diff --git a/Makefile b/Makefile index fce1949a1..c9c06aabd 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,7 @@ docker-push: manifests: generate gen-schemas ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. #$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases $(CONTROLLER_GEN) crd paths="./api/..." output:crd:artifacts:config=chart/crds + $(MAKE) strip-crd-descriptions .PHONY: generate @@ -188,6 +189,11 @@ build-debug: install: cp ./.bin/$(NAME) /usr/local/bin/ +strip-crd-descriptions: + @for f in chart/crds/*.yaml; do \ + yq 'del(.. | select(has("description")).description)' "$$f" > "$$f.tmp" && mv "$$f.tmp" "$$f"; \ + done + install-crd: manifests kubectl apply -f chart/crds @@ -295,4 +301,4 @@ bench: .PHONY: modernize modernize: - go fix ./... \ No newline at end of file + go fix ./... diff --git a/chart/crds/configs.flanksource.com_scrapeconfigs.yaml b/chart/crds/configs.flanksource.com_scrapeconfigs.yaml index 7da8d1423..9a1b6afcd 100644 --- a/chart/crds/configs.flanksource.com_scrapeconfigs.yaml +++ b/chart/crds/configs.flanksource.com_scrapeconfigs.yaml @@ -14,7140 +14,4182 @@ spec: singular: scrapeconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ScrapeConfig is the Schema for the scrapeconfigs API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ScraperSpec defines the desired state of Config scraper - properties: - aws: - items: - description: AWS ... - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - assumeRole: - type: string - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - cloudtrail: - properties: - exclude: - items: - type: string - type: array - maxAge: - type: string - type: object - compliance: - type: boolean - connection: - description: ConnectionName of the connection. It'll be used - to populate the endpoint, accessKey and secretKey. - type: string - costReporting: - properties: - database: - type: string - region: - type: string - s3BucketPath: - type: string - table: - type: string - type: object - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - endpoint: - type: string - exclude: - items: - type: string - type: array - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - include: - items: - type: string - type: array - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + aws: + items: properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: + accessKey: properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: + name: type: string - lastTransition: + value: type: string - links: + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + assumeRole: + type: string + class: + type: string + cloudtrail: + properties: + exclude: items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string - type: object + type: string type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: + maxAge: type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. + type: object + compliance: + type: boolean + connection: + type: string + costReporting: + properties: + database: type: string - tooltip: + region: type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' + s3BucketPath: type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. + table: type: string - value: - format: int64 - type: integer type: object - type: array - region: - items: + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + endpoint: type: string - type: array - secretKey: - properties: - name: + exclude: + items: + type: string + type: array + format: + type: string + health: + type: string + id: + type: string + include: + items: type: string - value: + type: array + items: + type: string + labels: + additionalProperties: type: string - valueFrom: + type: object + name: + type: string + properties: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: + properties: + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + url: + type: string + type: object + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer type: object - type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: + type: array + region: + items: + type: string + type: array + secretKey: properties: - jsonpath: - type: string - label: - type: string name: type: string value: type: string - required: - - name + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: + skipTLSVerify: + type: boolean + status: + type: string + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: + exclude: items: type: string type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: + mapping: items: - type: string + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - type: object - type: array - azure: - items: - properties: - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - clientID: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + exclude: + items: properties: - key: - type: string - name: + jsonpath: type: string + types: + items: + type: string + type: array required: - - key + - jsonpath type: object - helmRef: + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: + filter: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + type: type: string - name: + values: + items: + type: string + type: array + withParent: type: string required: - - key + - type type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - clientSecret: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + type: array + mask: + items: properties: - key: - type: string - name: + jsonpath: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. + selector: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + type: array + relationship: + items: properties: - key: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + expr: type: string - name: + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: type: string - required: - - key + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - connection: - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + type: object + type: type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: object + type: array + azure: + items: + properties: + class: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - entra: - properties: - appRegistrations: - items: + clientID: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - agent: - description: |- - Agent can be the agent id or the name of the agent. - Additionally, the special "self" value can be used to select resources without an agent. - type: string - cache: - description: |- - Cache directives - 'no-cache' (should not fetch from cache but can be cached) - 'no-store' (should not cache) - 'max-age=X' (cache for X duration) - type: string - fieldSelector: - type: string - health: - description: |- - Health filters resources by the health. - Multiple healths can be provided separated by comma. - type: string - id: - type: string - includeDeleted: - type: boolean - labelSelector: - type: string - limit: - type: integer - name: - type: string - namespace: - type: string - scope: - description: |- - Scope is the reference for parent of the resource to select. - For config items, the scope is the scraper id - For checks, it's canaries and - For components, it's topology. - It can either be a uuid or namespace/name - type: string - search: - description: Search query that applies to the resource - name, tag & labels. - type: string - statuses: - description: Statuses filter resources by the status - items: - type: string - type: array - tagSelector: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - types: - description: Types filter resources by the type - items: - type: string - type: array type: object - type: array - appRoleAssignments: - items: + type: object + clientSecret: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - agent: - description: |- - Agent can be the agent id or the name of the agent. - Additionally, the special "self" value can be used to select resources without an agent. - type: string - cache: - description: |- - Cache directives - 'no-cache' (should not fetch from cache but can be cached) - 'no-store' (should not cache) - 'max-age=X' (cache for X duration) - type: string - fieldSelector: - type: string - health: - description: |- - Health filters resources by the health. - Multiple healths can be provided separated by comma. - type: string - id: - type: string - includeDeleted: - type: boolean - labelSelector: - type: string - limit: - type: integer - name: - type: string - namespace: - type: string - scope: - description: |- - Scope is the reference for parent of the resource to select. - For config items, the scope is the scraper id - For checks, it's canaries and - For components, it's topology. - It can either be a uuid or namespace/name - type: string - search: - description: Search query that applies to the resource - name, tag & labels. + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - statuses: - description: Statuses filter resources by the status - items: + type: object + type: object + connection: + type: string + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + entra: + properties: + appRegistrations: + items: + properties: + agent: type: string - type: array - tagSelector: - type: string - types: - description: Types filter resources by the type - items: + cache: type: string - type: array - type: object - type: array - enterpriseApps: - items: - properties: - agent: - description: |- - Agent can be the agent id or the name of the agent. - Additionally, the special "self" value can be used to select resources without an agent. - type: string - cache: - description: |- - Cache directives - 'no-cache' (should not fetch from cache but can be cached) - 'no-store' (should not cache) - 'max-age=X' (cache for X duration) - type: string - fieldSelector: - type: string - health: - description: |- - Health filters resources by the health. - Multiple healths can be provided separated by comma. - type: string - id: - type: string - includeDeleted: - type: boolean - labelSelector: - type: string - limit: - type: integer - name: - type: string - namespace: - type: string - scope: - description: |- - Scope is the reference for parent of the resource to select. - For config items, the scope is the scraper id - For checks, it's canaries and - For components, it's topology. - It can either be a uuid or namespace/name - type: string - search: - description: Search query that applies to the resource - name, tag & labels. - type: string - statuses: - description: Statuses filter resources by the status - items: + fieldSelector: type: string - type: array - tagSelector: - type: string - types: - description: Types filter resources by the type - items: + health: type: string - type: array - type: object - type: array - groups: - items: - properties: - agent: - description: |- - Agent can be the agent id or the name of the agent. - Additionally, the special "self" value can be used to select resources without an agent. - type: string - cache: - description: |- - Cache directives - 'no-cache' (should not fetch from cache but can be cached) - 'no-store' (should not cache) - 'max-age=X' (cache for X duration) - type: string - fieldSelector: - type: string - health: - description: |- - Health filters resources by the health. - Multiple healths can be provided separated by comma. - type: string - id: - type: string - includeDeleted: - type: boolean - labelSelector: - type: string - limit: - type: integer - name: - type: string - namespace: - type: string - scope: - description: |- - Scope is the reference for parent of the resource to select. - For config items, the scope is the scraper id - For checks, it's canaries and - For components, it's topology. - It can either be a uuid or namespace/name - type: string - search: - description: Search query that applies to the resource - name, tag & labels. - type: string - statuses: - description: Statuses filter resources by the status - items: + id: type: string - type: array - tagSelector: - type: string - types: - description: Types filter resources by the type - items: + includeDeleted: + type: boolean + labelSelector: type: string - type: array - type: object - type: array - users: - items: - properties: - agent: - description: |- - Agent can be the agent id or the name of the agent. - Additionally, the special "self" value can be used to select resources without an agent. - type: string - cache: - description: |- - Cache directives - 'no-cache' (should not fetch from cache but can be cached) - 'no-store' (should not cache) - 'max-age=X' (cache for X duration) - type: string - fieldSelector: - type: string - health: - description: |- - Health filters resources by the health. - Multiple healths can be provided separated by comma. - type: string - id: - type: string - includeDeleted: - type: boolean - labelSelector: - type: string - limit: - type: integer - name: - type: string - namespace: - type: string - scope: - description: |- - Scope is the reference for parent of the resource to select. - For config items, the scope is the scraper id - For checks, it's canaries and - For components, it's topology. - It can either be a uuid or namespace/name - type: string - search: - description: Search query that applies to the resource - name, tag & labels. - type: string - statuses: - description: Statuses filter resources by the status - items: + limit: + type: integer + name: type: string - type: array - tagSelector: - type: string - types: - description: Types filter resources by the type - items: + namespace: type: string - type: array - type: object - type: array - type: object - exclusions: - properties: - activityLogs: - description: |- - ActivityLogs is a list of operations to exclude from activity logs. - Example: - "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action" - "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action" - items: - type: string - type: array - type: object - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - include: - items: - type: string - type: array - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: + scope: + type: string + search: + type: string + statuses: + items: + type: string + type: array + tagSelector: + type: string + types: + items: + type: string + type: array + type: object + type: array + appRoleAssignments: items: properties: - icon: + agent: type: string - label: + cache: type: string - text: + fieldSelector: type: string - tooltip: + health: type: string - type: - description: e.g. documentation, support, playbook + id: type: string - url: + includeDeleted: + type: boolean + labelSelector: type: string - type: object - type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - subscriptionID: - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - tenantID: - type: string - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: + limit: + type: integer + name: type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: + namespace: type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: + scope: type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: + search: type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: + statuses: + items: type: string - value: + type: array + tagSelector: + type: string + types: + items: type: string - type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - subscriptionID - type: object - type: array - azureDevops: - items: - properties: - auditLog: - description: AuditLog configures fetching organization-level - audit log entries as config changes - properties: - enabled: - description: Enabled enables fetching audit log entries - type: boolean - exclusions: - description: Exclusions is a list of actionId prefixes to - exclude (e.g. "AuditLog.AccessLog") - items: - type: string - type: array - type: object - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connection: - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - maxAge: - description: |- - MaxAge limits pipeline run scraping to runs created within this duration (e.g. "7d", "24h"). - Defaults to the system property azuredevops.pipeline.max_age, which defaults to 7d. - type: string - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - organization: - type: string - permissions: - description: Permissions configures fetching pipeline permissions - to determine who can execute pipelines - properties: - enabled: - description: Enabled enables fetching pipeline and repository - permissions - type: boolean - groups: - description: Groups enables fetching organization-level - group membership - type: boolean - rateLimit: - description: |- - RateLimit specifies how often to refresh permissions (e.g., "6h", "24h") - Defaults to "24h" if not set - type: string - roles: - additionalProperties: - items: - type: string + type: array + type: object type: array - description: |- - Roles maps role names to Git permission names. - Each identity is assigned the role whose required permissions are all present. - Permission names: Read, Contribute, ForcePush, CreateBranch, CreateTag, ManageNotes, - CreateRepository, DeleteRepository, RenameRepository, ManagePermissions, PolicyExempt - type: object - type: object - personalAccessToken: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + enterpriseApps: + items: properties: - key: + agent: type: string - name: + cache: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. + fieldSelector: type: string + health: + type: string + id: + type: string + includeDeleted: + type: boolean + labelSelector: + type: string + limit: + type: integer name: type: string - required: - - key + namespace: + type: string + scope: + type: string + search: + type: string + statuses: + items: + type: string + type: array + tagSelector: + type: string + types: + items: + type: string + type: array type: object - secretKeyRef: + type: array + groups: + items: properties: - key: + agent: + type: string + cache: + type: string + fieldSelector: + type: string + health: + type: string + id: type: string + includeDeleted: + type: boolean + labelSelector: + type: string + limit: + type: integer name: type: string - required: - - key + namespace: + type: string + scope: + type: string + search: + type: string + statuses: + items: + type: string + type: array + tagSelector: + type: string + types: + items: + type: string + type: array type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - pipelines: - items: - type: string - type: array - projects: - items: - type: string - type: array - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: + type: array + users: items: properties: - icon: + agent: type: string - label: + cache: type: string - text: + fieldSelector: type: string - tooltip: + health: type: string - type: - description: e.g. documentation, support, playbook + id: + type: string + includeDeleted: + type: boolean + labelSelector: type: string - url: + limit: + type: integer + name: + type: string + namespace: + type: string + scope: + type: string + search: + type: string + statuses: + items: + type: string + type: array + tagSelector: type: string + types: + items: + type: string + type: array type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer type: object - type: array - releases: - description: Releases filters classic release pipelines to scrape - by name or glob - items: + exclusions: + properties: + activityLogs: + items: + type: string + type: array + type: object + format: type: string - type: array - repositories: - description: Repositories filters Git repositories to scrape - by name or glob - items: + health: type: string - type: array - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 + id: + type: string + include: + items: + type: string + type: array items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name + type: string + labels: + additionalProperties: + type: string type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: + name: + type: string properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: + items: properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: items: properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string type: - description: Type is the type to be set on the - change + type: string + url: type: string type: object type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: + type: array + status: + type: string + subscriptionID: + type: string + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + tenantID: + type: string + timestampFormat: + type: string + transform: + properties: + aliases: + items: + properties: + filter: type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: + exclude: items: type: string type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - pipelines - - projects - type: object - type: array - clickhouse: - items: - properties: - awsS3: - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + mapping: + items: properties: - key: + action: type: string - name: + ancestor_type: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + config_id: type: string - name: + config_type: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + filter: type: string - name: + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array + required: + - jsonpath type: object - type: object - assumeRole: - type: string - bucket: - type: string - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint, accessKey and secretKey. - type: string - endpoint: - type: string - path: - type: string - region: - items: + type: array + expr: type: string - type: array - secretKey: - properties: - name: - type: string - value: - type: string - valueFrom: + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - configMapKeyRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + expr: + type: string + external_id: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + filter: + type: string + id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - type: object - azureBlobStorage: - properties: - account: - type: string - clientID: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + labels: + additionalProperties: + type: string + type: object + name: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + namespace: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + parent: + type: boolean + scope: properties: - key: + expr: type: string - name: + label: type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - clientSecret: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: + value: type: string - required: - - key type: object - helmRef: + type: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: + expr: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + label: type: string - name: + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string type: object - type: object - collection: - type: string - connection: - type: string - container: - type: string - endpoint: - type: string - path: + type: array + type: object + type: + type: string + required: + - subscriptionID + type: object + type: array + azureDevops: + items: + properties: + auditLog: + properties: + enabled: + type: boolean + exclusions: + items: + type: string + type: array + type: object + class: + type: string + connection: + type: string + createFields: + items: type: string - tenantID: + type: array + deleteFields: + items: type: string - required: - - collection - type: object - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - clickhouseURL: - description: clickhouse://:@:/?param1=value1¶m2=value2 - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + format: type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + health: + type: string + id: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. items: + type: string + labels: + additionalProperties: + type: string + type: object + maxAge: + type: string + name: + type: string + organization: + type: string + permissions: properties: - color: - type: string - filter: - type: string - headline: + enabled: type: boolean - hidden: + groups: type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: - items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string - type: object - type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: + rateLimit: type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer + roles: + additionalProperties: + items: + type: string + type: array + type: object type: object - type: array - query: - type: string - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: + personalAccessToken: properties: - jsonpath: - type: string - label: - type: string name: type: string value: type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: + valueFrom: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: + configMapKeyRef: properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change + key: type: string + name: + type: string + required: + - key type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied + serviceAccount: type: string - id: - description: Lookup offers different ways to specify - a lookup value + type: object + type: object + pipelines: + items: + type: string + type: array + projects: + items: + type: string + type: array + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: + type: string + tooltip: + type: string + type: + type: string + url: type: string type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - query - type: object - type: array - crdSync: - description: |- - CRDSync when set to true, will create (or update) the corresponding database record - for a config item of the following types - - MissionControl::Playbook, MissionControl::ScrapeConfig, MissionControl::Canary - type: boolean - exec: - items: - properties: - artifacts: - description: Artifacts to collect after execution - items: - properties: - path: - type: string - required: - - path - type: object - type: array - checkout: - description: Git repository to checkout before running script - properties: - branch: + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + releases: + items: + type: string + type: array + repositories: + items: type: string - certificate: + type: array + status: + type: string + tags: + items: properties: + jsonpath: + type: string + label: + type: string name: type: string value: type: string - valueFrom: + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: properties: - configMapKeyRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: properties: - key: + action: type: string - name: + ancestor_type: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + config_id: type: string - name: + config_type: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + filter: type: string - name: + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array + required: + - jsonpath type: object - type: object - connection: - type: string - depth: - type: integer - destination: - description: |- - Destination is the full path to where the contents of the URL should be downloaded to. - If left empty, the sha256 hash of the URL will be used as the dir name. - - Deprecated: no similar functionality available. This depends on the use case - type: string - password: - properties: - name: - type: string - value: - type: string - valueFrom: + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - configMapKeyRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + expr: + type: string + external_id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + filter: type: string - type: object - type: object - type: - description: Type of connection e.g. github, gitlab - type: string - url: - type: string - username: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + labels: + additionalProperties: + type: string + type: object + name: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + namespace: properties: - key: + expr: type: string - name: + label: type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - type: object - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connections: - description: Connections for AWS/GCP/Azure/K8s credential injection - properties: - aws: - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + value: type: string type: object - type: object - assumeRole: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint, accessKey and secretKey. - type: string - endpoint: - type: string - region: - type: string - secretKey: - properties: - name: - type: string - value: - type: string - valueFrom: + parent: + type: boolean + scope: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: type: string - type: object - type: object - sessionToken: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + label: + type: string + value: type: string type: object - type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - type: object - azure: - properties: - clientID: - properties: - name: - type: string - value: - type: string - valueFrom: + type: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: type: string type: object type: object - clientSecret: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: + type: array + type: object + type: + type: string + required: + - pipelines + - projects + type: object + type: array + clickhouse: + items: + properties: + awsS3: + properties: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - connection: - type: string - tenantID: - type: string - type: object - eksPodIdentity: - description: EKSPodIdentity when enabled will allow access - to AWS_* env vars - type: boolean - fromConfigItem: - type: string - gcp: - properties: - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint and credentials. + type: object + serviceAccount: + type: string + type: object + type: object + assumeRole: + type: string + bucket: + type: string + connection: + type: string + endpoint: + type: string + path: + type: string + region: + items: type: string - credentials: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: + type: array + secretKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - endpoint: - type: string - project: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - type: object - kubernetes: - properties: - cnrm: - properties: - clusterResource: - type: string - clusterResourceNamespace: - type: string - gke: - properties: - cluster: - type: string - connection: - description: ConnectionName of the connection. - It'll be used to populate the endpoint and - credentials. - type: string - credentials: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the - merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies - the service account whose token should - be fetched - type: string - type: object - type: object - endpoint: + type: object + serviceAccount: + type: string + type: object + type: object + skipTLSVerify: + type: boolean + type: object + azureBlobStorage: + properties: + account: + type: string + clientID: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + clientSecret: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + collection: + type: string + connection: + type: string + container: + type: string + endpoint: + type: string + path: + type: string + tenantID: + type: string + required: + - collection + type: object + class: + type: string + clickhouseURL: + type: string + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + format: + type: string + health: + type: string + id: + type: string + items: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: + properties: + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + url: + type: string + type: object + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + query: + type: string + status: + type: string + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: + properties: + action: type: string - project: + ancestor_type: type: string - projectID: + config_id: type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - zone: + config_type: type: string - required: - - cluster - - projectID - - zone - type: object - required: - - clusterResource - - clusterResourceNamespace - - gke - type: object - connection: - description: Connection name to populate kubeconfig - type: string - eks: - properties: - accessKey: - properties: - name: + filter: type: string - value: + scraper_id: type: string - valueFrom: + severity: + type: string + summary: + type: string + target: properties: - configMapKeyRef: + agent: properties: - key: + expr: type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + external_id: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the - service account whose token should be - fetched - type: string - type: object - type: object - assumeRole: - type: string - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint, accessKey and - secretKey. - type: string - endpoint: - type: string - region: - type: string - secretKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: + label: type: string - name: + value: type: string - required: - - key type: object - helmRef: + id: properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + labels: + additionalProperties: + type: string + type: object + name: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the - service account whose token should be - fetched - type: string - type: object - type: object - sessionToken: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + namespace: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + scope: properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + type: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the - service account whose token should be - fetched - type: string type: object + type: + type: string type: object - skipTLSVerify: - description: Skip TLS verify when connecting to - aws - type: boolean + type: array + type: object + exclude: + items: + properties: + jsonpath: + type: string + types: + items: + type: string + type: array required: - - cluster + - jsonpath + type: object + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type type: object - gke: + type: array + mask: + items: properties: - cluster: + jsonpath: type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint and credentials. + selector: type: string - credentials: + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: properties: - name: + expr: + type: string + label: type: string value: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the - service account whose token should be - fetched - type: string - type: object type: object - endpoint: + expr: type: string - project: - type: string - projectID: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - zone: + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: type: string - required: - - cluster - - projectID - - zone - type: object - kubeconfig: - properties: + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object name: - type: string - value: - type: string - valueFrom: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: type: string type: object type: object - type: object - serviceAccount: - description: ServiceAccount when enabled will allow access - to KUBERNETES env vars - type: boolean - type: object - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + type: object + type: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - env: - description: Environment variables - items: + required: + - query + type: object + type: array + crdSync: + type: boolean + exec: + items: + properties: + artifacts: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + checkout: properties: - name: - type: string - value: + branch: type: string - valueFrom: + certificate: properties: - configMapKeyRef: + name: + type: string + value: + type: string + valueFrom: properties: - key: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - name: + type: object + type: object + connection: + type: string + depth: + type: integer + destination: + type: string + password: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - required: - - key type: object - helmRef: + type: object + type: + type: string + url: + type: string + username: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string + type: object + type: object + type: object + class: + type: string + connections: + properties: + aws: + properties: + accessKey: + properties: name: type: string - required: - - key + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - secretKeyRef: + assumeRole: + type: string + connection: + type: string + endpoint: + type: string + region: + type: string + secretKey: properties: - key: - type: string name: type: string - required: - - key + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - type: array - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: - items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string - type: object - type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - query: - description: Query exports config items as JSON files for use - in scripts. - items: - description: ConfigQuery defines a query that exports config - items as JSON files for use in scripts. - properties: - agent: - description: |- - Agent can be the agent id or the name of the agent. - Additionally, the special "self" value can be used to select resources without an agent. - type: string - cache: - description: |- - Cache directives - 'no-cache' (should not fetch from cache but can be cached) - 'no-store' (should not cache) - 'max-age=X' (cache for X duration) - type: string - fieldSelector: - type: string - health: - description: |- - Health filters resources by the health. - Multiple healths can be provided separated by comma. - type: string - id: - type: string - includeDeleted: - type: boolean - labelSelector: - type: string - limit: - type: integer - name: - type: string - namespace: - type: string - path: - description: Path is the file path to write the query - results to (relative to script working dir). - type: string - scope: - description: |- - Scope is the reference for parent of the resource to select. - For config items, the scope is the scraper id - For checks, it's canaries and - For components, it's topology. - It can either be a uuid or namespace/name - type: string - search: - description: Search query that applies to the resource - name, tag & labels. - type: string - statuses: - description: Statuses filter resources by the status - items: - type: string - type: array - tagSelector: - type: string - types: - description: Types filter resources by the type - items: - type: string - type: array - required: - - path - type: object - type: array - script: - description: Script is an inline script to run - type: string - setup: - description: Setup dependencies - properties: - bun: - properties: - version: - type: string - type: object - playwright: - properties: - version: - type: string - type: object - powershell: - properties: - version: - type: string - type: object - python: - properties: - version: - type: string - type: object - type: object - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: + sessionToken: properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - external_id: - description: Lookup offers different ways - to specify a lookup value + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - id: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value + serviceAccount: + type: string + type: object + type: object + skipTLSVerify: + type: boolean + type: object + azure: + properties: + clientID: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - namespace: - description: Lookup offers different ways - to specify a lookup value + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + secretKeyRef: properties: - expr: + key: type: string - label: + name: type: string - value: + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + clientSecret: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: type: string + required: + - key type: object - type: - description: Lookup offers different ways - to specify a lookup value + helmRef: properties: - expr: + key: type: string - label: + name: type: string - value: + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: type: string + required: + - key type: object + serviceAccount: + type: string type: object - type: - description: Type is the type to be set on the - change - type: string type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: + connection: type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used + tenantID: type: string - required: - - type type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: + eksPodIdentity: + type: boolean + fromConfigItem: + type: string + gcp: properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string + connection: type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + credentials: properties: - expr: - type: string - label: + name: type: string value: type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. + endpoint: + type: string + project: type: string - external_id: - description: Lookup offers different ways to specify - a lookup value + skipTLSVerify: + type: boolean + type: object + kubernetes: + properties: + cnrm: properties: - expr: - type: string - label: + clusterResource: type: string - value: + clusterResourceNamespace: type: string + gke: + properties: + cluster: + type: string + connection: + type: string + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + endpoint: + type: string + project: + type: string + projectID: + type: string + skipTLSVerify: + type: boolean + zone: + type: string + required: + - cluster + - projectID + - zone + type: object + required: + - clusterResource + - clusterResourceNamespace + - gke type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied + connection: type: string - id: - description: Lookup offers different ways to specify - a lookup value + eks: properties: - expr: - type: string - label: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + assumeRole: type: string - value: + cluster: type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + connection: type: string - label: + endpoint: type: string - value: + region: type: string + secretKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + sessionToken: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + skipTLSVerify: + type: boolean + required: + - cluster type: object - namespace: - description: Lookup offers different ways to specify - a lookup value + gke: properties: - expr: + cluster: type: string - label: + connection: type: string - value: + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + endpoint: type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: + project: type: string - label: + projectID: type: string - value: + skipTLSVerify: + type: boolean + zone: type: string + required: + - cluster + - projectID + - zone type: object - type: - description: Lookup offers different ways to specify - a lookup value + kubeconfig: properties: - expr: - type: string - label: + name: type: string value: type: string - type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - script - type: object - type: array - file: - items: - description: File ... - properties: - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connection: - description: ConnectionName is used to populate the URL - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - icon: - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - ignore: - items: - type: string - type: array - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - paths: - items: - type: string - type: array - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: - items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string - type: object - type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value + valueFrom: + properties: + configMapKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - type: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object + serviceAccount: + type: string type: object - type: - description: Type is the type to be set on the - change - type: string type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: + serviceAccount: + type: boolean + type: object + createFields: + items: type: string - jsonpath: + type: array + deleteFields: + items: type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + type: object + type: object + type: array + format: + type: string + health: + type: string + id: + type: string + items: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + query: + items: + properties: + agent: + type: string + cache: + type: string + fieldSelector: + type: string + health: + type: string + id: + type: string + includeDeleted: + type: boolean + labelSelector: + type: string + limit: + type: integer + name: + type: string + namespace: + type: string + path: + type: string + scope: + type: string + search: + type: string + statuses: + items: + type: string + type: array + tagSelector: + type: string + types: + items: + type: string + type: array + required: + - path + type: object + type: array + script: + type: string + setup: + properties: + bun: + properties: + version: + type: string type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - url: - type: string - type: object - type: array - full: - description: Full flag when set will try to extract out changes from - the scraped config. - type: boolean - gcp: - items: - properties: - auditLogs: - description: AuditLogs query the BigQuery dataset for audit - logs. - properties: - dataset: - description: |- - BigQuery dataset to query audit logs from - Example: "default._AllLogs" - type: string - methods: - description: Filter methods matching these patterns - items: - description: MatchExpression uses MatchItems - type: string - type: array - permissions: - description: Filter permissions matching these patterns - items: - description: MatchExpression uses MatchItems - type: string - type: array - principalEmails: - description: Filter principal emails matching these patterns - items: - description: MatchExpression uses MatchItems - type: string - type: array - serviceNames: - description: Filter service names matching these patterns - items: - description: MatchExpression uses MatchItems - type: string - type: array - since: - description: |- - Time range to query audit logs (defaults to last 7 days if not specified) - Examples: "24h", "7d", "30d" - type: string - userAgents: - description: Filter user agents matching these patterns - items: - description: MatchExpression uses MatchItems - type: string - type: array - type: object - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connection: - description: ConnectionName of the connection. It'll be used - to populate the endpoint and credentials. - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + playwright: + properties: + version: + type: string + type: object + powershell: + properties: + version: + type: string + type: object + python: + properties: + version: + type: string + type: object + type: object + status: type: string - type: array - credentials: - properties: - name: - type: string - value: - type: string - valueFrom: + tags: + items: properties: - configMapKeyRef: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: properties: - key: - type: string - name: + filter: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. + type: type: string - name: + values: + items: + type: string + type: array + withParent: type: string required: - - key + - type type: object - secretKeyRef: - properties: - key: + type: array + changes: + properties: + exclude: + items: type: string - name: + type: array + mapping: + items: + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array required: - - key + - jsonpath type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - endpoint: - type: string - exclude: - description: Exclude is a list of GCP asset types to exclude - from scraping. - items: - type: string - type: array - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - include: - description: |- - Include is a list of GCP asset types to scrape. - Reference: https://cloud.google.com/asset-inventory/docs/supported-asset-types - Example: storage.googleapis.com/Bucket - items: - type: string - type: array - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - project: - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: + type: array + expr: type: string - headline: - type: boolean - hidden: - type: boolean - icon: + gotemplate: type: string - label: + javascript: type: string - lastTransition: + jsonpath: type: string - links: + locations: items: properties: - icon: + filter: type: string - label: + type: type: string - text: + values: + items: + type: string + type: array + withParent: type: string - tooltip: + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: type: string - type: - description: e.g. documentation, support, playbook + selector: type: string - url: + value: type: string type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - skipTLSVerify: - description: Skip TLS verify - type: boolean - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: + relationship: + items: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + expr: type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: type: string - type: array - required: - - jsonpath - type: object - type: array - expr: + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: array + type: object + type: + type: string + required: + - script + type: object + type: array + file: + items: + properties: + class: + type: string + connection: + type: string + createFields: + items: type: string - gotemplate: + type: array + deleteFields: + items: type: string - javascript: + type: array + format: + type: string + health: + type: string + icon: + type: string + id: + type: string + ignore: + items: type: string - jsonpath: + type: array + items: + type: string + labels: + additionalProperties: type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value + type: object + name: + type: string + paths: + items: + type: string + type: array + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object - labels: - additionalProperties: + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + status: + type: string + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: + properties: + filter: type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: + type: + type: string + values: + items: type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - project - type: object - type: array - github: - items: - description: |- - GitHub scraper creates GitHub::Repository config items and optionally - attaches security alerts and OpenSSF scorecard results as analyses. - properties: - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connection: - description: ConnectionName, if provided, will be used to populate - personalAccessToken - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - openssf: - description: OpenSSF enables fetching OpenSSF Scorecard data - type: boolean - personalAccessToken: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: + type: array + withParent: type: string required: - - key + - type type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: + type: array + changes: + properties: + exclude: + items: type: string - required: - - key - type: object - secretKeyRef: + type: array + mapping: + items: + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object + type: array + type: object + exclude: + items: properties: - key: - type: string - name: + jsonpath: type: string + types: + items: + type: string + type: array required: - - key + - jsonpath type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: + type: array + expr: type: string - headline: - type: boolean - hidden: - type: boolean - icon: + gotemplate: type: string - label: + javascript: type: string - lastTransition: + jsonpath: type: string - links: + locations: items: properties: - icon: + filter: type: string - label: + type: + type: string + values: + items: + type: string + type: array + withParent: type: string - text: + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: type: string - tooltip: + selector: type: string - type: - description: e.g. documentation, support, playbook + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + expr: type: string - url: + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: type: string + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer type: object - type: array - repositories: - description: Repositories is the list of repositories to scrape - items: - description: GitHubRepository specifies a repository to scrape + type: + type: string + url: + type: string + type: object + type: array + full: + type: boolean + gcp: + items: + properties: + auditLogs: properties: - owner: + dataset: type: string - repo: + methods: + items: + type: string + type: array + permissions: + items: + type: string + type: array + principalEmails: + items: + type: string + type: array + serviceNames: + items: + type: string + type: array + since: type: string - required: - - owner - - repo + userAgents: + items: + type: string + type: array type: object - type: array - security: - description: Security enables fetching Dependabot, code scanning, - and secret scanning alerts - type: boolean - securityFilters: - description: SecurityFilters for security alerts (only used - when security=true) - properties: - maxAge: + class: + type: string + connection: + type: string + createFields: + items: type: string - severity: - items: - type: string - type: array - state: - items: - type: string - type: array - type: object - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: + type: array + credentials: properties: - jsonpath: - type: string - label: - type: string name: type: string value: type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: + valueFrom: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value + configMapKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - namespace: - description: Lookup offers different ways to specify - a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + serviceAccount: + type: string + type: object + type: object + deleteFields: + items: + type: string + type: array + endpoint: + type: string + exclude: + items: + type: string + type: array + format: + type: string + health: + type: string + id: + type: string + include: + items: + type: string + type: array + items: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + project: + type: string + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - repositories - type: object - type: array - githubActions: - items: - description: |- - GitHubActions scraper scrapes the workflow and its runs based on the given filter. - By default, it fetches the last 7 days of workflow runs (Configurable via property: scrapers.githubactions.maxAge) - properties: - actor: - description: |- - Returns someone's workflow runs. - Use the login for the user who created the push associated with the check suite or workflow run. - type: string - branch: - description: Returns workflow runs associated with a branch. - Use the name of the branch of the push. - type: string - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connection: - description: ConnectionName, if provided, will be used to populate - personalAccessToken - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + skipTLSVerify: + type: boolean + status: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - owner: - type: string - personalAccessToken: - properties: - name: - type: string - value: - type: string - valueFrom: + tags: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched + jsonpath: + type: string + label: + type: string + name: + type: string + value: type: string + required: + - name type: object - type: object - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: + type: array + timestampFormat: + type: string + transform: properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: + aliases: items: properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: + filter: type: string type: - description: e.g. documentation, support, playbook type: string - url: + values: + items: + type: string + type: array + withParent: type: string + required: + - type type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - repository: - type: string - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. + changes: properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. + exclude: items: type: string type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: + mapping: items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - workflows: - items: - type: string - type: array - required: - - owner - - repository - type: object - type: array - http: - items: - properties: - awsSigV4: - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: properties: - key: + action: type: string - name: + ancestor_type: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + config_id: type: string - name: + config_type: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + filter: type: string - name: + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array + required: + - jsonpath type: object - type: object - assumeRole: - type: string - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint, accessKey and secretKey. - type: string - endpoint: - type: string - region: - type: string - secretKey: - properties: - name: - type: string - value: - type: string - valueFrom: + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - configMapKeyRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + expr: + type: string + external_id: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + filter: + type: string + id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - service: - type: string - sessionToken: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + labels: + additionalProperties: + type: string + type: object + name: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + namespace: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + parent: + type: boolean + scope: properties: - key: + expr: type: string - name: + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string type: object - type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - type: object - bearer: - properties: - name: + type: array + type: object + type: + type: string + required: + - project + type: object + type: array + github: + items: + properties: + class: + type: string + connection: + type: string + createFields: + items: type: string - value: + type: array + deleteFields: + items: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - body: - type: string - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connection: - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + format: type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + health: + type: string + id: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - digest: - type: boolean - env: - description: Environment variables to be used in the templating. items: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + openssf: + type: boolean + personalAccessToken: properties: name: type: string @@ -7162,18 +4204,16 @@ spec: name: type: string required: - - key + - key type: object helmRef: properties: key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. type: string name: type: string required: - - key + - key type: object secretKeyRef: properties: @@ -7182,1257 +4222,974 @@ spec: name: type: string required: - - key + - key type: object serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched type: string type: object type: object - type: array - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - headers: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - key: + icon: type: string - name: + label: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + text: type: string - name: + tooltip: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + type: type: string - name: + url: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + repositories: + items: + properties: + owner: + type: string + repo: + type: string + required: + - owner + - repo + type: object + type: array + security: + type: boolean + securityFilters: + properties: + maxAge: + type: string + severity: + items: + type: string + type: array + state: + items: + type: string + type: array type: object - type: array - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: + status: type: string - description: Labels for each config item. - type: object - method: - type: string - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - ntlm: - type: boolean - ntlmv2: - type: boolean - oauth: - properties: - clientID: + tags: + items: properties: + jsonpath: + type: string + label: + type: string name: type: string value: type: string - valueFrom: + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: properties: - configMapKeyRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: properties: - key: + action: type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + ancestor_type: type: string - name: + config_id: type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - clientSecret: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: + config_type: type: string - name: + filter: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + scraper_id: type: string - name: + severity: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + summary: type: string - name: + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - params: - additionalProperties: - type: string - type: object - scope: - items: - type: string - type: array - tokenURL: - type: string - type: object - pagination: - properties: - delay: - description: Delay between page requests (e.g. "500ms", - "2s"). - type: string - maxPages: - description: Maximum number of pages to fetch. 