Alauda DevOps Connectors Docs

Connector [accesspolicies.alauda.io/v1alpha1]

Description
AccessPolicy defines the access strategy for Connectors in a namespace. It specifies which Connectors are covered and what permissions are granted, either automatically (defaultPermission) or after approval checks pass (checkGrantedPermission).
Type
object

Specification

PropertyTypeDescription
apiVersionstring

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kindstring

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadataObjectMeta

ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.

specobject

AccessPolicySpec defines the desired state of AccessPolicy.

statusobject

AccessPolicyStatus defines the observed state of AccessPolicy.

.spec

Description
AccessPolicySpec defines the desired state of AccessPolicy.
Type
object
PropertyTypeDescription
checkGrantedPermissionobject

CheckGrantedPermission defines permissions granted only after approval checks pass.

connectorobject

Connector specifies which Connectors this policy applies to. If empty, the policy applies to all Connectors in the namespace.

defaultPermissionobject

DefaultPermission defines the Role and RoleBinding automatically granted without any approval check.

.spec.checkGrantedPermission

Description
CheckGrantedPermission defines permissions granted only after approval checks pass.
Type
object
Required
spec
PropertyTypeDescription
specobject

Spec contains the check rules and the permissions to grant after all checks pass.

.spec.checkGrantedPermission.spec

Description
Spec contains the check rules and the permissions to grant after all checks pass.
Type
object
Required
checksroleTemplate
PropertyTypeDescription
checksarray

Checks is the list of approval check rules.

roleTemplateobject

RoleTemplate defines the rules for the generated Role.

.spec.checkGrantedPermission.spec.checks

Description
Checks is the list of approval check rules.
Type
array

.spec.checkGrantedPermission.spec.checks[]

Description
CheckRule defines a check rule that must pass for a permission to be granted. it contains either a reference to a CheckRuleSpec stored in a ConfigMap or the CheckRuleSpec itself. you can specify either Ref or Spec, but not both.
Type
object
Required
name
PropertyTypeDescription
namestring

Name is the identifier of this check rule, referenced in AccessRequest status.

refobject

Ref is a reference to a CheckRuleSpec stored in a ConfigMap.

specobject

Spec contains the check rule specification.

.spec.checkGrantedPermission.spec.checks[].ref

Description
Ref is a reference to a CheckRuleSpec stored in a ConfigMap.
Type
object
Required
configMap
PropertyTypeDescription
configMapobject

ConfigMap references the ConfigMap containing the CheckRuleSpec.

.spec.checkGrantedPermission.spec.checks[].ref.configMap

Description
ConfigMap references the ConfigMap containing the CheckRuleSpec.
Type
object
PropertyTypeDescription
namestring

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

.spec.checkGrantedPermission.spec.checks[].spec

Description
Spec contains the check rule specification.
Type
object
Required
selector
PropertyTypeDescription
selectorobject

Selector specifies how to find the Check Duck Type resource.

stateobject

State configures how the check result is computed. If empty, the default duck-type field status.state is used.

.spec.checkGrantedPermission.spec.checks[].spec.selector

Description
Selector specifies how to find the Check Duck Type resource.
Type
object
Required
objectRef
PropertyTypeDescription
matchExpressionsarray

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabelsobject

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

objectRefobject

ObjectRef specifies the reference to the object to check against. kind and apiVersion are required to distinguish different duck types

.spec.checkGrantedPermission.spec.checks[].spec.selector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

.spec.checkGrantedPermission.spec.checks[].spec.selector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
keyoperator
PropertyTypeDescription
keystring

key is the label key that the selector applies to.

operatorstring

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

valuesarray

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.checkGrantedPermission.spec.checks[].spec.selector.matchExpressions[].values

Description
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
Type
array

.spec.checkGrantedPermission.spec.checks[].spec.selector.matchExpressions[].values[]

Type
string

.spec.checkGrantedPermission.spec.checks[].spec.selector.matchLabels

Description
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
Type
object

.spec.checkGrantedPermission.spec.checks[].spec.selector.objectRef

Description
ObjectRef specifies the reference to the object to check against. kind and apiVersion are required to distinguish different duck types
Type
object
PropertyTypeDescription
apiVersionstring

API version of the referent.

fieldPathstring

If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.

kindstring

Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

namestring

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

namespacestring

Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

resourceVersionstring

Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency

uidstring

UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids

.spec.checkGrantedPermission.spec.checks[].spec.state

Description
State configures how the check result is computed. If empty, the default duck-type field status.state is used.
Type
object
PropertyTypeDescription
regostring

Rego is an OPA Rego script (package "approval") that receives the full check resource as input and must output status = {"state": "approved|rejected|pending|passed"}. If empty, the default duck-type field status.state is used.

