{ "components": { "schemas": { "AITemplateRequest": { "description": "Request body for generating an infrastructure-as-code template using AI.", "properties": { "connectionId": { "description": "Optional identifier for the connection/session.", "type": "string", "x-order": 4 }, "conversationId": { "description": "Optional identifier to continue an existing AI conversation.", "type": "string", "x-order": 3 }, "instructions": { "description": "Natural language instructions describing the desired infrastructure.", "type": "string", "x-order": 2 }, "language": { "description": "The programming language for the generated template (e.g. 'typescript', 'python', 'go').", "type": "string", "x-order": 1 } }, "required": [ "instructions", "language" ], "type": "object" }, "AWSSSOInitiateRequest": { "description": "Request to initiate AWS SSO flow", "properties": { "region": { "description": "The AWS SSO Region", "type": "string", "x-order": 2 }, "startUrl": { "description": "The AWS SSO Start URL", "type": "string", "x-order": 1 } }, "required": [ "region", "startUrl" ], "type": "object" }, "AWSSSOInitiateResponse": { "description": "Response of the initialization of the AWS SSO flow", "properties": { "sessionId": { "description": "The auth session id", "type": "string", "x-order": 3 }, "url": { "description": "The AWS SSO Verification URL", "type": "string", "x-order": 1 }, "userCode": { "description": "The AWS SSO User Code to verify", "type": "string", "x-order": 2 } }, "required": [ "sessionId", "url", "userCode" ], "type": "object" }, "AWSSSOSetupRequest": { "description": "Request to setup AWS from AWS SSO", "properties": { "accountId": { "description": "The AWS account id", "type": "string", "x-order": 3 }, "accountRoleName": { "description": "The AWS account role name", "type": "string", "x-order": 4 }, "oidcRoleName": { "description": "Name of IAM Role for OIDC", "type": "string", "x-order": 6 }, "policyArn": { "description": "ARN of the IAM policy to attach to the role", "type": "string", "x-order": 5 }, "region": { "description": "The AWS SSO Region", "type": "string", "x-order": 2 }, "sessionId": { "description": "The auth session id", "type": "string", "x-order": 1 } }, "required": [ "accountId", "accountRoleName", "oidcRoleName", "policyArn", "region", "sessionId" ], "type": "object" }, "AWSSetupRequest": { "description": "Request to setup AWS OIDC infrastructure using static credentials", "properties": { "accessKeyId": { "description": "AWS Access Key ID", "type": "string", "x-order": 1 }, "oidcRoleName": { "description": "Name of IAM Role for OIDC", "type": "string", "x-order": 5 }, "policyArn": { "description": "ARN of the IAM policy to attach to the role", "type": "string", "x-order": 4 }, "secretAccessKey": { "description": "AWS Secret Access Key", "type": "string", "x-order": 2 }, "sessionToken": { "description": "AWS Session Token (for temporary credentials)", "type": "string", "x-order": 3 } }, "required": [ "accessKeyId", "oidcRoleName", "policyArn", "secretAccessKey", "sessionToken" ], "type": "object" }, "AccessToken": { "description": "AccessToken holds a pulumi access token and some associated metadata", "properties": { "admin": { "description": "Whether this token has Pulumi Cloud admin privileges.", "type": "boolean", "x-order": 7 }, "created": { "description": "Timestamp when the token was created, in ISO 8601 format.", "type": "string", "x-order": 4 }, "createdBy": { "description": "User.GitHubLogin of the user that created the access token", "type": "string", "x-order": 8 }, "description": { "description": "User-provided description of the token's purpose.", "type": "string", "x-order": 3 }, "expires": { "description": "Unix epoch timestamp (seconds) when the token expires. Zero if it never expires.", "format": "int64", "type": "integer", "x-order": 6 }, "id": { "description": "Unique identifier for this access token.", "type": "string", "x-order": 1 }, "lastUsed": { "description": "Unix epoch timestamp (seconds) when the token was last used. Zero if never used.", "format": "int64", "type": "integer", "x-order": 5 }, "name": { "description": "Human-readable name assigned to this access token.", "type": "string", "x-order": 2 }, "role": { "$ref": "#/components/schemas/AccessTokenRole", "description": "Role associated with the token, if applicable", "x-order": 9 } }, "required": [ "admin", "created", "createdBy", "description", "expires", "id", "lastUsed", "name" ], "type": "object" }, "AccessTokenRole": { "description": "A role that can be associated with an access token to scope its permissions.", "properties": { "defaultIdentifier": { "description": "The default identity to assume when