0 means unlimited. - type: integer - nextPageExpr: - description: |- - CEL expression to extract next page URL or request from response. - Receives response map with body, headers, status, url fields. - Returns string (URL), map (request spec with url/method/body/headers), or null (stop). - type: string - perPage: - description: Process each page independently instead of - merging. - type: boolean - reduceExpr: - description: |- - CEL expression to merge pages using accumulator pattern. - Receives acc ([]any, starts empty) and page (response body). Returns new acc. - type: string - required: - - nextPageExpr - type: object - password: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: + type: array + type: object + exclude: + items: properties: - key: - type: string - name: + jsonpath: type: string + types: + items: + type: string + type: array required: - - key + - jsonpath type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: + type: array + expr: type: string - headline: - type: boolean - hidden: - type: boolean - icon: + gotemplate: type: string - label: + javascript: type: string - lastTransition: + jsonpath: type: string - links: + locations: items: properties: - icon: + filter: type: string - label: + type: type: string - text: + values: + items: + type: string + type: array + withParent: type: string - tooltip: + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: type: string - type: - description: e.g. documentation, support, playbook + selector: type: string - url: + value: type: string type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - tls: - properties: - ca: - description: PEM encoded certificate of the CA to verify - the server certificate - properties: - name: - type: string - value: - type: string - valueFrom: + relationship: + items: properties: - configMapKeyRef: + agent: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + expr: + type: string + external_id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + filter: type: string - type: object - type: object - cert: - description: PEM encoded client certificate - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + labels: + additionalProperties: + type: string + type: object + name: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + namespace: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - handshakeTimeout: - description: HandshakeTimeout defaults to 10 seconds - format: int64 - type: integer - insecureSkipVerify: - description: |- - InsecureSkipVerify controls whether a client verifies the server's - certificate chain and host name - type: boolean - key: - description: PEM encoded client private key - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + parent: + type: boolean + scope: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + type: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string type: object - type: object - type: object - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: + type: array + type: object + type: + type: string + required: + - repositories + type: object + type: array + githubActions: + items: + properties: + actor: + type: string + branch: + type: string + class: + type: string + connection: + type: string + createFields: + items: type: string - javascript: + type: array + deleteFields: + items: type: string - jsonpath: + type: array + format: + type: string + health: + type: string + id: + type: string + items: + type: string + labels: + additionalProperties: type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: + type: object + name: + type: string + owner: + type: string + personalAccessToken: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value + configMapKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - namespace: - description: Lookup offers different ways to specify - a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + serviceAccount: + type: string + type: object + type: object + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - url: - type: string - username: - properties: - name: - type: string - value: - type: string - valueFrom: + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + repository: + type: string + status: + type: string + tags: + items: properties: - configMapKeyRef: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: properties: - key: + filter: type: string - name: + type: + type: string + values: + items: + type: string + type: array + withParent: type: string required: - - key + - type type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array required: - - key + - jsonpath type: object - secretKeyRef: + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - key: + filter: type: string - name: + type: + type: string + values: + items: + type: string + type: array + withParent: type: string required: - - key + - type type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - type: object - type: array - kubernetes: - items: - properties: - allowIncomplete: - type: boolean - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - clusterName: - type: string - cnrm: - properties: - clusterResource: - type: string - clusterResourceNamespace: - type: string - gke: - properties: - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint and credentials. - type: string - credentials: + type: array + mask: + items: properties: - name: + jsonpath: + type: string + selector: type: string value: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object type: object - endpoint: - type: string - project: - type: string - projectID: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - zone: - type: string - required: - - cluster - - projectID - - zone - type: object - required: - - clusterResource - - clusterResourceNamespace - - gke - type: object - connection: - description: Connection name to populate kubeconfig - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - eks: - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: + type: array + relationship: + items: properties: - configMapKeyRef: + agent: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + expr: + type: string + external_id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + filter: type: string - type: object - type: object - assumeRole: - type: string - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint, accessKey and secretKey. - type: string - endpoint: - type: string - region: - type: string - secretKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + id: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + labels: + additionalProperties: + type: string + type: object + name: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - sessionToken: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + namespace: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + parent: + type: boolean + scope: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + type: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string type: object - type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - required: - - cluster - type: object - event: - description: Event specifies how the Kubernetes event should - be handled. - properties: - exclusions: - description: Exclusions defines what events needs to be - dropped. - properties: - name: - items: - type: string - type: array - namespace: - items: + type: array + type: object + type: + type: string + workflows: + items: + type: string + type: array + required: + - owner + - repository + type: object + type: array + http: + items: + properties: + awsSigV4: + properties: + accessKey: + properties: + name: type: string - type: array - reason: - items: + value: type: string - type: array - type: object - severityKeywords: - description: |- - SeverityKeywords is used to identify the severity - from the Kubernetes Event reason. - properties: - error: - items: + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + assumeRole: + type: string + connection: + type: string + endpoint: + type: string + region: + type: string + secretKey: + properties: + name: type: string - type: array - warn: - items: + value: type: string - type: array - type: object - type: object - exclusions: - description: Exclusions excludes certain kubernetes objects - from being scraped. - properties: - kind: - items: - type: string - type: array - labels: - additionalProperties: + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + service: type: string - type: object - name: - items: + sessionToken: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + skipTLSVerify: + type: boolean + type: object + bearer: + properties: + name: type: string - type: array - namespace: - items: + value: type: string - type: array - type: object - fieldSelector: - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - gke: - properties: - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint and credentials. - type: string - credentials: + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + body: + type: string + class: + type: string + connection: + type: string + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + digest: + type: boolean + env: + items: properties: name: type: string @@ -8447,18 +5204,16 @@ spec: name: type: string required: - - key + - key type: object helmRef: properties: key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. type: string name: type: string required: - - key + - key type: object secretKeyRef: properties: @@ -8467,7835 +5222,6911 @@ spec: name: type: string required: - - key + - key type: object serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched type: string type: object type: object - endpoint: - type: string - project: - type: string - projectID: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - zone: - type: string - required: - - cluster - - projectID - - zone - type: object - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - kubeconfig: - properties: - name: - type: string - value: - type: string - valueFrom: + type: array + format: + type: string + headers: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: + name: + type: string + value: + type: string + valueFrom: properties: - key: - type: string - name: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string type: object - type: object - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - maxInflight: - format: int64 - type: integer - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - namespace: - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. + type: array + health: + type: string + id: + type: string items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: - items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string - type: object - type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer + type: string + labels: + additionalProperties: + type: string type: object - type: array - relationships: - description: Relationships specify the fields to use to relate - Kubernetes objects. - items: - properties: - kind: - description: Kind defines which field to use for the kind - lookup + method: + type: string + name: + type: string + ntlm: + type: boolean + ntlmv2: + type: boolean + oauth: + properties: + clientID: properties: - expr: - type: string - label: + name: type: string value: type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - name: - description: Name defines which field to use for the name - lookup + clientSecret: properties: - expr: - type: string - label: + name: type: string value: type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - namespace: - description: Namespace defines which field to use for - the namespace lookup - properties: - expr: - type: string - label: - type: string - value: - type: string + params: + additionalProperties: + type: string type: object - required: - - kind - - name - - namespace + scope: + items: + type: string + type: array + tokenURL: + type: string type: object - type: array - scope: - type: string - selector: - type: string - since: - type: string - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: + pagination: properties: - jsonpath: + delay: + type: string + maxPages: + type: integer + nextPageExpr: type: string - label: + perPage: + type: boolean + reduceExpr: type: string + required: + - nextPageExpr + type: object + password: + properties: name: type: string value: type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: + valueFrom: properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + configMapKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value + serviceAccount: + type: string + type: object + type: object + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + status: + type: string + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: + type: string + tls: + properties: + ca: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - type: - description: Lookup offers different ways to specify - a lookup value + type: object + cert: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - expr: - type: string - label: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - value: + type: object + type: object + handshakeTimeout: + format: int64 + type: integer + insecureSkipVerify: + type: boolean + key: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - useCache: - type: boolean - watch: - description: |- - Watch specifies which Kubernetes resources should be watched. - This allows for near real-time updates of the config items - without having to wait for the scraper on the specified interval. - items: - properties: - apiVersion: - type: string - kind: - type: string - required: - - apiVersion - - kind type: object - type: array - required: - - clusterName - type: object - type: array - kubernetesFile: - items: - properties: - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - cnrm: - properties: - clusterResource: - type: string - clusterResourceNamespace: - type: string - gke: - properties: - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint and credentials. - type: string - credentials: + transform: + properties: + aliases: + items: properties: - name: + filter: type: string - value: + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: type: string - valueFrom: + type: array + mapping: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: properties: - key: - type: string + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object name: - type: string - required: - - key + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + type: type: string type: object + type: array + type: object + exclude: + items: + properties: + jsonpath: + type: string + types: + items: + type: string + type: array + required: + - jsonpath type: object - endpoint: - type: string - project: - type: string - projectID: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - zone: - type: string - required: - - cluster - - projectID - - zone - type: object - required: - - clusterResource - - clusterResourceNamespace - - gke - type: object - connection: - description: Connection name to populate kubeconfig - type: string - container: - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - eks: - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - configMapKeyRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + expr: + type: string + external_id: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + filter: + type: string + id: properties: - key: + expr: type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - assumeRole: - type: string - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint, accessKey and secretKey. - type: string - endpoint: - type: string - region: - type: string - secretKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: + label: type: string - name: + value: type: string - required: - - key type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key + labels: + additionalProperties: + type: string type: object - secretKeyRef: + name: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - sessionToken: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: + label: type: string - name: + value: type: string - required: - - key type: object - helmRef: + namespace: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: + expr: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + label: type: string - name: + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - required: - - cluster - type: object - files: - items: - properties: - format: - type: string - path: - items: - type: string - type: array - type: object - type: array - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - gke: - properties: - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint and credentials. - type: string - credentials: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + parent: + type: boolean + scope: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + type: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - endpoint: - type: string - project: - type: string - projectID: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - zone: - type: string - required: - - cluster - - projectID - - zone - type: object - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - kubeconfig: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: - items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer type: object - type: array - selector: - properties: - fieldSelector: - type: string - kind: - type: string - labelSelector: - type: string - name: - type: string - namespace: - type: string - type: object - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: + type: + type: string + url: + type: string + username: properties: - jsonpath: - type: string - label: - type: string name: type: string value: type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: + valueFrom: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - required: - - type type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: + type: object + type: object + type: array + kubernetes: + items: + properties: + allowIncomplete: + type: boolean + class: + type: string + clusterName: + type: string + cnrm: + properties: + clusterResource: + type: string + clusterResourceNamespace: + type: string + gke: + properties: + cluster: type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: + connection: + type: string + credentials: properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + helmRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - type: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object + serviceAccount: + type: string type: object - type: - description: Type is the type to be set on the - change - type: string type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: + endpoint: + type: string + project: + type: string + projectID: + type: string + skipTLSVerify: + type: boolean + zone: type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array required: - - jsonpath + - cluster + - projectID + - zone type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: + required: + - clusterResource + - clusterResourceNamespace + - gke + type: object + connection: + type: string + createFields: + items: type: string - jsonpath: + type: array + deleteFields: + items: type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: + type: array + eks: + properties: + accessKey: properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. + name: type: string value: - description: Value can be a hash function name or - just a string type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. + type: object + assumeRole: + type: string + cluster: + type: string + connection: + type: string + endpoint: + type: string + region: + type: string + secretKey: + properties: + name: type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied + value: type: string - id: - description: Lookup offers different ways to specify - a lookup value + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - labels: - additionalProperties: - type: string - type: object + type: object + sessionToken: + properties: name: - description: Lookup offers different ways to specify - a lookup value + type: string + value: + type: string + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object + type: object + skipTLSVerify: + type: boolean + required: + - cluster + type: object + event: + properties: + exclusions: + properties: + name: + items: + type: string + type: array namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object + items: + type: string + type: array + reason: + items: + type: string + type: array type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - selector - type: object - type: array - logLevel: - description: LogLevel sets the log level for the scraper. Supported - values are "trace", "debug", "info" Default is "info". - type: string - logs: - items: - properties: - azureLogAnalytics: - description: AzureLogAnalytics specifies the Azure Log Analytics - configuration for log scraping - properties: - clientID: - properties: - name: + severityKeywords: + properties: + error: + items: + type: string + type: array + warn: + items: + type: string + type: array + type: object + type: object + exclusions: + properties: + kind: + items: type: string - value: + type: array + labels: + additionalProperties: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - clientSecret: - properties: - name: + type: object + name: + items: type: string - value: + type: array + namespace: + items: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: + type: array + type: object + fieldSelector: + type: string + format: + type: string + gke: + properties: + cluster: + type: string + connection: + type: string + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + endpoint: + type: string + project: + type: string + projectID: + type: string + skipTLSVerify: + type: boolean + zone: + type: string + required: + - cluster + - projectID + - zone + type: object + health: + type: string + id: + type: string + items: + type: string + kubeconfig: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: - type: string - required: + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - connection: - type: string - end: - description: |- - The end time for the query - Supports Datemath - type: string - limit: - description: Limit is the maximum number of lines to return - type: string - query: - description: Query is the KQL (Kusto Query Language) query - to execute. - type: string - start: - description: |- - The start time for the query - SupportsDatemath - type: string - tenantID: - type: string - workspaceID: - description: WorkspaceID is the Azure Log Analytics workspace - ID to query. + type: object + serviceAccount: + type: string + type: object + type: object + labels: + additionalProperties: type: string - required: - - query - - workspaceID - type: object - bigQuery: - description: BigQuery specifies the BigQuery configuration for - log scraping + type: object + maxInflight: + format: int64 + type: integer + name: + type: string + namespace: + type: string properties: - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint and credentials. - type: string - credentials: + items: properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: + properties: + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + url: + type: string + type: object + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer name: type: string - value: + order: + type: integer + status: type: string - valueFrom: + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + relationships: + items: + properties: + kind: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: type: string type: object + required: + - kind + - name + - namespace type: object - endpoint: - type: string - project: - type: string - query: - description: Query is the raw SQL query to execute against - the BigQuery table. - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - type: object - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + scope: type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + selector: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - fieldMapping: - description: FieldMapping defines how source log fields map - to canonical LogLine fields - properties: - dedupBy: - items: - type: string - type: array - groupBy: - items: - type: string - type: array - host: - items: - type: string - type: array - id: - items: - type: string - type: array - ignore: - items: - type: string - type: array - message: - items: - type: string - type: array - severity: - items: - type: string - type: array - source: - items: - type: string - type: array - timestamp: - items: - type: string - type: array - type: object - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - gcpCloudLogging: - description: GCPCloudLogging specifies the GCP Cloud Logging - configuration - properties: - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint and credentials. - type: string - credentials: + since: + type: string + status: + type: string + tags: + items: properties: + jsonpath: + type: string + label: + type: string name: type: string value: type: string - valueFrom: + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + action: type: string - name: + ancestor_type: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + config_id: type: string - name: + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array + required: + - jsonpath type: object - type: object - end: - description: |- - The end time for the query - Supports Datemath - type: string - endpoint: - type: string - filter: - description: Filter is the filter to perform - type: string - limit: - description: Limit is the maximum number of lines to return - type: string - project: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - start: - description: |- - The start time for the query - SupportsDatemath - type: string - type: object - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - loki: - description: Loki specifies the Loki configuration for log scraping - properties: - connection: - type: string - direction: - description: Direction is the direction of the query. "forward" - or "backward" (default) - type: string - end: - description: |- - The end time for the query - Supports Datemath - type: string - interval: - description: Only return entries at (or greater than) the - specified interval, can be a duration format or float - number of seconds - type: string - limit: - description: Limit is the maximum number of lines to return - type: string - password: - properties: - name: - type: string - value: - type: string - valueFrom: + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - configMapKeyRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + expr: + type: string + external_id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + filter: type: string - type: object - type: object - query: - description: Query is the LogQL query to perform - type: string - since: - description: |- - Since is a duration used to calculate start relative to end. - If end is in the future, start is calculated as this duration before now. - Any value specified for start supersedes this parameter. - type: string - start: - description: |- - The start time for the query - SupportsDatemath - type: string - step: - description: Step is the Query resolution step width in - duration format or float number of seconds - type: string - url: - type: string - username: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + id: properties: - key: - type: string - name: + expr: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + label: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + labels: + additionalProperties: + type: string + type: object + name: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - openSearch: - description: OpenSearch specifies the OpenSearch configuration - for log scraping - properties: - address: - type: string - connection: - type: string - index: - type: string - limit: - type: string - password: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + namespace: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + parent: + type: boolean + scope: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + type: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string type: object - type: object - query: - type: string - username: + type: array + type: object + type: + type: string + useCache: + type: boolean + watch: + items: properties: - name: + apiVersion: type: string - value: + kind: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object + required: + - apiVersion + - kind type: object - required: - - index - - query - type: object + type: array + required: + - clusterName + type: object + type: array + kubernetesFile: + items: properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: - items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string - type: object - type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: + class: + type: string + cnrm: properties: - jsonpath: - type: string - label: - type: string - name: + clusterResource: type: string - value: + clusterResourceNamespace: type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: + gke: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used + cluster: type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: + connection: type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: + credentials: properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - type: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object + serviceAccount: + type: string type: object - type: - description: Type is the type to be set on the - change - type: string type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: + endpoint: + type: string + project: + type: string + projectID: + type: string + skipTLSVerify: + type: boolean + zone: type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array required: - - jsonpath + - cluster + - projectID + - zone type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: + required: + - clusterResource + - clusterResourceNamespace + - gke + type: object + connection: + type: string + container: + type: string + createFields: + items: type: string - jsonpath: + type: array + deleteFields: + items: type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: + type: array + eks: + properties: + accessKey: properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. + name: type: string value: - description: Value can be a hash function name or - just a string type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. + type: object + assumeRole: + type: string + cluster: + type: string + connection: + type: string + endpoint: + type: string + region: + type: string + secretKey: + properties: + name: type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied + value: type: string - id: - description: Lookup offers different ways to specify - a lookup value + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - labels: - additionalProperties: - type: string - type: object + type: object + sessionToken: + properties: name: - description: Lookup offers different ways to specify - a lookup value + type: string + value: + type: string + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - namespace: - description: Lookup offers different ways to specify - a lookup value + type: object + skipTLSVerify: + type: boolean + required: + - cluster + type: object + files: + items: + properties: + format: + type: string + path: + items: + type: string + type: array + type: object + type: array + format: + type: string + gke: + properties: + cluster: + type: string + connection: + type: string + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - expr: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - label: + type: object + type: object + endpoint: + type: string + project: + type: string + projectID: + type: string + skipTLSVerify: + type: boolean + zone: + type: string + required: + - cluster + - projectID + - zone + type: object + health: + type: string + id: + type: string + items: + type: string + kubeconfig: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: type: string - value: + name: type: string + required: + - key type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - type: - description: Lookup offers different ways to specify - a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object + serviceAccount: + type: string type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - type: object - type: array - playwright: - items: - properties: - artifacts: - description: Artifacts are additional artifact paths to collect - after execution - items: - properties: - path: - type: string - required: - - path type: object - type: array - checkout: - description: Checkout is a git repository to check out the script - from - properties: - branch: + labels: + additionalProperties: type: string - certificate: + type: object + name: + type: string + properties: + items: properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: + properties: + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + url: + type: string + type: object + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer name: type: string - value: + order: + type: integer + status: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer type: object - connection: - type: string - depth: - type: integer - destination: - description: |- - Destination is the full path to where the contents of the URL should be downloaded to. - If left empty, the sha256 hash of the URL will be used as the dir name. - - Deprecated: no similar functionality available. This depends on the use case - type: string - password: + type: array + selector: + properties: + fieldSelector: + type: string + kind: + type: string + labelSelector: + type: string + name: + type: string + namespace: + type: string + type: object + status: + type: string + tags: + items: properties: + jsonpath: + type: string + label: + type: string name: type: string value: type: string - valueFrom: + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + action: type: string - name: + ancestor_type: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + config_id: type: string - name: + config_type: type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - type: - description: Type of connection e.g. github, gitlab - type: string - url: - type: string - username: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: + filter: type: string - name: + scraper_id: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + severity: type: string - name: + summary: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - type: object - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connections: - description: Connections for AWS/GCP/Azure/K8s credential injection - properties: - aws: - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: + target: properties: - key: - type: string + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object name: - type: string - required: - - key + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + type: type: string type: object - type: object - assumeRole: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint, accessKey and secretKey. - type: string - endpoint: - type: string - region: - type: string - secretKey: + type: array + type: object + exclude: + items: properties: - name: - type: string - value: + jsonpath: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object + types: + items: + type: string + type: array + required: + - jsonpath type: object - sessionToken: + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - name: + filter: type: string - value: + type: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object + values: + items: + type: string + type: array + withParent: + type: string + required: + - type type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - type: object - azure: - properties: - clientID: + type: array + mask: + items: properties: - name: + jsonpath: + type: string + selector: type: string value: type: string - valueFrom: + type: object + type: array + relationship: + items: + properties: + agent: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: type: string type: object - type: object - clientSecret: - properties: - name: - type: string - value: + expr: type: string - valueFrom: + external_id: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: type: string type: object - type: object - connection: - type: string - tenantID: - type: string - type: object - eksPodIdentity: - description: EKSPodIdentity when enabled will allow access - to AWS_* env vars - type: boolean - fromConfigItem: - type: string - gcp: - properties: - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint and credentials. - type: string - credentials: - properties: - name: - type: string - value: + filter: type: string - valueFrom: + id: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: type: string type: object - type: object - endpoint: - type: string - project: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - type: object - kubernetes: - properties: - cnrm: - properties: - clusterResource: - type: string - clusterResourceNamespace: - type: string - gke: + labels: + additionalProperties: + type: string + type: object + name: properties: - cluster: + expr: type: string - connection: - description: ConnectionName of the connection. - It'll be used to populate the endpoint and - credentials. - type: string - credentials: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the - merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies - the service account whose token should - be fetched - type: string - type: object - type: object - endpoint: - type: string - project: - type: string - projectID: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - zone: - type: string - required: - - cluster - - projectID - - zone - type: object - required: - - clusterResource - - clusterResourceNamespace - - gke - type: object - connection: - description: Connection name to populate kubeconfig - type: string - eks: - properties: - accessKey: - properties: - name: + label: type: string value: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the - service account whose token should be - fetched - type: string - type: object type: object - assumeRole: - type: string - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint, accessKey and - secretKey. - type: string - endpoint: - type: string - region: - type: string - secretKey: + namespace: properties: - name: - type: string - value: + expr: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the - service account whose token should be - fetched - type: string - type: object - type: object - sessionToken: - properties: - name: + label: type: string value: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the - service account whose token should be - fetched - type: string - type: object type: object - skipTLSVerify: - description: Skip TLS verify when connecting to - aws + parent: type: boolean - required: - - cluster - type: object - gke: - properties: - cluster: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint and credentials. - type: string - credentials: + scope: properties: - name: + expr: + type: string + label: type: string value: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the - service account whose token should be - fetched - type: string - type: object type: object - endpoint: - type: string - project: - type: string - projectID: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - zone: - type: string - required: - - cluster - - projectID - - zone - type: object - kubeconfig: - properties: - name: - type: string - value: - type: string - valueFrom: + type: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: type: string type: object type: object - type: object - serviceAccount: - description: ServiceAccount when enabled will allow access - to KUBERNETES env vars - type: boolean - type: object - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + type: object + type: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - env: - description: Env additional environment variables for the script - items: + required: + - selector + type: object + type: array + logLevel: + type: string + logs: + items: + properties: + azureLogAnalytics: properties: - name: - type: string - value: - type: string - valueFrom: + clientID: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: + name: + type: string + value: + type: string + valueFrom: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - required: - - key type: object - secretKeyRef: + type: object + clientSecret: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - key: - type: string - name: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string type: object + connection: + type: string + end: + type: string + limit: + type: string + query: + type: string + start: + type: string + tenantID: + type: string + workspaceID: + type: string + required: + - query + - workspaceID type: object - type: array - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - har: - description: HAR enables HAR (HTTP Archive) recording - type: boolean - headless: - description: Headless mode (default true) - type: boolean - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - login: - description: Login provider for auto-login (AWS federation, - browser cookies) - properties: - aws: - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: + bigQuery: + properties: + connection: + type: string + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - assumeRole: + type: object + serviceAccount: + type: string + type: object + type: object + endpoint: + type: string + project: + type: string + query: + type: string + skipTLSVerify: + type: boolean + type: object + class: + type: string + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + fieldMapping: + properties: + dedupBy: + items: + type: string + type: array + groupBy: + items: + type: string + type: array + host: + items: + type: string + type: array + id: + items: type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint, accessKey and secretKey. + type: array + ignore: + items: type: string - endpoint: + type: array + message: + items: type: string - issuer: + type: array + severity: + items: type: string - login: + type: array + source: + items: type: string - region: - items: + type: array + timestamp: + items: + type: string + type: array + type: object + format: + type: string + gcpCloudLogging: + properties: + connection: + type: string + credentials: + properties: + name: type: string - type: array - secretKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - sessionDuration: - type: integer - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - type: object - browser: - properties: - connection: - type: string - required: - - connection - type: object - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - outputMode: - description: 'OutputMode controls how stdout is parsed: "json" - (default) or "raw"' - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: - items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string - type: object - type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: + type: object + serviceAccount: + type: string + type: object + type: object + end: type: string - order: - type: integer - status: + endpoint: type: string - text: - description: Either text or value is required, but not - both. + filter: type: string - tooltip: + limit: type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' + project: type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. + skipTLSVerify: + type: boolean + start: type: string - value: - format: int64 - type: integer type: object - type: array - query: - description: Query exports config items as JSON files for use - in scripts + health: + type: string + id: + type: string items: - description: ConfigQuery defines a query that exports config - items as JSON files for use in scripts. + type: string + labels: + additionalProperties: + type: string + type: object + loki: properties: - agent: - description: |- - Agent can be the agent id or the name of the agent. - Additionally, the special "self" value can be used to select resources without an agent. - type: string - cache: - description: |- - Cache directives - 'no-cache' (should not fetch from cache but can be cached) - 'no-store' (should not cache) - 'max-age=X' (cache for X duration) - type: string - fieldSelector: + connection: type: string - health: - description: |- - Health filters resources by the health. - Multiple healths can be provided separated by comma. + direction: type: string - id: + end: type: string - includeDeleted: - type: boolean - labelSelector: + interval: type: string limit: - type: integer - name: type: string - namespace: - type: string - path: - description: Path is the file path to write the query - results to (relative to script working dir). - type: string - scope: - description: |- - Scope is the reference for parent of the resource to select. - For config items, the scope is the scraper id - For checks, it's canaries and - For components, it's topology. - It can either be a uuid or namespace/name - type: string - search: - description: Search query that applies to the resource - name, tag & labels. - type: string - statuses: - description: Statuses filter resources by the status - items: - type: string - type: array - tagSelector: - type: string - types: - description: Types filter resources by the type - items: - type: string - type: array - required: - - path - type: object - type: array - script: - description: Script is an inline TypeScript/JavaScript to run - with Playwright. - type: string - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: + password: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + query: type: string - label: + since: type: string - name: + start: type: string - value: + step: type: string - required: - - name - type: object - type: array - timeout: - description: Timeout in seconds for the script execution (default - 300) - type: integer - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - trace: - description: Trace configures HAR, video, and network recording - properties: - domains: - items: + url: type: string - type: array - har: - type: boolean - video: - type: string - type: object - transform: - properties: - aliases: - items: + username: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used + name: type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + type: object + name: + type: string + openSearch: + properties: + address: + type: string + connection: + type: string + index: + type: string + limit: + type: string + password: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + query: + type: string + username: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + required: + - index + - query + type: object + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: items: + properties: + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + url: + type: string + type: object + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + status: + type: string + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object + type: array + type: object + exclude: + items: + properties: + jsonpath: + type: string + types: + items: + type: string + type: array + required: + - jsonpath + type: object + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + expr: + type: string + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: + type: string + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: array + type: object + type: + type: string + type: object + type: array + playwright: + items: + properties: + artifacts: + items: + properties: + path: + type: string + required: + - path + type: object + type: array + checkout: + properties: + branch: + type: string + certificate: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + connection: + type: string + depth: + type: integer + destination: + type: string + password: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + type: + type: string + url: + type: string + username: + properties: + name: type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + type: object + class: + type: string + connections: + properties: + aws: + properties: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + assumeRole: + type: string + connection: + type: string + endpoint: + type: string + region: + type: string + secretKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + sessionToken: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + skipTLSVerify: + type: boolean + type: object + azure: + properties: + clientID: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + clientSecret: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + connection: + type: string + tenantID: + type: string + type: object + eksPodIdentity: + type: boolean + fromConfigItem: + type: string + gcp: + properties: + connection: + type: string + credentials: properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: properties: - expr: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + endpoint: + type: string + project: + type: string + skipTLSVerify: + type: boolean + type: object + kubernetes: + properties: + cnrm: + properties: + clusterResource: + type: string + clusterResourceNamespace: + type: string + gke: + properties: + cluster: + type: string + connection: + type: string + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + endpoint: + type: string + project: + type: string + projectID: + type: string + skipTLSVerify: + type: boolean + zone: + type: string + required: + - cluster + - projectID + - zone + type: object + required: + - clusterResource + - clusterResourceNamespace + - gke + type: object + connection: + type: string + eks: + properties: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + assumeRole: + type: string + cluster: + type: string + connection: + type: string + endpoint: + type: string + region: + type: string + secretKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - label: + type: object + type: object + sessionToken: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string - value: + type: object + type: object + skipTLSVerify: + type: boolean + required: + - cluster + type: object + gke: + properties: + cluster: + type: string + connection: + type: string + credentials: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - external_id: - description: Lookup offers different ways - to specify a lookup value + type: object + endpoint: + type: string + project: + type: string + projectID: + type: string + skipTLSVerify: + type: boolean + zone: + type: string + required: + - cluster + - projectID + - zone + type: object + kubeconfig: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - id: - description: Lookup offers different ways - to specify a lookup value + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - namespace: - description: Lookup offers different ways - to specify a lookup value + serviceAccount: + type: string + type: object + type: object + type: object + serviceAccount: + type: boolean + type: object + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + type: array + format: + type: string + har: + type: boolean + headless: + type: boolean + health: + type: string + id: + type: string + items: + type: string + labels: + additionalProperties: + type: string + type: object + login: + properties: + aws: + properties: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - type: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object + serviceAccount: + type: string type: object - type: - description: Type is the type to be set on the - change - type: string type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked + assumeRole: type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. + connection: type: string - value: - description: Value can be a hash function name or - just a string + endpoint: type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. + issuer: type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied + login: type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: + region: + items: type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value + type: array + secretKey: properties: - expr: - type: string - label: + name: type: string value: type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter + sessionDuration: + type: integer + skipTLSVerify: type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + type: object + browser: + properties: + connection: + type: string + required: + - connection + type: object + type: object + name: + type: string + outputMode: + type: string + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - script - type: object - type: array - pubsub: - items: - properties: - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + query: + items: + properties: + agent: + type: string + cache: + type: string + fieldSelector: + type: string + health: + type: string + id: + type: string + includeDeleted: + type: boolean + labelSelector: + type: string + limit: + type: integer + name: + type: string + namespace: + type: string + path: + type: string + scope: + type: string + search: + type: string + statuses: + items: + type: string + type: array + tagSelector: + type: string + types: + items: + type: string + type: array + required: + - path + type: object + type: array + script: type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + status: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - kafka: - properties: - brokers: - items: - type: string - type: array - group: - type: string - topic: - type: string - required: - - brokers - - group - - topic - type: object - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - maxMessages: - type: integer - memory: - properties: - queue: - type: string - required: - - queue - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - nats: - properties: - queue: - type: string - subject: - type: string - url: - type: string - required: - - subject - type: object - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timeout: + type: integer + timestampFormat: + type: string + trace: properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: + domains: + items: + type: string + type: array + har: type: boolean - icon: - type: string - label: + video: type: string - lastTransition: - type: string - links: + type: object + transform: + properties: + aliases: items: properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: + filter: type: string type: - description: e.g. documentation, support, playbook type: string - url: + values: + items: + type: string + type: array + withParent: type: string + required: + - type type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - pubsub: - properties: - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint and credentials. - type: string - credentials: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: properties: - key: + action: type: string - name: + ancestor_type: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + config_id: type: string - name: + config_type: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + filter: type: string - name: + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array + required: + - jsonpath type: object - type: object - endpoint: - type: string - project: - type: string - project_id: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - subscription: - type: string - required: - - project_id - - subscription - type: object - rabbitmq: - properties: - host: - type: string - password: - type: string - port: - type: integer - queue: - type: string - username: - type: string - required: - - host - - password - - port - - queue - - username - type: object - sqs: - properties: - accessKey: - properties: - name: - type: string - value: - type: string - valueFrom: + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. - type: string - name: + expr: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + label: type: string - name: + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: type: string - type: object - type: object - assumeRole: - type: string - connection: - description: ConnectionName of the connection. It'll be - used to populate the endpoint, accessKey and secretKey. - type: string - endpoint: - type: string - queue: - type: string - raw: - type: boolean - region: - type: string - secretKey: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + external_id: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + filter: + type: string + id: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + labels: + additionalProperties: + type: string + type: object + name: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string - type: object - type: object - sessionToken: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + namespace: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - helmRef: + parent: + type: boolean + scope: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - secretKeyRef: + type: properties: - key: + expr: type: string - name: + label: + type: string + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched - type: string type: object - type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - waitTime: - description: Time in seconds to long-poll for messages, - Default to 15, max is 20 - type: integer - required: - - queue - - raw - type: object - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 + type: array + type: object + type: + type: string + required: + - script + type: object + type: array + pubsub: + items: + properties: + class: + type: string + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + format: + type: string + health: + type: string + id: + type: string items: + type: string + kafka: properties: - jsonpath: + brokers: + items: + type: string + type: array + group: type: string - label: + topic: type: string - name: + required: + - brokers + - group + - topic + type: object + labels: + additionalProperties: + type: string + type: object + maxMessages: + type: integer + memory: + properties: + queue: type: string - value: + required: + - queue + type: object + name: + type: string + nats: + properties: + queue: + type: string + subject: + type: string + url: type: string required: - - name + - subject type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: + items: properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: items: properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string type: - description: Type is the type to be set on the - change + type: string + url: type: string type: object type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. + type: array + pubsub: + properties: + connection: + type: string + credentials: properties: - jsonpath: + name: type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: + endpoint: + type: string + project: + type: string + project_id: + type: string + skipTLSVerify: + type: boolean + subscription: + type: string + required: + - project_id + - subscription + type: object + rabbitmq: + properties: + host: + type: string + password: + type: string + port: + type: integer + queue: + type: string + username: + type: string + required: + - host + - password + - port + - queue + - username + type: object + sqs: + properties: + accessKey: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used + name: type: string - required: - - type + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: + assumeRole: + type: string + connection: + type: string + endpoint: + type: string + queue: + type: string + raw: + type: boolean + region: + type: string + secretKey: properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. + name: type: string value: - description: Value can be a hash function name or - just a string type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. + type: object + sessionToken: + properties: + name: type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied + value: type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - type: object - type: array - retention: - properties: - changes: - items: - properties: - age: - type: string - count: - type: integer - name: - type: string - type: object - type: array - staleAnalysisAge: - description: |- - StaleAnalysisAge is the duration after which an analysis that is no longer observed by the scraper - is marked as resolved. Defaults to 48h. Use "keep" to disable auto-resolution. - type: string - staleItemAge: - type: string - types: - items: - properties: - createdAge: - type: string - deletedAge: - type: string - name: - type: string - updatedAge: - type: string - type: object - type: array - type: object - schedule: - description: 'Schedule is a cron expression for when to run the scraper. - Example: `@every 1m`, `0 */6 * * *` (every 6 hours)' - type: string - slack: - items: - properties: - channels: - description: |- - Process messages from these channels and discard others. - If empty, all channels are matched. - items: - description: MatchExpression uses MatchItems - type: string - type: array - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + skipTLSVerify: + type: boolean + waitTime: + type: integer + required: + - queue + - raw + type: object + status: type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: + transform: properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: + aliases: items: properties: - icon: - type: string - label: + filter: type: string - text: + type: type: string - tooltip: + values: + items: + type: string + type: array + withParent: type: string - type: - description: e.g. documentation, support, playbook + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: type: string - url: + type: array + mapping: + items: + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array + required: + - jsonpath type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: + expr: type: string - text: - description: Either text or value is required, but not - both. + gotemplate: type: string - tooltip: + javascript: type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. + jsonpath: type: string - value: - format: int64 - type: integer - type: object - type: array - rules: - description: Rules define the change extraction rules. - items: - properties: - config: - description: Config is a list of selectors to attach the - change to. + locations: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: items: - description: |- - EnvVarResourceSelector is used to select a resource. - At least one of the fields must be specified. properties: agent: properties: expr: type: string + label: + type: string value: - description: Value is a static value type: string type: object - cache: + expr: type: string - fieldSelector: + external_id: properties: expr: type: string + label: + type: string value: - description: Value is a static value type: string type: object - healths: - items: - properties: - expr: - type: string - value: - description: Value is a static value - type: string - type: object - type: array + filter: + type: string id: properties: expr: type: string - value: - description: Value is a static value - type: string - type: object - labelSelector: - properties: - expr: + label: type: string value: - description: Value is a static value type: string type: object + labels: + additionalProperties: + type: string + type: object name: properties: expr: type: string + label: + type: string value: - description: Value is a static value type: string type: object namespace: properties: expr: type: string + label: + type: string value: - description: Value is a static value type: string type: object + parent: + type: boolean scope: - type: string - statuses: - items: - properties: - expr: - type: string - value: - description: Value is a static value - type: string - type: object - type: array - tagSelector: properties: expr: type: string - value: - description: Value is a static value + label: type: string - type: object - types: - items: - properties: - expr: - type: string - value: - description: Value is a static value - type: string - type: object - type: array - type: object - minItems: 1 - type: array - filter: - description: Only those messages matching this filter - will be processed. - properties: - bot: - description: Bot name to match - type: string - expr: - description: Must match the given expression - type: string - user: - description: Slack User to match - properties: - displayName: - description: MatchExpression uses MatchItems - type: string - name: - description: MatchExpression uses MatchItems - type: string - type: object - type: object - mapping: - description: Mapping defines the Change to be extracted - from the text. - properties: - createdAt: - properties: - expr: - type: string - value: - description: Value is a static value - type: string - type: object - details: - description: |- - Details of the change in json format. - Defaults to the text. - properties: - expr: - type: string - value: - description: Value is a static value - type: string - type: object - severity: - properties: - expr: - type: string - value: - description: Value is a static value - type: string - type: object - summary: - properties: - expr: - type: string - value: - description: Value is a static value - type: string - type: object - timeFormat: - description: |- - TimeFormat is the go time format for the `createdAt` field. - Defaults to RFC3339. - type: string - type: - properties: - expr: - type: string - value: - description: Value is a static value - type: string - type: object - type: object - regexp: - description: |- - Regexp to capture the fields from the text. - Captured fields are available in the templates. - type: string - required: - - config - type: object - minItems: 1 - type: array - since: - description: |- - Fetch the messages since this period. - Default: 7d - - Specify the duration string. - eg: 1h, 7d, ... - type: string - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - token: - description: Slack token - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used to - fetch the key from the merged JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service account - whose token should be fetched - type: string - type: object - type: object - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: array + type: object + type: + type: string + type: object + type: array + retention: + properties: + changes: + items: + properties: + age: + type: string + count: + type: integer + name: + type: string + type: object + type: array + staleAnalysisAge: + type: string + staleItemAge: + type: string + types: + items: + properties: + createdAge: + type: string + deletedAge: + type: string + name: + type: string + updatedAge: + type: string + type: object + type: array + type: object + schedule: + type: string + slack: + items: + properties: + channels: + items: + type: string + type: array + class: + type: string + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + format: + type: string + health: + type: string + id: + type: string + items: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object - type: - description: Lookup offers different ways to specify - a lookup value + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + rules: + items: + properties: + config: + items: properties: - expr: - type: string - label: + agent: + properties: + expr: + type: string + value: + type: string + type: object + cache: type: string - value: + fieldSelector: + properties: + expr: + type: string + value: + type: string + type: object + healths: + items: + properties: + expr: + type: string + value: + type: string + type: object + type: array + id: + properties: + expr: + type: string + value: + type: string + type: object + labelSelector: + properties: + expr: + type: string + value: + type: string + type: object + name: + properties: + expr: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + value: + type: string + type: object + scope: type: string + statuses: + items: + properties: + expr: + type: string + value: + type: string + type: object + type: array + tagSelector: + properties: + expr: + type: string + value: + type: string + type: object + types: + items: + properties: + expr: + type: string + value: + type: string + type: object + type: array type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - rules - - token - type: object - type: array - sql: - items: - properties: - auth: - description: Authentication ... - properties: - password: - properties: - name: - type: string - value: - type: string - valueFrom: + minItems: 1 + type: array + filter: properties: - configMapKeyRef: + bot: + type: string + expr: + type: string + user: properties: - key: + displayName: type: string name: type: string - required: - - key type: object - helmRef: + type: object + mapping: + properties: + createdAt: properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + expr: type: string - name: + value: type: string - required: - - key type: object - secretKeyRef: + details: properties: - key: + expr: type: string - name: + value: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + severity: + properties: + expr: + type: string + value: + type: string + type: object + summary: + properties: + expr: + type: string + value: + type: string + type: object + timeFormat: type: string + type: + properties: + expr: + type: string + value: + type: string + type: object type: object + regexp: + type: string + required: + - config type: object - username: + minItems: 1 + type: array + since: + type: string + status: + type: string + tags: + items: properties: + jsonpath: + type: string + label: + type: string name: type: string value: type: string - valueFrom: + required: + - name + type: object + type: array + timestampFormat: + type: string + token: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: + type: string + type: object + type: object + transform: + properties: + aliases: + items: properties: - configMapKeyRef: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: properties: - key: + action: type: string - name: + ancestor_type: type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression used - to fetch the key from the merged JSON. + config_id: type: string - name: + config_type: type: string - required: - - key - type: object - secretKeyRef: - properties: - key: + filter: type: string - name: + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: type: string - required: - - key type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + type: array + type: object + exclude: + items: + properties: + jsonpath: type: string + types: + items: + type: string + type: array + required: + - jsonpath type: object - type: object - required: - - password - - username - type: object - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - connection: - description: |- - Connection is either the name of the connection to lookup - or the connection string itself. - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - driver: - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: + type: array + expr: type: string - headline: - type: boolean - hidden: - type: boolean - icon: + gotemplate: type: string - label: + javascript: type: string - lastTransition: + jsonpath: type: string - links: + locations: items: properties: - icon: + filter: type: string - label: + type: type: string - text: + values: + items: + type: string + type: array + withParent: type: string - tooltip: + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: type: string - type: - description: e.g. documentation, support, playbook + selector: type: string - url: + value: type: string type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - query: - type: string - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways - to specify a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: object - type: - description: Type is the type to be set on the - change - type: string - type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: + relationship: + items: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + expr: type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: array + type: object + type: + type: string + required: + - rules + - token + type: object + type: array + sql: + items: + properties: + auth: + properties: + password: properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. + name: type: string value: - description: Value can be a hash function name or - just a string type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. + type: object + username: + properties: + name: type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied + value: type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value + valueFrom: properties: - expr: - type: string - label: - type: string - value: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + helmRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + required: + - key + type: object + serviceAccount: type: string type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + type: object + required: + - password + - username + type: object + class: + type: string + connection: + type: string + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + driver: + type: string + format: + type: string + health: + type: string + id: + type: string + items: + type: string + labels: + additionalProperties: + type: string + type: object + name: + type: string + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - connection - - query - type: object - type: array - system: - type: boolean - terraform: - items: - properties: - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + query: type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: + status: type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timestampFormat: + type: string + transform: properties: - color: - type: string - filter: + aliases: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object + type: array + type: object + exclude: + items: + properties: + jsonpath: + type: string + types: + items: + type: string + type: array + required: + - jsonpath + type: object + type: array + expr: type: string - headline: - type: boolean - hidden: - type: boolean - icon: + gotemplate: type: string - label: + javascript: type: string - lastTransition: + jsonpath: type: string - links: + locations: items: properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: + filter: type: string type: - description: e.g. documentation, support, playbook type: string - url: + values: + items: + type: string + type: array + withParent: type: string + required: + - type type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - state: - properties: - gcs: - properties: - bucket: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint and credentials. - type: string - credentials: + mask: + items: properties: - name: + jsonpath: + type: string + selector: type: string value: type: string - valueFrom: + type: object + type: array + relationship: + items: + properties: + agent: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: type: string type: object - type: object - endpoint: - type: string - project: - type: string - skipTLSVerify: - description: Skip TLS verify - type: boolean - type: object - local: - type: string - s3: - properties: - accessKey: - properties: - name: - type: string - value: + expr: type: string - valueFrom: + external_id: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: type: string type: object - type: object - assumeRole: - type: string - bucket: - type: string - connection: - description: ConnectionName of the connection. It'll - be used to populate the endpoint, accessKey and secretKey. - type: string - endpoint: - type: string - objectPath: - description: glob path to restrict matches to a subset - type: string - region: - type: string - secretKey: - properties: - name: - type: string - value: + filter: type: string - valueFrom: + id: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: type: string type: object - type: object - sessionToken: - properties: + labels: + additionalProperties: + type: string + type: object name: - type: string - value: - type: string - valueFrom: properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - helmRef: - properties: - key: - description: Key is a JSONPath expression - used to fetch the key from the merged - JSON. - type: string - name: - type: string - required: - - key - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - required: - - key - type: object - serviceAccount: - description: ServiceAccount specifies the service - account whose token should be fetched + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: type: string type: object type: object - skipTLSVerify: - description: Skip TLS verify when connecting to aws - type: boolean - usePathStyle: - description: 'Use path style path: http://s3.amazonaws.com/BUCKET/KEY - instead of http://BUCKET.s3.amazonaws.com/KEY' - type: boolean - type: object - type: object - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 + type: array + type: object + type: + type: string + required: + - connection + - query + type: object + type: array + system: + type: boolean + terraform: + items: + properties: + class: + type: string + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + format: + type: string + health: + type: string + id: + type: string items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name + type: string + labels: + additionalProperties: + type: string type: object - type: array - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: + name: + type: string properties: - aliases: - items: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: + properties: + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + url: + type: string + type: object + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + state: + properties: + gcs: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used + bucket: type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: + connection: type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: + credentials: properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - id: - description: Lookup offers different ways - to specify a lookup value + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - namespace: - description: Lookup offers different ways - to specify a lookup value + serviceAccount: + type: string + type: object + type: object + endpoint: + type: string + project: + type: string + skipTLSVerify: + type: boolean + type: object + local: + type: string + s3: + properties: + accessKey: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + helmRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - type: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object + serviceAccount: + type: string type: object - type: - description: Type is the type to be set on the - change - type: string type: object - type: array - type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. - properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. - items: - type: string - type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used + assumeRole: type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked + bucket: type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. + connection: type: string - value: - description: Value can be a hash function name or - just a string + endpoint: type: string - type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. + objectPath: type: string - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied + region: type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value + secretKey: properties: - expr: - type: string - label: + name: type: string value: type: string - type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - required: - - name - - state - type: object - type: array - trivy: - items: - properties: - class: - description: A static value or JSONPath expression to use as - the class for the resource. - type: string - compliance: - items: - type: string - type: array - createFields: - description: |- - CreateFields is a list of JSONPath expression used to identify the created time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - deleteFields: - description: |- - DeleteFields is a JSONPath expression used to identify the deleted time of the config. - If multiple fields are specified, the first non-empty value will be used. - items: - type: string - type: array - description: - description: A static value or JSONPath expression to use as - the description for the resource. - type: string - format: - description: Format of config item, defaults to JSON, available - options are JSON, properties - type: string - health: - description: A static value or JSONPath expression to use as - the health of the config item - type: string - id: - description: A static value or JSONPath expression to use as - the ID for the resource. - type: string - ignoreUnfixed: - type: boolean - ignoredLicenses: - items: - type: string - type: array - items: - description: |- - A JSONPath expression to use to extract individual items from the resource, - items are extracted first and then the ID,Name,Type and transformations are applied for each item. - type: string - kubernetes: - description: TrivyK8sOptions holds in Trivy flags that are Kubernetes - specific. - properties: - components: - items: - type: string - type: array - context: - type: string - kubeconfig: - type: string - namespace: - type: string - type: object - labels: - additionalProperties: - type: string - description: Labels for each config item. - type: object - licenseFull: - type: boolean - name: - description: A static value or JSONPath expression to use as - the Name for the resource. - type: string - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: - type: string - filter: - type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: - items: - properties: - icon: - type: string - label: - type: string - text: - type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: - type: string - type: object - type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not - both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch - etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - scanners: - items: - type: string - type: array - severity: - items: - type: string - type: array - status: - description: A static value or JSONPath expression to use as - the status of the config item - type: string - tags: - description: |- - Tags for each config item. - Max allowed: 5 - items: - properties: - jsonpath: - type: string - label: - type: string - name: - type: string - value: - type: string - required: - - name - type: object - type: array - timeout: - type: string - timestampFormat: - description: |- - TimestampFormat is a Go time format string used to - parse timestamps in createFields and DeletedFields. - If not specified, the default is RFC3339. - type: string - transform: - properties: - aliases: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: - items: - type: string - type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that - excludes a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that - maps a change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type - for redirecting changes. - type: string - filter: - description: Filter selects what change to apply - the mapping to - type: string - scraper_id: - description: ScraperID is the scraper ID for the - target config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set - on the change - type: string - summary: - description: Summary replaces the existing change - summary. - type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways - to specify a lookup value + valueFrom: + properties: + configMapKeyRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - id: - description: Lookup offers different ways - to specify a lookup value + helmRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - namespace: - description: Lookup offers different ways - to specify a lookup value + serviceAccount: + type: string + type: object + type: object + sessionToken: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. + helmRef: properties: - expr: - type: string - label: + key: type: string - value: + name: type: string + required: + - key type: object - type: - description: Lookup offers different ways - to specify a lookup value + secretKeyRef: properties: - expr: + key: type: string - label: - type: string - value: + name: type: string + required: + - key type: object + serviceAccount: + type: string type: object - type: - description: Type is the type to be set on the - change - type: string type: object - type: array + skipTLSVerify: + type: boolean + usePathStyle: + type: boolean + type: object + type: object + status: + type: string + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name type: object - exclude: - description: |- - Fields to remove from the config, useful for removing sensitive data and fields - that change often without a material impact i.e. Last Scraped Time - items: - description: |- - ConfigFieldExclusion defines fields with JSONPath that needs to - be removed from the config. + type: array + timestampFormat: + type: string + transform: + properties: + aliases: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: properties: - jsonpath: - type: string - types: - description: |- - Optionally specify the config types - from which the JSONPath fields need to be removed. - If left empty, all config types are considered. + exclude: items: type: string type: array - required: - - jsonpath - type: object - type: array - expr: - type: string - gotemplate: - type: string - javascript: - type: string - jsonpath: - type: string - locations: - items: - properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: + mapping: items: - type: string + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - mask: - description: |- - Masks consist of configurations to replace sensitive fields - with hash functions or static string. - items: - properties: - jsonpath: - description: JSONPath specifies what field in the - config needs to be masked - type: string - selector: - description: Selector is a CEL expression that selects - on what config items to apply the mask. - type: string - value: - description: Value can be a hash function name or - just a string - type: string type: object - type: array - relationship: - description: Relationship allows you to form relationships - between config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: + exclude: + items: + properties: + jsonpath: + type: string + types: + items: type: string - label: + type: array + required: + - jsonpath + type: object + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: + properties: + filter: + type: string + type: + type: string + values: + items: type: string - value: + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + expr: + type: string + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: + type: string + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify - a lookup value + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: array + type: object + type: + type: string + required: + - name + - state + type: object + type: array + trivy: + items: + properties: + class: + type: string + compliance: + items: + type: string + type: array + createFields: + items: + type: string + type: array + deleteFields: + items: + type: string + type: array + format: + type: string + health: + type: string + id: + type: string + ignoreUnfixed: + type: boolean + ignoredLicenses: + items: + type: string + type: array + items: + type: string + kubernetes: + properties: + components: + items: + type: string + type: array + context: + type: string + kubeconfig: + type: string + namespace: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + licenseFull: + type: boolean + name: + type: string + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - expr: + icon: type: string label: type: string - value: + text: type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + tooltip: type: string - label: + type: type: string - value: + url: type: string type: object - labels: - additionalProperties: + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + scanners: + items: + type: string + type: array + severity: + items: + type: string + type: array + status: + type: string + tags: + items: + properties: + jsonpath: + type: string + label: + type: string + name: + type: string + value: + type: string + required: + - name + type: object + type: array + timeout: + type: string + timestampFormat: + type: string + transform: + properties: + aliases: + items: + properties: + filter: type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: + type: + type: string + values: + items: type: string - type: object - type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: + properties: + exclude: + items: + type: string + type: array + mapping: + items: + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object + type: array + type: object + exclude: + items: + properties: + jsonpath: + type: string + types: + items: type: string - label: + type: array + required: + - jsonpath + type: object + type: array + expr: + type: string + gotemplate: + type: string + javascript: + type: string + jsonpath: + type: string + locations: + items: + properties: + filter: + type: string + type: + type: string + values: + items: type: string - value: + type: array + withParent: + type: string + required: + - type + type: object + type: array + mask: + items: + properties: + jsonpath: + type: string + selector: + type: string + value: + type: string + type: object + type: array + relationship: + items: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + expr: + type: string + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: + type: string + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: type: string - type: object - type: object - type: array - type: object - type: - description: A static value or JSONPath expression to use as - the type for the resource. - type: string - version: - description: Common Trivy Flags ... - type: string - vulnType: + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: array + type: object + type: + type: string + version: + type: string + vulnType: + items: + type: string + type: array + type: object + type: array + type: object + status: + properties: + incremental: + properties: + count: + type: integer + error: + type: integer + errors: items: type: string type: array - type: object - type: array - type: object - status: - description: ScrapeConfigStatus defines the observed state of ScrapeConfig - properties: - incremental: - properties: - count: - type: integer - error: - type: integer - errors: - items: + success: + type: integer + timestamp: + format: date-time type: string - type: array - success: - type: integer - timestamp: - format: date-time - type: string - type: object - lastRun: - properties: - error: - type: integer - errors: - items: + type: object + lastRun: + properties: + error: + type: integer + errors: + items: + type: string + type: array + success: + type: integer + timestamp: + format: date-time type: string - type: array - success: - type: integer - timestamp: - format: date-time - type: string - type: object - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/chart/crds/configs.flanksource.com_scrapeplugins.yaml b/chart/crds/configs.flanksource.com_scrapeplugins.yaml index edc262d4f..226187a1d 100644 --- a/chart/crds/configs.flanksource.com_scrapeplugins.yaml +++ b/chart/crds/configs.flanksource.com_scrapeplugins.yaml @@ -14,456 +14,329 @@ spec: singular: scrapeplugin scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: ScrapePlugin is the Schema for the scraper plugins - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - aliases: - items: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + aliases: + items: + properties: + filter: + type: string + type: + type: string + values: + items: + type: string + type: array + withParent: + type: string + required: + - type + type: object + type: array + changes: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: + exclude: items: type: string type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type + mapping: + items: + properties: + action: + type: string + ancestor_type: + type: string + config_id: + type: string + config_type: + type: string + filter: + type: string + scraper_id: + type: string + severity: + type: string + summary: + type: string + target: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: + type: string + type: object + type: array type: object - type: array - changes: - properties: - exclude: - description: Exclude is a list of CEL expressions that excludes - a given change - items: - type: string - type: array - mapping: - description: Mapping is a list of CEL expressions that maps a - change to the specified type - items: - properties: - action: - description: |- - Action allows performing actions on the corresponding config item - based on this change. - Allowed actions: "delete", "ignore", "move-up", "copy-up", "copy", "move" - type: string - ancestor_type: - description: |- - AncestorType specifies the config type of the ancestor to target - when using "move-up" or "copy-up" actions. The engine walks the parent_id - chain and selects the first ancestor matching this type. - If omitted, the immediate parent is used. - type: string - config_id: - description: |- - ConfigID is a CEL expression that returns the target config's external ID - for redirecting changes to a different config item. - type: string - config_type: - description: ConfigType is the target config type for redirecting - changes. - type: string - filter: - description: Filter selects what change to apply the mapping - to - type: string - scraper_id: - description: ScraperID is the scraper ID for the target - config. Use "all" for cross-scraper lookups. - type: string - severity: - description: Severity is the severity to be set on the change - type: string - summary: - description: Summary replaces the existing change summary. + locations: + items: + properties: + filter: + type: string + type: + type: string + values: + items: type: string - target: - description: |- - Target specifies a config item selector for "copy" and "move" actions. - The selector is evaluated to find target config items to redirect or - duplicate changes to. Mutually exclusive with move-up/copy-up/ancestor_type. + type: array + withParent: + type: string + required: + - type + type: object + type: array + properties: + items: + properties: + color: + type: string + filter: + type: string + headline: + type: boolean + hidden: + type: boolean + icon: + type: string + label: + type: string + lastTransition: + type: string + links: + items: properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - external_id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - id: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object + icon: + type: string + label: + type: string + text: + type: string + tooltip: + type: string type: - description: Lookup offers different ways to specify - a lookup value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object + type: string + url: + type: string type: object - type: - description: Type is the type to be set on the change + type: array + max: + format: int64 + type: integer + min: + format: int64 + type: integer + name: + type: string + order: + type: integer + status: + type: string + text: + type: string + tooltip: + type: string + type: + type: string + unit: + type: string + value: + format: int64 + type: integer + type: object + type: array + relationship: + items: + properties: + agent: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + expr: + type: string + external_id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + filter: + type: string + id: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + labels: + additionalProperties: type: string - type: object - type: array - type: object - locations: - items: + type: object + name: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + namespace: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + parent: + type: boolean + scope: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: + properties: + expr: + type: string + label: + type: string + value: + type: string + type: object + type: object + type: array + retention: properties: - filter: - description: |- - A Cel expression, when provided, must return true for this filter to apply. - - Receives the config item as the cel env variable. - type: string - type: - description: |- - Types on which this plugin should run. - Supports match expression - Example: AWS::*, Kubernetes::Namespace - type: string - values: + changes: items: - type: string + properties: + age: + type: string + count: + type: integer + name: + type: string + type: object type: array - withParent: - description: The type of the parent to be used - type: string - required: - - type - type: object - type: array - properties: - description: |- - Properties are custom templatable properties for the scraped config items - grouped by the config type. - items: - properties: - color: + staleAnalysisAge: type: string - filter: + staleItemAge: type: string - headline: - type: boolean - hidden: - type: boolean - icon: - type: string - label: - type: string - lastTransition: - type: string - links: + types: items: properties: - icon: + createdAge: type: string - label: + deletedAge: type: string - text: + name: type: string - tooltip: - type: string - type: - description: e.g. documentation, support, playbook - type: string - url: + updatedAge: type: string type: object type: array - max: - format: int64 - type: integer - min: - format: int64 - type: integer - name: - type: string - order: - type: integer - status: - type: string - text: - description: Either text or value is required, but not both. - type: string - tooltip: - type: string - type: - description: 'Type controls how the UI renders the property - value: url, badge, currency, text, age, hidden.' - type: string - unit: - description: e.g. milliseconds, bytes, millicores, epoch etc. - type: string - value: - format: int64 - type: integer - type: object - type: array - relationship: - description: Relationship allows you to form relationships between - config items using selectors. - items: - properties: - agent: - description: |- - Agent can be one of - - agent id - - agent name - - 'self' (no agent) - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - expr: - description: |- - Alternately, a single cel-expression can be used - that returns a list of relationship selector. - type: string - external_id: - description: Lookup offers different ways to specify a lookup - value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - filter: - description: |- - Filter is a CEL expression that selects on what config items - the relationship needs to be applied - type: string - id: - description: Lookup offers different ways to specify a lookup - value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - name: - description: Lookup offers different ways to specify a lookup - value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - namespace: - description: Lookup offers different ways to specify a lookup - value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - parent: - description: |- - Parent sets all the configs found by the selector - as the parent of the configs passed by the filter - type: boolean - scope: - description: |- - Scope is the id of the parent of the resource to select. - Example: For config items, the scope is the scraper id - - for checks, it's canaries and - - for components, it's topology. - If left empty, the scope is the requester's scope. - Use `all` to disregard scope. - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object - type: - description: Lookup offers different ways to specify a lookup - value - properties: - expr: - type: string - label: - type: string - value: - type: string - type: object type: object - type: array - retention: - description: Retention config for changes, types, and stale items. - properties: - changes: - items: - properties: - age: - type: string - count: - type: integer - name: - type: string - type: object - type: array - staleAnalysisAge: - description: |- - StaleAnalysisAge is the duration after which an analysis that is no longer observed by the scraper - is marked as resolved. Defaults to 48h. Use "keep" to disable auto-resolution. - type: string - staleItemAge: - type: string - types: - items: - properties: - createdAge: - type: string - deletedAge: - type: string - name: - type: string - updatedAge: - type: string - type: object - type: array - type: object - type: object - status: - description: ScrapePluginStatus defines the observed state of Plugin - properties: - observedGeneration: - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + status: + properties: + observedGeneration: + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {}