the project to which the user is invited. |
invite_url | string | | inviteURL is the URL that can be used to accept the invitation. |
email_skipped | bool | | emailSkipped is true if the email was not sent to the invitee. |
ListArtifactsRequest
ListArtifactsResponse
Field | Type | Label | Description |
---|
results | Artifact | repeated | |
ListChildProjectsRequest
Field | Type | Label | Description |
---|
context | ContextV2 | | context is the context in which the child projects are listed. |
recursive | bool | | recursive is true if child projects should be listed recursively. |
ListChildProjectsResponse
Field | Type | Label | Description |
---|
projects | Project | repeated | |
ListEvaluationHistoryRequest
ListEvaluationHistoryRequest represents a request message for the
ListEvaluationHistory RPC.
Most of its fields are used for filtering, except for cursor
which is used for pagination.
Field | Type | Label | Description |
---|
context | Context | | |
entity_type | string | repeated | List of entity types to retrieve. |
entity_name | string | repeated | List of entity names to retrieve. |
profile_name | string | repeated | List of profile names to retrieve. |
status | string | repeated | List of evaluation statuses to retrieve. |
remediation | string | repeated | List of remediation statuses to retrieve. |
alert | string | repeated | List of alert statuses to retrieve. |
from | google.protobuf.Timestamp | | Timestamp representing the start time of the selection window. |
to | google.protobuf.Timestamp | | Timestamp representing the end time of the selection window. |
cursor | Cursor | | Cursor object to select the "page" of data to retrieve. |
ListEvaluationHistoryResponse
ListEvaluationHistoryResponse represents a response message for the
ListEvaluationHistory RPC.
It ships a collection of records retrieved and pointers to get to
the next and/or previous pages of data.
Field | Type | Label | Description |
---|
data | EvaluationHistory | repeated | List of records retrieved. |
page | CursorPage | | Metadata of the current page and pointers to next and/or previous pages. |
ListEvaluationResultsRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the evaluation results are evaluated. |
profile | string | | ID can contain either a profile name or an ID |
label_filter | string | | Filter profiles to only those matching the specified labels. |
The default is to return all user-created profiles; the string "*" can be used to select all profiles, including system profiles. This syntax may be expanded in the future. |
| entity | EntityTypedId | repeated | If set, only return evaluation results for the named entities. If empty, return evaluation results for all entities |
| rule_name | string | repeated | If set, only return evaluation results for the named rules. If empty, return evaluation results for all rules |
ListEvaluationResultsResponse
ListEvaluationResultsResponse.EntityEvaluationResults
ListEvaluationResultsResponse.EntityProfileEvaluationResults
Field | Type | Label | Description |
---|
profile_status | ProfileStatus | | profile_status is the status of the profile - id, name, status, last_updated |
results | RuleEvaluationStatus | repeated | Note that some fields like profile_id and entity might be empty Eventually we might replace this type with another one that fits the API better |
ListInvitationsRequest
ListInvitationsResponse
Field | Type | Label | Description |
---|
invitations | Invitation | repeated | |
ListProfilesRequest
list profiles
Field | Type | Label | Description |
---|
context | Context | | context is the context which contains the profiles |
label_filter | string | | Filter profiles to only those matching the specified labels. |
The default is to return all user-created profiles; the string "*" can be used to select all profiles, including system profiles. This syntax may be expanded in the future. |
ListProfilesResponse
Field | Type | Label | Description |
---|
profiles | Profile | repeated | |
ListProjectsRequest
ListProjectsResponse
Field | Type | Label | Description |
---|
projects | Project | repeated | |
ListProviderClassesRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the provider classes are evaluated. |
ListProviderClassesResponse
Field | Type | Label | Description |
---|
provider_classes | string | repeated | provider_classes is the list of provider classes. |
ListProvidersRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the providers are evaluated. |
limit | int32 | | limit is the maximum number of providers to return. |
cursor | string | | cursor is the cursor to use for the page of results, empty if at the beginning |
ListProvidersResponse
Field | Type | Label | Description |
---|
providers | Provider | repeated | |
cursor | string | | cursor is the cursor to use for the next page of results, empty if at the end |
ListRemoteRepositoriesFromProviderRequest
ListRemoteRepositoriesFromProviderResponse
ListRepositoriesRequest
ListRepositoriesResponse
Field | Type | Label | Description |
---|
results | Repository | repeated | |
cursor | string | | cursor is the cursor to use for the next page of results, empty if at the end |
ListRoleAssignmentsRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the role assignments are evaluated. |
ListRoleAssignmentsResponse
Field | Type | Label | Description |
---|
role_assignments | RoleAssignment | repeated | role_assignments contains permission grants which have been accepted by a user. |
invitations | Invitation | repeated | invitations contains outstanding role invitations which have not yet been accepted by a user. |
ListRolesRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the roles are evaluated. |
ListRolesResponse
Field | Type | Label | Description |
---|
roles | Role | repeated | |
ListRuleTypesRequest
ListRuleTypesRequest is the request to list rule types.
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the rule types are evaluated. |
ListRuleTypesResponse
ListRuleTypesResponse is the response to list rule types.
Field | Type | Label | Description |
---|
rule_types | RuleType | repeated | rule_types is the list of rule types. |
PatchProfileRequest
PatchProfileResponse
Field | Type | Label | Description |
---|
profile | Profile | | |
PatchProjectRequest
PatchProjectResponse
Field | Type | Label | Description |
---|
project | Project | | project is the project that was updated. |
PatchProviderRequest
PatchProviderResponse
Field | Type | Label | Description |
---|
provider | Provider | | |
PipelineRun
Profile
Profile defines a profile that is user defined.
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the profile is evaluated. |
id | string | optional | id is the id of the profile. This is optional and is set by the system. |
name | string | | name is the name of the profile instance. |
labels | string | repeated | labels are a set of system-provided attributes which can be used to filter profiles and status results. Labels cannot be set by the user, but are returned in ListProfiles. |
Labels use DNS label constraints, with a possible namespace prefix separated by a colon (:). They are intended to allow filtering, but not to store arbitrary metadata. DNS labels are 1-63 character alphanumeric strings with internal hyphens. An RE2-style validation regex would be:
DNS_STR = "a-zA-Z0-9?" ($DNS_STR:)?$DNS_STR |
| repository | Profile.Rule | repeated | These are the entities that one could set in the profile. |
| build_environment | Profile.Rule | repeated | |
| artifact | Profile.Rule | repeated | |
| pull_request | Profile.Rule | repeated | |
| release | Profile.Rule | repeated | |
| pipeline_run | Profile.Rule | repeated | |
| task_run | Profile.Rule | repeated | |
| build | Profile.Rule | repeated | |
| selection | Profile.Selector | repeated | |
| remediate | string | optional | whether and how to remediate (on,off,dry_run) this is optional and defaults to "off" |
| alert | string | optional | whether and how to alert (on,off,dry_run) this is optional and defaults to "on" |
| type | string | | type is a placeholder for the object type. It should always be set to "profile". |
| version | string | | version is the version of the profile type. In this case, it is "v1" |
| display_name | string | | display_name is the display name of the profile. |
Profile.Rule
Rule defines the individual call of a certain rule type.
Field | Type | Label | Description |
---|
type | string | | type is the type of the rule to be instantiated. |
params | google.protobuf.Struct | | params are the parameters that are passed to the rule. This is optional and depends on the rule type. |
def | google.protobuf.Struct | | def is the definition of the rule. This depends on the rule type. |
name | string | | name is the descriptive name of the rule, not to be confused with type |
Profile.Selector
Field | Type | Label | Description |
---|
id | string | | id is optional and use for updates to match upserts as well as read operations. It is ignored for creates. |
entity | string | | entity is the entity to select. |
selector | string | | expr is the expression to select the entity. |
description | string | | description is the human-readable description of the selector. |
ProfileStatus
get the overall profile status
Field | Type | Label | Description |
---|
profile_id | string | | profile_id is the id of the profile |
profile_name | string | | profile_name is the name of the profile |
profile_status | string | | profile_status is the status of the profile |
last_updated | google.protobuf.Timestamp | | last_updated is the last time the profile was updated |
profile_display_name | string | | profile_display_name is the display name of the profile |
Project
Project API Objects
ProjectPatch
Field | Type | Label | Description |
---|
display_name | string | optional | display_name is the display name of the project to update. |
description | string | optional | description is the description of the project to update. |
ProjectRole
ProjectRole has the project along with the role the user has in the project
Provider
Field | Type | Label | Description |
---|
name | string | | name is the name of the provider. |
class | string | | class is the name of the provider implementation, eg. 'github' or 'gh-app'. |
project | string | | project is the project where the provider is. This is ignored on input in favor of the context field in CreateProviderRequest. |
version | string | | version is the version of the provider. |
implements | ProviderType | repeated | implements is the list of interfaces that the provider implements. |
config | google.protobuf.Struct | | config is the configuration of the provider. |
auth_flows | AuthorizationFlow | repeated | auth_flows is the list of authorization flows that the provider supports. |
parameters | ProviderParameter | | parameters is the list of parameters that the provider requires. |
credentials_state | string | | credentials_state is the state of the credentials for the provider. This is an output-only field. It may be: "set", "unset", "not_applicable". |
ProviderConfig
ProviderConfig contains the generic configuration for a provider.
Field | Type | Label | Description |
---|
auto_registration | AutoRegistration | optional | auto_registration is the configuration for auto-registering entities. |
ProviderParameter
PullRequest
Field | Type | Label | Description |
---|
url | string | | The full URL to the PR |
commit_sha | string | | Commit SHA of the PR HEAD. Will be useful to submit a review |
number | int64 | | The sequential PR number (not the DB PK!) |
repo_owner | string | | The owner of the repo, will be used to submit a review |
repo_name | string | | The name of the repo, will be used to submit a review |
author_id | int64 | | The author of the PR, will be used to check if we can request changes |
action | string | | The action that triggered the webhook |
context | Context | | |
properties | google.protobuf.Struct | | properties is a map of properties of the entity. |
base_clone_url | string | | URL used to clone the base repository |
target_clone_url | string | | URL used to clone the target repository |
base_ref | string | | The base ref of the PR |
target_ref | string | | The target ref of the PR |
RESTProviderConfig
RESTProviderConfig contains the configuration for the REST provider.
Field | Type | Label | Description |
---|
base_url | string | optional | base_url is the base URL for the REST provider. |
ReconcileEntityRegistrationRequest
ReconcileEntityRegistrationResponse
RegisterRepoResult
RegisterRepoResult.Status
Field | Type | Label | Description |
---|
success | bool | | |
error | string | optional | |
RegisterRepositoryRequest
Field | Type | Label | Description |
---|
provider | string | | Deprecated. |
repository | UpstreamRepositoryRef | | |
context | Context | | |
entity | UpstreamEntityRef | | entity is the entity to register. This is the same as the repository field, but uses the new UpstreamEntityRef message. This is what we'll migrate to eventually. |
RegisterRepositoryResponse
RegistrableUpstreamEntityRef
Field | Type | Label | Description |
---|
entity | UpstreamEntityRef | | |
registered | bool | | True if the entity is already registered in Minder. |
Release
Stubs for the SDLC entities
RemoveRoleRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the role assignment is evaluated. |
role_assignment | RoleAssignment | | role_assignment is the role assignment to be removed. |
RemoveRoleResponse
Field | Type | Label | Description |
---|
role_assignment | RoleAssignment | | role_assignment is the role assignment that was removed. |
invitation | Invitation | | invitation contains the details of the invitation that was removed. |
Repository
ResolveInvitationRequest
Field | Type | Label | Description |
---|
code | string | | code is the code of the invitation to resolve. |
accept | bool | | accept is true if the invitation is accepted, false if it is rejected. |
ResolveInvitationResponse
Field | Type | Label | Description |
---|
role | string | | role is the role that would be assigned if the user accepts the invitation. |
email | string | | email is the email address of the invited user. |
project | string | | project is the project to which the user is invited. |
is_accepted | bool | | is_accepted is the status of the invitation. |
project_display | string | | project_display is the display name of the project to which the user is invited. |
RestType
RestType defines the rest data evaluation.
This is used to fetch data from a REST endpoint.
Field | Type | Label | Description |
---|
endpoint | string | | endpoint is the endpoint to fetch data from. This can be a URL or the path on the API.bool This is a required field and must be set. This is also evaluated via a template which allows us dynamically fill in the values. |
method | string | | method is the method to use to fetch data. |
headers | string | repeated | headers are the headers to be sent to the endpoint. |
body | string | optional | body is the body to be sent to the endpoint. |
parse | string | | parse is the parsing mechanism to be used to parse the data. |
fallback | RestType.Fallback | repeated | fallback provides a body that the ingester would return in case the REST call returns a non-200 status code. |
RestType.Fallback
Role
Field | Type | Label | Description |
---|
name | string | | name is the name of the role. |
display_name | string | | display name of the role |
description | string | | description is the description of the role. |
RoleAssignment
Field | Type | Label | Description |
---|
role | string | | role is the role that is assigned. |
subject | string | | subject is the subject to which the role is assigned. |
display_name | string | | display_name is the display name of the subject. |
project | string | optional | project is the project in which the role is assigned. |
email | string | | email is the email address of the subject used for invitations. |
first_name | string | | first_name is the first name of the subject. |
last_name | string | | last_name is the last name of the subject. |
RpcOptions
RuleEvaluationStatus
get the status of the rules for a given profile
Field | Type | Label | Description |
---|
profile_id | string | | profile_id is the id of the profile |
rule_id | string | | rule_id is the id of the rule |
rule_name | string | | Deprecated. rule_name is the type of the rule. Deprecated in favor of rule_type_name |
entity | string | | entity is the entity that was evaluated |
status | string | | status is the status of the evaluation |
last_updated | google.protobuf.Timestamp | | last_updated is the last time the profile was updated |
entity_info | RuleEvaluationStatus.EntityInfoEntry | repeated | entity_info is the information about the entity |
details | string | | details is the description of the evaluation if any |
guidance | string | | guidance is the guidance for the evaluation if any |
remediation_status | string | | remediation_status is the status of the remediation |
remediation_last_updated | google.protobuf.Timestamp | optional | remediation_last_updated is the last time the remediation was performed or attempted |
remediation_details | string | | remediation_details is the description of the remediation attempt if any |
rule_type_name | string | | rule_type_name is the name of the rule |
rule_description_name | string | | rule_description_name is the name to describe the rule |
alert | EvalResultAlert | | alert holds the alert details if the rule generated an alert in an external system |
severity | Severity | | severity is the severity of the rule |
rule_evaluation_id | string | | rule_evaluation_id is the id of the rule evaluation |
remediation_url | string | | remediation_url is a url to get more data about a remediation, for PRs is the link to the PR |
rule_display_name | string | | rule_display_name captures the display name of the rule |
release_phase | RuleTypeReleasePhase | | release_phase is the phase of the release |
RuleEvaluationStatus.EntityInfoEntry
RuleType
RuleType defines rules that may or may not be user defined.
The version is assumed from the folder's version.
Field | Type | Label | Description |
---|
version | string | | version is the version of the rule type API. |
type | string | | type is the type of the rule. |
id | string | optional | id is the id of the rule type. This is mostly optional and is set by the server. |
name | string | | name is the name of the rule type. |
display_name | string | | display_name is the display name of the rule type. |
short_failure_message | string | | short_failure_message is the message to display when the evaluation fails. |
context | Context | | context is the context in which the rule is evaluated. |
def | RuleType.Definition | | def is the definition of the rule type. |
description | string | | description is the description of the rule type. |
guidance | string | | guidance are instructions we give the user in case a rule fails. |
severity | Severity | | severity is the severity of the rule type. |
release_phase | RuleTypeReleasePhase | | release_phase is the release phase of the rule type, i.e. alpha, beta, ga, deprecated. |
RuleType.Definition
Definition defines the rule type. It encompases the schema and the data evaluation.
RuleType.Definition.Alert
RuleType.Definition.Alert.AlertTypeSA
Field | Type | Label | Description |
---|
severity | string | | |
RuleType.Definition.Eval
Eval defines the data evaluation definition.
This pertains to the way we traverse data from the upstream
endpoint and how we compare it to the rule.
RuleType.Definition.Eval.Homoglyphs
Field | Type | Label | Description |
---|
type | string | | |
RuleType.Definition.Eval.JQComparison
RuleType.Definition.Eval.JQComparison.Operator
Field | Type | Label | Description |
---|
def | string | | |
RuleType.Definition.Eval.Rego
Field | Type | Label | Description |
---|
type | string | | type is the type of evaluation engine to use for rego. We currently have two modes of operation: - deny-by-default: this is the default mode of operation where we deny access by default and allow access only if the profile explicitly allows it. It expects the profile to set an allow variable to true or false. - constraints: this is the mode of operation where we allow access by default and deny access only if a violation is found. It expects the profile to set a violations variable with a "msg" field. |
def | string | | def is the definition of the rego profile. |
violation_format | string | optional | how are violations reported. This is only used if the constraints type is selected. The default is text which returns human-readable text. The other option is json which returns a JSON array containing the violations. |
RuleType.Definition.Eval.Trusty
Field | Type | Label | Description |
---|
endpoint | string | | This is no longer used, but is still here for backwards compatibility with existing stored rules |
RuleType.Definition.Eval.Vulncheck
no configuration for now
RuleType.Definition.Ingest
Ingest defines how the data is ingested.