using a token with this role.", "enum": [ "member", "admin", "billing-manager", "stack-read", "stack-write", "stack-admin", "environment-read", "environment-write", "environment-admin", "environment-open", "insights-account-read", "insights-account-write", "insights-account-admin" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "DefaultIdentifier", "enumComments": "DefaultIdentifier is an enum describing the permission level for a default role.", "enumFieldNames": [ "Member", "Admin", "BillingManager", "StackRead", "StackWrite", "StackAdmin", "EnvironmentRead", "EnvironmentWrite", "EnvironmentAdmin", "EnvironmentOpen", "InsightsAccountRead", "InsightsAccountWrite", "InsightsAccountAdmin" ] } }, "id": { "description": "Unique identifier for this role.", "type": "string", "x-order": 1 }, "name": { "description": "Display name of the role.", "type": "string", "x-order": 2 } }, "required": [ "defaultIdentifier", "id", "name" ], "type": "object" }, "Activity": { "description": "Represents activity.", "properties": { "deployment": { "$ref": "#/components/schemas/DeploymentWithRelatedUpdates", "description": "The deployment data", "x-order": 2 }, "update": { "$ref": "#/components/schemas/UpdateInfo", "description": "The update", "x-order": 1 } }, "type": "object" }, "AddChangeRequestCommentRequest": { "description": "AddChangeRequestCommentRequest adds a comment to a change request without approving or closing it.", "properties": { "comment": { "description": "The comment text to add to the change request.", "type": "string", "x-order": 1 } }, "required": [ "comment" ], "type": "object" }, "AddOrganizationMemberRequest": { "description": "AddOrganizationMemberRequest is the request type for adding a new member to an organization.", "properties": { "role": { "description": "The built-in role assigned to the new member. Must be `member`, `admin`, or `billingManager`.", "enum": [ "none", "member", "admin", "potential-member", "stack-collaborator", "billing-manager" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "OrganizationRole", "enumComments": "OrganizationRole is an enum defining a member's role within an organization.", "enumFieldNames": [ "None", "Member", "Admin", "PotentialMember", "StackCollaborator", "BillingManager" ], "enumFieldComments": [ "OrganizationRoleNone describes the role of non-members.", "OrganizationRoleMember is the role for regular members.", "OrganizationRoleAdmin is the role for admins.", "OrganizationRolePotentialMember is the role for users who are explicitly\nnot a member of the organization, but are a member of the backing org on\nthe 3rd party identity provider. (i.e. they could join the org.)", "OrganizationRoleStackCollaborator is the role for users who are not a member\nof an organization, but have been explicitly granted access to some of the\norganization's stacks. So they have limited permissions to access the org's\ndata.", "OrganizationRoleBillingManager is the role for billing admins." ] } } }, "required": [ "role" ], "type": "object" }, "AddServiceItem": { "description": "A simple struct representing the metadata needed to add an item via user-facing information.", "properties": { "name": { "description": "the name (including any namespacing) of the item", "type": "string", "x-order": 2 }, "type": { "description": "the type of the item to add", "type": "string", "x-order": 1 } }, "required": [ "name", "type" ], "type": "object" }, "AddServiceItemsRequest": { "description": "Request for adding items to an existing service.", "properties": { "items": { "description": "List of items", "items": { "$ref": "#/components/schemas/AddServiceItem" }, "type": "array", "x-order": 1 } }, "required": [ "items" ], "type": "object" }, "AgentBackendEvent": { "description": "An event sent from the agent backend to the client during an agent task execution.", "discriminator": { "mapping": { "assistant_message": "#/components/schemas/AgentBackendEventAssistantMessage", "awaiting_approvals": "#/components/schemas/AgentBackendEventAwaitingApprovalsMessage", "cancelled": "#/components/schemas/AgentBackendEventCancelledMessage", "change_entities": "#/components/schemas/AgentBackendEventChangeEntities", "context_compression_event": "#/components/schemas/AgentBackendEventContextCompressionEvent", "error": "#/components/schemas/AgentBackendEventError", "exec_tool_call": "#/components/schemas/AgentBackendEventExecToolCall", "exec_tool_call_progress": "#/components/schemas/AgentBackendEventExecToolCallProgress", "provide_pulumi_access_token": "#/components/schemas/AgentBackendEventProvidePulumiAccessToken", "set_task_name": "#/components/schemas/AgentBackendEventSetTaskName", "tool_response": "#/components/schemas/AgentBackendEventToolResponse", "user_approval_request": "#/components/schemas/AgentBackendEventUserApprovalRequest", "warning": "#/components/schemas/AgentBackendEventWarning" }, "propertyName": "type" }, "properties": { "timestamp": { "description": "When