.spec.checkGrantedPermission.spec.roleTemplate

Description
RoleTemplate defines the rules for the generated Role.
Type
object
PropertyTypeDescription
refobject

Ref specifies a reference to a RoleTemplate

.spec.checkGrantedPermission.spec.roleTemplate.ref

Description
Ref specifies a reference to a RoleTemplate
Type
object
PropertyTypeDescription
configMapobject

ConfigMap specifies a local reference to a ConfigMap whose data["rules"] contains the YAML-encoded list of rbacv1.PolicyRule entries. Only ConfigMaps in the connectors system namespace are supported.

.spec.checkGrantedPermission.spec.roleTemplate.ref.configMap

Description
ConfigMap specifies a local reference to a ConfigMap whose data["rules"] contains the YAML-encoded list of rbacv1.PolicyRule entries. Only ConfigMaps in the connectors system namespace are supported.
Type
object
PropertyTypeDescription
namestring

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

.spec.connector

Description
Connector specifies which Connectors this policy applies to. If empty, the policy applies to all Connectors in the namespace.
Type
object
PropertyTypeDescription
matchExpressionsarray

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabelsobject

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

namesarray

Names is an explicit list of resource names to match.

.spec.connector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

.spec.connector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
keyoperator
PropertyTypeDescription
keystring

key is the label key that the selector applies to.

operatorstring

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

valuesarray

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.connector.matchExpressions[].values

Description
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
Type
array

.spec.connector.matchExpressions[].values[]

Type
string

.spec.connector.matchLabels

Description
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
Type
object

.spec.connector.names

Description
Names is an explicit list of resource names to match.
Type
array

.spec.connector.names[]

Type
string

.spec.defaultPermission

Description
DefaultPermission defines the Role and RoleBinding automatically granted without any approval check.
Type
object
Required
bindingTemplateroleTemplate
PropertyTypeDescription
bindingTemplateobject

BindingTemplate defines the subjects for the generated RoleBinding.

roleTemplateobject

RoleTemplate defines the rules to include in the generated Role.

.spec.defaultPermission.bindingTemplate

Description
BindingTemplate defines the subjects for the generated RoleBinding.
Type
object
PropertyTypeDescription
serviceAccountsarray

ServiceAccounts is the list of service account templates to bind.

.spec.defaultPermission.bindingTemplate.serviceAccounts

Description
ServiceAccounts is the list of service account templates to bind.
Type
array

.spec.defaultPermission.bindingTemplate.serviceAccounts[]

Description
ServiceAccountTemplate defines a template for binding ServiceAccounts. it extends rbacv1.Subject with dynamic label-based selectors.
Type
object
PropertyTypeDescription
namesarray

Names is the list of service account names to bind.

namespaceSelectorobject

NamespaceSelector selects Namespaces by label and/or name.

.spec.defaultPermission.bindingTemplate.serviceAccounts[].names

Description
Names is the list of service account names to bind.
Type
array

.spec.defaultPermission.bindingTemplate.serviceAccounts[].names[]

Type
string

.spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector

Description
NamespaceSelector selects Namespaces by label and/or name.
Type
object
PropertyTypeDescription
matchExpressionsarray

matchExpressions is a list of label selector requirements. The requirements are ANDed.

matchLabelsobject

matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.

namesarray

Names is an explicit list of resource names to match.

.spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchExpressions

Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array

.spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchExpressions[]

Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
keyoperator
PropertyTypeDescription
keystring

key is the label key that the selector applies to.

operatorstring

operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.

valuesarray

values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.

.spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchExpressions[].values

Description
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
Type
array

.spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchExpressions[].values[]

Type
string

.spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.matchLabels

Description
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
Type
object

.spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.names

Description
Names is an explicit list of resource names to match.
Type
array

.spec.defaultPermission.bindingTemplate.serviceAccounts[].namespaceSelector.names[]

Type
string

.spec.defaultPermission.roleTemplate

Description
RoleTemplate defines the rules to include in the generated Role.
Type
object
PropertyTypeDescription
refobject

Ref specifies a reference to a RoleTemplate

.spec.defaultPermission.roleTemplate.ref

Description
Ref specifies a reference to a RoleTemplate
Type
object
PropertyTypeDescription
configMapobject

ConfigMap specifies a local reference to a ConfigMap whose data["rules"] contains the YAML-encoded list of rbacv1.PolicyRule entries. Only ConfigMaps in the connectors system namespace are supported.