Field | Type | Label | Description |
---|
type | string | | type is the type of the data ingestion. we currently support rest, artifact and builtin. |
rest | RestType | optional | rest is the rest data ingestion. this is only used if the type is rest. |
builtin | BuiltinType | optional | builtin is the builtin data ingestion. |
artifact | ArtifactType | optional | artifact is the artifact data ingestion. |
git | GitType | optional | git is the git data ingestion. |
diff | DiffType | optional | diff is the diff data ingestion. |
Field | Type | Label | Description |
---|
patch | string | | |
the name stutters a bit but we already use a PullRequest message for handling PR entities
Field | Type | Label | Description |
---|
title | string | | the title of the PR |
body | string | | the body of the PR |
contents | RuleType.Definition.Remediate.PullRequestRemediation.Content | repeated | |
method | string | | the method to use to create the PR. For now, these are supported: -- minder.content - ensures that the content of the file is exactly as specified refer to the Content message for more details -- minder.actions.replace_tags_with_sha - finds any github actions within a workflow file and replaces the tag with the SHA -- minder.yq.evaluate - evaluates a yq expression on a file |
params | google.protobuf.Struct | | params are unstructured parameters passed to the method. These are optional and evaluated by the method. |
actions_replace_tags_with_sha | RuleType.Definition.Remediate.PullRequestRemediation.ActionsReplaceTagsWithSha | optional | If the method is minder.actions.replace_tags_with_sha, this is the configuration for that method |
Field | Type | Label | Description |
---|
exclude | string | repeated | List of actions to exclude from the replacement |
RuleType.Definition.Remediate.PullRequestRemediation.Content
Severity
Severity defines the severity of the rule.
Field | Type | Label | Description |
---|
value | Severity.Value | | value is the severity value. |
StoreProviderTokenRequest
StoreProviderTokenResponse
TaskRun
UpdateProfileRequest
Field | Type | Label | Description |
---|
profile | Profile | | |
UpdateProfileResponse
Field | Type | Label | Description |
---|
profile | Profile | | |
UpdateProjectRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the project is updated. |
display_name | string | | display_name is the display name of the project to update. |
description | string | | description is the description of the project to update. |
UpdateProjectResponse
Field | Type | Label | Description |
---|
project | Project | | project is the project that was updated. |
UpdateRoleRequest
Field | Type | Label | Description |
---|
context | Context | | context is the context in which the role assignment is evaluated. |
subject | string | | subject is the account to change permissions for. The account must already have permissions on the project |
roles | string | repeated | All subject roles are replaced with the following role assignments. Must be non-empty, use RemoveRole to remove permissions entirely from the project. |
email | string | | email is the email address of the subject used for updating invitations |
UpdateRoleResponse
Field | Type | Label | Description |
---|
role_assignments | RoleAssignment | repeated | role_assignments are the role assignments that were updated. |
invitations | Invitation | repeated | invitations contains the details of the invitations that were updated. |
UpdateRuleTypeRequest
UpdateRuleTypeRequest is the request to update a rule type.
Field | Type | Label | Description |
---|
rule_type | RuleType | | rule_type is the rule type to be updated. |
UpdateRuleTypeResponse
UpdateRuleTypeResponse is the response to update a rule type.
Field | Type | Label | Description |
---|
rule_type | RuleType | | rule_type is the rule type that was updated. |
UpstreamEntityRef
UpstreamEntityRef providers enough information for the
provider to identify the entity in the upstream system.
Field | Type | Label | Description |
---|
context | ContextV2 | | context is the context in which the entity is evaluated. Note that the context is included here since users of this message may return upstream references from multiple providers |
type | Entity | | type is the type of the entity. |
properties | google.protobuf.Struct | | properties is a map of properties of the entity. This will be used to identify the entity in the upstream system and will be a subset of the properties of the entity that will be stored in Minder. |
UpstreamRepositoryRef
Field | Type | Label | Description |
---|
owner | string | | |
name | string | | |
repo_id | int64 | | The upstream identity of the repository, as an integer. This is only set on output, and is ignored on input. |
context | Context | | |
registered | bool | | True if the repository is already registered in Minder. This is only set on output, and is ignored on input. |
UserRecord
user record to be returned
VerifyProviderCredentialRequest
VerifyProviderCredentialRequest contains the enrollment nonce (aka state) that was used when enrolling the provider
Field | Type | Label | Description |
---|
context | Context | | |
enrollment_nonce | string | | enrollment_nonce is the state parameter returned when enrolling the provider |
VerifyProviderCredentialResponse
VerifyProviderCredentialRequest responds with a boolean indicating if the provider has been created and the provider
name, if it has been created
Field | Type | Label | Description |
---|
created | bool | | |
provider_name | string | | |
VerifyProviderTokenFromRequest
VerifyProviderTokenFromResponse
Field | Type | Label | Description |
---|
status | string | | |
Extension | Type | Base | Number | Description |
---|
name | string | .google.protobuf.EnumValueOptions | 42445 | |
rpc_options | RpcOptions | .google.protobuf.MethodOptions | 51077 | |
AuthorizationFlow
Name | Number | Description |
---|
AUTHORIZATION_FLOW_UNSPECIFIED | 0 | |
AUTHORIZATION_FLOW_NONE | 1 | |
AUTHORIZATION_FLOW_USER_INPUT | 2 | |
AUTHORIZATION_FLOW_OAUTH2_AUTHORIZATION_CODE_FLOW | 3 | |
AUTHORIZATION_FLOW_GITHUB_APP_FLOW | 4 | |
CredentialsState
Name | Number | Description |
---|
CREDENTIALS_STATE_UNSPECIFIED | 0 | |
CREDENTIALS_STATE_SET | 1 | |
CREDENTIALS_STATE_UNSET | 2 | |
CREDENTIALS_STATE_NOT_APPLICABLE | 3 | |
Entity
Entity defines the entity that is supported by the provider.
Name | Number | Description |
---|
ENTITY_UNSPECIFIED | 0 | |
ENTITY_REPOSITORIES | 1 | |
ENTITY_BUILD_ENVIRONMENTS | 2 | |
ENTITY_ARTIFACTS | 3 | |
ENTITY_PULL_REQUESTS | 4 | |
ENTITY_RELEASE | 5 | |
ENTITY_PIPELINE_RUN | 6 | |
ENTITY_TASK_RUN | 7 | |
ENTITY_BUILD | 8 | |
ObjectOwner
Name | Number | Description |
---|
OBJECT_OWNER_UNSPECIFIED | 0 | |
OBJECT_OWNER_PROJECT | 2 | |
OBJECT_OWNER_USER | 3 | |
ProviderClass
Name | Number | Description |
---|
PROVIDER_CLASS_UNSPECIFIED | 0 | |
PROVIDER_CLASS_GITHUB | 1 | |
PROVIDER_CLASS_GITHUB_APP | 2 | |
PROVIDER_CLASS_GHCR | 3 | |
PROVIDER_CLASS_DOCKERHUB | 4 | |
ProviderType
ProviderTrait is the type of the provider.