the event occurred.", "format": "date-time", "type": "string" }, "type": { "type": "string" } }, "required": [ "timestamp", "type" ], "type": "object" }, "AgentBackendEventAssistantMessage": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "An event sent from the agent backend to the client during an agent task execution.", "properties": { "content": { "description": "Message content from the assistant.", "type": "string", "x-order": 1 }, "is_final": { "description": "Whether this is the final message in the response.", "type": "boolean", "x-order": 3 }, "token_usage": { "additionalProperties": { "$ref": "#/components/schemas/AgentBackendEventTokenUsage" }, "description": "Token usage metadata grouped by model name.", "type": "object", "x-order": 4 }, "tool_calls": { "description": "Optional tool calls within the message.", "items": { "$ref": "#/components/schemas/AgentBackendEventToolCall" }, "type": "array", "x-order": 2 } }, "required": [ "content", "is_final", "token_usage" ], "type": "object" } ] }, "AgentBackendEventAwaitingApprovalsMessage": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "Agent responds with this message when it cannot process incoming messages because it is in the awaiting-approvals state.\n\nThis means the agent is essentially blocked until the caller sends more UserConfirmation messages.", "type": "object" } ] }, "AgentBackendEventCancelledMessage": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "Indicates that the agent operation was cancelled.", "properties": { "operation_was_running": { "description": "Whether the operation was running when cancelled.", "type": "boolean", "x-order": 1 } }, "required": [ "operation_was_running" ], "type": "object" } ] }, "AgentBackendEventChangeEntities": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "An event sent from the agent backend to the client during an agent task execution.", "properties": { "changes": { "$ref": "#/components/schemas/AgentEntityDiff", "description": "Changes the agent wants to make to the Task's entity list.", "x-order": 1 } }, "required": [ "changes" ], "type": "object" } ] }, "AgentBackendEventContextCompressionEvent": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "Signals background context compression lifecycle events.", "properties": { "context_summary": { "description": "Optional context summary generated by the LLM on successful compression", "type": "string", "x-order": 3 }, "message": { "description": "Optional short human-readable message", "type": "string", "x-order": 1 }, "status": { "description": "Status of the compression process", "enum": [ "compressing", "compressed", "failed", "skipped" ], "type": "string", "x-order": 2 }, "tail_length": { "description": "Optional length of the tail preserved after compression", "format": "int32", "type": "integer", "x-order": 4 } }, "required": [ "status" ], "type": "object" } ] }, "AgentBackendEventError": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "A user facing indicator that something has gone wrong with the agent.\n\nIf the agent needs to be restarted, it should return unhealthy from /ping. Errors always end the turn of the agent.", "properties": { "message": { "description": "A user facing message describing the problem.", "type": "string", "x-order": 1 } }, "required": [ "message" ], "type": "object" } ] }, "AgentBackendEventExecToolCall": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "An event sent from the agent backend to the client during an agent task execution.", "properties": { "name": { "description": "Tool name.", "type": "string", "x-order": 2 }, "tool_call_id": { "description": "Tool call identifier.", "type": "string", "x-order": 1 } }, "required": [ "name", "tool_call_id" ], "type": "object" } ] }, "AgentBackendEventExecToolCallProgress": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "An event sent from the agent backend to the client during an agent task execution.", "properties": { "metadata": { "additionalProperties": { "type": "object" }, "description": "Progress metadata.", "type": "object", "x-order": 3 }, "status": { "description": "Progress status.", "type": "string", "x-order": 2 }, "tool_call_id": { "description": "Tool call identifier.", "type": "string", "x-order": 1 } }, "required": [ "metadata", "status", "tool_call_id" ], "type": "object" } ] }, "AgentBackendEventProvidePulumiAccessToken": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "An event sent from the agent backend to the client during an agent task execution.", "properties": { "encrypted_pulumi_access_token": { "description": "Encrypted Pulumi access token for authorization.", "type": "string", "x-order": 1 } }, "required": [ "encrypted_pulumi_access_token" ], "type": "object" } ] }, "AgentBackendEventSetTaskName": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "An event sent from the agent backend to the client during an agent task execution.", "properties": { "name": { "description": "The new name of the task", "type": "string", "x-order": 1 } }, "required": [ "name" ], "type": "object" } ] }, "AgentBackendEventTokenUsage": { "description": "Token usage statistics for a model invocation.", "properties": { "cache_creation_input_tokens": { "description": "Number of input tokens written to the prompt cache.", "format": "int32", "type": "integer", "x-order": 3 }, "cache_read_input_tokens": { "description": "Number of input tokens read from the prompt cache.", "format": "int32", "type": "integer", "x-order": 4 }, "input_tokens": { "description": "Number of input tokens consumed by the model.", "format": "int32", "type": "integer", "x-order": 1 }, "output_tokens": { "description": "Number of output tokens generated by the model.", "format": "int32", "type": "integer", "x-order": 2 } }, "type": "object" }, "AgentBackendEventToolCall": { "description": "A tool call made by the agent assistant.", "properties": { "args": { "additionalProperties": { "type": "object" }, "description": "Tool arguments.", "type": "object", "x-order": 3 }, "execution_mode": { "description": "Where this specific tool call must be executed. Omitted means the task default applies ('cloud' unless the task was created with 'cli'). When set to 'cli', the agent's turn ends with the containing assistant message (is_final=true) and the CLI client must execute this tool call and reply with a ToolResult user event to resume the turn. Different tool calls within the same assistant message may independently target 'cloud' or 'cli'.", "enum": [ "cloud", "cli" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "ToolExecutionMode", "enumComments": "Where tools are executed for an agent task." } }, "id": { "description": "Tool call identifier.", "type": "string", "x-order": 1 }, "name": { "description": "Tool name.", "type": "string", "x-order": 2 } }, "required": [ "args", "id", "name" ], "type": "object" }, "AgentBackendEventToolResponse": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "An event sent from the agent backend to the client during an agent task execution.", "properties": { "content": { "description": "Tool execution result content.", "type": "object", "x-order": 3 }, "is_error": { "description": "Whether this tool response represents an error.", "type": "boolean", "x-order": 4 }, "name": { "description": "Tool name.", "type": "string", "x-order": 2 }, "tool_call_id": { "description": "Tool call identifier.", "type": "string", "x-order": 1 } }, "required": [ "content", "name", "tool_call_id" ], "type": "object" } ] }, "AgentBackendEventUserApprovalRequest": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "An event sent from the agent backend to the client during an agent task execution.", "properties": { "approval_type": { "description": "Type of approval being requested.", "enum": [ "general", "tool_permission", "plan_exit" ], "type": "string", "x-order": 5 }, "buttons": { "description": "Optional buttons for user interaction.", "items": { "type": "string" }, "type": "array", "x-order": 3 }, "context": { "$ref": "#/components/schemas/AgentBackendEventUserApprovalRequestContext", "description": "Additional context for the approval request.", "x-order": 6 }, "id": { "description": "Unique identifier for the approval request.", "type": "string", "x-order": 1 }, "message": { "description": "Message to show to the user requesting approval.", "type": "string", "x-order": 2 }, "sensitivity": { "description": "Distinguishes between moderate-sensitivity and high-sensitivity operations for auto-approval. Regular indicates moderate-sensitivity operations that will be auto-approved in both Balanced and Auto approval modes. Sensitive indicates very sensitive operations (e.g., pulumi up) that still require manual approval in Balanced mode and will only auto-approve in Auto mode. Defaults to Regular when not specified.", "enum": [ "sensitive", "regular" ], "type": "string", "x-order": 7, "x-pulumi-model-property": { "enumTypeName": "Sensitivity", "enumComments": "Sensitivity classifies approval requests to inform auto-approvals.", "enumFieldComments": [ "Sensitive requests are only auto-approved