.spec.defaultPermission.roleTemplate.ref.configMap

Description
ConfigMap specifies a local reference to a ConfigMap whose data["rules"] contains the YAML-encoded list of rbacv1.PolicyRule entries. Only ConfigMaps in the connectors system namespace are supported.
Type
object
PropertyTypeDescription
namestring

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

.status

Description
AccessPolicyStatus defines the observed state of AccessPolicy.
Type
object
PropertyTypeDescription
annotationsobject

Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.

conditionsarray

Conditions the latest available observations of a resource's current state.

matchedConnectorsarray

MatchedConnectors records the Connector names matched by spec.connector.

observedGenerationinteger

ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.

.status.annotations

Description
Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.
Type
object

.status.conditions

Description
Conditions the latest available observations of a resource's current state.
Type
array

.status.conditions[]

Description
Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties
Type
object
Required
statustype
PropertyTypeDescription
lastTransitionTimestring

LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).

messagestring

A human readable message indicating details about the transition.

reasonstring

The reason for the condition's last transition.

severitystring

Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.

statusstring

Status of the condition, one of True, False, Unknown.

typestring

Type of condition.

.status.matchedConnectors

Description
MatchedConnectors records the Connector names matched by spec.connector.
Type
array

.status.matchedConnectors[]

Description
LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.
Type
object
PropertyTypeDescription
namestring

Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

API Endpoints

The following API endpoints are available:

  • /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies
    • DELETE: delete collection of AccessPolicy
    • GET: list objects of kind AccessPolicy
    • POST: create a new AccessPolicy
  • /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies/{name}
    • DELETE: delete the specified AccessPolicy
    • GET: read the specified AccessPolicy
    • PATCH: partially update the specified AccessPolicy
    • PUT: replace the specified AccessPolicy
  • /apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies/{name}/status
    • GET: read status of the specified AccessPolicy
    • PATCH: partially update status of the specified AccessPolicy
    • PUT: replace status of the specified AccessPolicy

/apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies

HTTP method
DELETE
Description
delete collection of AccessPolicy
HTTP responses
HTTP codeResponse body
200 - OKStatus schema
401 - UnauthorizedEmpty
HTTP method
GET
Description
list objects of kind AccessPolicy
HTTP responses
HTTP codeResponse body
200 - OKAccessPolicyList schema
401 - UnauthorizedEmpty
HTTP method
POST
Description
create a new AccessPolicy
Query parameters
ParameterTypeDescription
dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
Body parameters
ParameterTypeDescription
bodyAccessPolicy schemaapplication/json formatted
HTTP responses
HTTP codeResponse body
200 - OKAccessPolicy schema
201 - CreatedAccessPolicy schema
202 - AcceptedAccessPolicy schema
401 - UnauthorizedEmpty

/apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies/{name}

HTTP method
DELETE
Description
delete the specified AccessPolicy
Query parameters
ParameterTypeDescription
dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
HTTP responses
HTTP codeResponse body
200 - OKStatus schema
202 - AcceptedStatus schema
401 - UnauthorizedEmpty
HTTP method
GET
Description
read the specified AccessPolicy
HTTP responses
HTTP codeResponse body
200 - OKAccessPolicy schema
401 - UnauthorizedEmpty
HTTP method
PATCH
Description
partially update the specified AccessPolicy
Query parameters
ParameterTypeDescription
dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
HTTP responses
HTTP codeResponse body
200 - OKAccessPolicy schema
401 - UnauthorizedEmpty
HTTP method
PUT
Description
replace the specified AccessPolicy
Query parameters
ParameterTypeDescription
dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
Body parameters
ParameterTypeDescription
bodyAccessPolicy schemaapplication/json formatted
HTTP responses
HTTP codeResponse body
200 - OKAccessPolicy schema
201 - CreatedAccessPolicy schema
401 - UnauthorizedEmpty

/apis/connectors.alauda.io/v1alpha1/namespaces/{namespace}/accesspolicies/{name}/status

HTTP method
GET
Description
read status of the specified AccessPolicy
HTTP responses
HTTP codeResponse body
200 - OKAccessPolicy schema
401 - UnauthorizedEmpty
HTTP method
PATCH
Description
partially update status of the specified AccessPolicy
Query parameters
ParameterTypeDescription
dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
HTTP responses
HTTP codeResponse body
200 - OKAccessPolicy schema
401 - UnauthorizedEmpty
HTTP method
PUT
Description
replace status of the specified AccessPolicy
Query parameters
ParameterTypeDescription
dryRunstringWhen present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed
fieldValidationstringfieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.
Body parameters
ParameterTypeDescription
bodyAccessPolicy schemaapplication/json formatted
HTTP responses
HTTP codeResponse body
200 - OKAccessPolicy schema
201 - CreatedAccessPolicy schema
401 - UnauthorizedEmpty