Name | Number | Description |
---|
PROVIDER_TYPE_UNSPECIFIED | 0 | |
PROVIDER_TYPE_GITHUB | 1 | |
PROVIDER_TYPE_REST | 2 | |
PROVIDER_TYPE_GIT | 3 | |
PROVIDER_TYPE_OCI | 4 | |
PROVIDER_TYPE_REPO_LISTER | 5 | |
PROVIDER_TYPE_IMAGE_LISTER | 6 | |
Relation
Name | Number | Description |
---|
RELATION_UNSPECIFIED | 0 | |
RELATION_CREATE | 1 | |
RELATION_GET | 2 | |
RELATION_UPDATE | 3 | |
RELATION_DELETE | 4 | |
RELATION_ROLE_LIST | 5 | |
RELATION_ROLE_ASSIGNMENT_LIST | 6 | |
RELATION_ROLE_ASSIGNMENT_CREATE | 7 | |
RELATION_ROLE_ASSIGNMENT_REMOVE | 8 | |
RELATION_REPO_GET | 9 | |
RELATION_REPO_CREATE | 10 | |
RELATION_REPO_UPDATE | 11 | |
RELATION_REPO_DELETE | 12 | |
RELATION_ARTIFACT_GET | 13 | |
RELATION_ARTIFACT_CREATE | 14 | |
RELATION_ARTIFACT_UPDATE | 15 | |
RELATION_ARTIFACT_DELETE | 16 | |
RELATION_PR_GET | 17 | |
RELATION_PR_CREATE | 18 | |
RELATION_PR_UPDATE | 19 | |
RELATION_PR_DELETE | 20 | |
RELATION_PROVIDER_GET | 21 | |
RELATION_PROVIDER_CREATE | 22 | |
RELATION_PROVIDER_UPDATE | 23 | |
RELATION_PROVIDER_DELETE | 24 | |
RELATION_RULE_TYPE_GET | 25 | |
RELATION_RULE_TYPE_CREATE | 26 | |
RELATION_RULE_TYPE_UPDATE | 27 | |
RELATION_RULE_TYPE_DELETE | 28 | |
RELATION_PROFILE_GET | 29 | |
RELATION_PROFILE_CREATE | 30 | |
RELATION_PROFILE_UPDATE | 31 | |
RELATION_PROFILE_DELETE | 32 | |
RELATION_PROFILE_STATUS_GET | 33 | |
RELATION_REMOTE_REPO_GET | 34 | |
RELATION_ENTITY_RECONCILIATION_TASK_CREATE | 35 | |
RELATION_ENTITY_RECONCILE | 36 | |
RELATION_ROLE_ASSIGNMENT_UPDATE | 37 | |
RuleTypeReleasePhase
RuleTypeReleasePhase defines the release phase of the rule type.
Name | Number | Description |
---|
RULE_TYPE_RELEASE_PHASE_UNSPECIFIED | 0 | |
RULE_TYPE_RELEASE_PHASE_ALPHA | 1 | |
RULE_TYPE_RELEASE_PHASE_BETA | 2 | |
RULE_TYPE_RELEASE_PHASE_GA | 3 | |
RULE_TYPE_RELEASE_PHASE_DEPRECATED | 4 | |
Severity.Value
Value enumerates the severity values.
Name | Number | Description |
---|
VALUE_UNSPECIFIED | 0 | |
VALUE_UNKNOWN | 1 | unknown severity means that the severity is unknown or hasn't been set. |
VALUE_INFO | 2 | info severity means that the severity is informational and does not incur risk. |
VALUE_LOW | 3 | low severity means that the severity is low and does not incur significant risk. |
VALUE_MEDIUM | 4 | medium severity means that the severity is medium and may incur some risk. |
VALUE_HIGH | 5 | high severity means that the severity is high and may incur significant risk. |
VALUE_CRITICAL | 6 | critical severity means that the severity is critical and requires immediate attention. |
TargetResource
Name | Number | Description |
---|
TARGET_RESOURCE_UNSPECIFIED | 0 | |
TARGET_RESOURCE_NONE | 1 | |
TARGET_RESOURCE_USER | 2 | |
TARGET_RESOURCE_PROJECT | 3 | |
File-level Extensions
Extension | Type | Base | Number | Description |
---|
name | string | .google.protobuf.EnumValueOptions | 42445 | |
rpc_options | RpcOptions | .google.protobuf.MethodOptions | 51077 | |
Scalar Value Types
.proto Type | Notes | C++ | Java | Python | Go | C# | PHP | Ruby |
---|
double | | double | double | float | float64 | double | float | Float |
float | | float | float | float | float32 | float | float | Float |
int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long | int64 | long | integer/string | Bignum |
uint32 | Uses variable-length encoding. | uint32 | int | int/long | uint32 | uint | integer | Bignum or Fixnum (as required) |
uint64 | Uses variable-length encoding. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum or Fixnum (as required) |
sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long | int64 | long | integer/string | Bignum |
fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int | uint32 | uint | integer | Bignum or Fixnum (as required) |
fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum |
sfixed32 | Always four bytes. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
sfixed64 | Always eight bytes. | int64 | long | int/long | int64 | long | integer/string | Bignum |
bool | | bool | boolean | boolean | bool | bool | boolean | TrueClass/FalseClass |
string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode | string | string | string | String (UTF-8) |
bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str | []byte | ByteString | string | String (ASCII-8BIT) |