in Auto mode.", "Regular requests are auto-approved in both Auto and Balanced modes." ] } }, "source": { "description": "Source of the approval request.", "enum": [ "agent", "system", "hybrid" ], "type": "string", "x-order": 4 } }, "required": [ "approval_type", "id", "message", "source" ], "type": "object" } ] }, "AgentBackendEventUserApprovalRequestContext": { "description": "Additional context for a user approval request, including tool and diff information.", "properties": { "git_diff": { "additionalProperties": { "type": "string" }, "description": "Full Git diff patches indexed by filename for source changes.", "type": "object", "x-order": 3 }, "last_approval_diff": { "additionalProperties": { "type": "string" }, "description": "Git diff patches showing only the changes since the last approval (null for first approval).", "type": "object", "x-order": 4 }, "plan_description": { "description": "Markdown description of the plan when exiting plan mode.", "type": "string", "x-order": 5 }, "tool_call_id": { "description": "Tool call identifier associated with the approval request.", "type": "string", "x-order": 1 }, "tool_name": { "description": "Tool name associated with the approval request.", "type": "string", "x-order": 2 } }, "type": "object" }, "AgentBackendEventWarning": { "allOf": [ { "$ref": "#/components/schemas/AgentBackendEvent" }, { "description": "A user facing indicator that something has gone wrong with the agent, but it's not critical.\n\nWarnings do not have any non-display behavior. They can be used to surface problems that the agent can recover from.\nNon-recoverable problems should signal an Error, not a Warning.", "properties": { "message": { "description": "A user facing message describing the problem.", "type": "string", "x-order": 1 } }, "required": [ "message" ], "type": "object" } ] }, "AgentConsoleEvent": { "description": "A console event in an agent task conversation, either a user input or an agent response.", "discriminator": { "mapping": { "agentResponse": "#/components/schemas/AgentConsoleEventAgentResponse", "userInput": "#/components/schemas/AgentConsoleEventUserInput" }, "propertyName": "type" }, "properties": { "id": { "description": "The UUID of the event", "type": "string", "x-order": 1 }, "isSynthetic": { "description": "True when the event was synthesized by the backend rather than submitted directly by the user or agent runtime.", "type": "boolean", "x-order": 2 }, "type": { "type": "string" } }, "required": [ "id", "isSynthetic", "type" ], "type": "object" }, "AgentConsoleEventAgentResponse": { "allOf": [ { "$ref": "#/components/schemas/AgentConsoleEvent" }, { "description": "A console event in an agent task conversation, either a user input or an agent response.", "properties": { "eventBody": { "$ref": "#/components/schemas/AgentBackendEvent", "description": "The JSON blob as returned from the Agent.", "x-order": 1 } }, "required": [ "eventBody" ], "type": "object" } ] }, "AgentConsoleEventUserInput": { "allOf": [ { "$ref": "#/components/schemas/AgentConsoleEvent" }, { "description": "A console event in an agent task conversation, either a user input or an agent response.", "properties": { "eventBody": { "$ref": "#/components/schemas/AgentUserEvent", "description": "The prompt from the user to the Agent.", "x-order": 1 } }, "required": [ "eventBody" ], "type": "object" } ] }, "AgentEntity": { "description": "Represents agent entity.", "discriminator": { "mapping": { "policy_issue": "#/components/schemas/AgentEntityPolicyIssue", "pull_request": "#/components/schemas/AgentEntityPR", "repository": "#/components/schemas/AgentEntityRepository", "stack": "#/components/schemas/AgentEntityStack" }, "propertyName": "type" }, "properties": { "type": { "type": "string" } }, "required": [ "type" ], "type": "object" }, "AgentEntityDiff": { "description": "Represents agent entity diff.", "properties": { "add": { "description": "Entities to add to the Agent's context.\nEntities must be valid, and will be automatically deleted if they are invalid.", "items": { "$ref": "#/components/schemas/AgentEntity" }, "type": "array", "x-order": 1 }, "remove": { "description": "Entities to remove from the Agent's context.", "items": { "$ref": "#/components/schemas/AgentEntity" }, "type": "array", "x-order": 2 } }, "type": "object" }, "AgentEntityPR": { "allOf": [ { "$ref": "#/components/schemas/AgentEntity" }, { "description": "Represents agent entity.", "properties": { "merged": { "description": "If the PR has been merged already", "type": "boolean", "x-order": 3 }, "number": { "description": "The PR number", "format": "int32", "type": "integer", "x-order": 2 }, "repo": { "$ref": "#/components/schemas/AgentEntityRepository", "description": "The repo the PR is in", "x-order": 1 } }, "required": [ "merged", "number", "repo" ], "type": "object" } ] }, "AgentEntityPolicyIssue": { "allOf": [ { "$ref": "#/components/schemas/AgentEntity" }, { "description": "Represents agent entity.", "properties": { "id": { "description": "The ID of the policy issue", "type": "string", "x-order": 1 }, "name": { "description": "The name of the policy", "type": "string", "x-order": 2 } }, "required": [ "id" ], "type": "object" } ] }, "AgentEntityRepository": { "allOf": [ { "$ref": "#/components/schemas/AgentEntity" }, { "description": "Represents agent entity.", "properties": { "forge": { "description": "The forge/provider where the repository is hosted", "example": "github", "type": "string", "x-order": 3 }, "host": { "description": "The hostname for the repository, used for self-hosted providers such as GitHub Enterprise", "example": "github.example.com", "type": "string", "x-order": 4 }, "name": { "description": "The name of the repository.", "type": "string", "x-order": 1 }, "org": { "description": "The organization that the repository is contained within", "type": "string", "x-order": 2 } }, "required": [ "name", "org" ], "type": "object" } ] }, "AgentEntityStack": { "allOf": [ { "$ref": "#/components/schemas/AgentEntity" }, { "description": "Represents agent entity.", "properties": { "name": { "description": "The name of the Pulumi stack described.", "type": "string", "x-order": 1 }, "project": { "description": "The name of the project that the stack is contained within", "type": "string", "x-order": 2 } }, "required": [ "name", "project" ], "type": "object" } ] }, "AgentPool": { "description": "A pool of self-hosted deployment agents for running Pulumi Deployments.", "properties": { "created": { "description": "Unix epoch timestamp (seconds) when the agent pool was created.", "format": "int64", "type": "integer", "x-order": 1 }, "description": { "description": "User-provided description of the agent pool's purpose.", "type": "string", "x-order": 4 }, "id": { "description": "Unique identifier for this agent pool.", "type": "string", "x-order": 2 }, "lastDeployment": { "description": "Unix epoch timestamp (seconds) of the most recent deployment executed by this pool. Null if no deployments have run.", "format": "int64", "type": "integer", "x-order": 7 }, "lastSeen": { "description": "Unix epoch timestamp (seconds) when any agent in the pool last reported a heartbeat.", "format": "int64", "type": "integer", "x-order": 5 }, "name": { "description": "Human-readable name for this agent pool.", "type": "string", "x-order": 3 }, "status": { "description": "Aggregate status of agents in the pool (e.g. idle, busy, offline).", "enum": [ "online", "offline" ], "type": "string", "x-order": 6, "x-pulumi-model-property": { "enumTypeName": "DeploymentAgentStatus", "enumComments": "DeploymentAgentStatus is an enum representing the online/offline status of a deployment agent." } } }, "required": [ "created", "description", "id", "lastSeen", "name", "status" ], "type": "object" }, "AgentPoolDetail": { "description": "Detailed information about an agent pool.", "properties": { "agents": { "description": "The agents", "items": { "$ref": "#/components/schemas/DeploymentAgentMetadata" }, "type": "array", "x-order": 5 }, "created": { "description": "The creation timestamp", "format": "int64", "type": "integer", "x-order": 1 }, "description": { "description": "The description", "type": "string", "x-order": 4 }, "id": { "description": "The unique identifier", "type": "string", "x-order": 2 }, "name": { "description": "The name", "type": "string", "x-order": 3 } }, "required": [ "agents", "created", "description", "id", "name" ], "type": "object" }, "AgentRespondToTaskRequest": { "description": "The API payload for users responding to an existing agent task.", "properties": { "event": { "$ref": "#/components/schemas/AgentUserEvent", "description": "The event", "x-order": 1 } }, "type": "object" }, "AgentSlashCommand": { "description": "An agent slash command.", "properties": { "builtIn": { "description": "Whether this is a built-in system command (true) or user-created (false).", "type": "boolean", "x-order": 4 }, "description": { "description": "Human-readable description shown to users in the command palette.", "type": "string", "x-order": 3 }, "modifiedAt": { "description": "When the command was last modified, in ISO 8601 format.", "format": "date-time", "type": "string", "x-order": 5 }, "name": { "description": "The slash command name (e.g. '/fix', '/explain'). Used to invoke the command.", "type": "string", "x-order": 1 }, "prompt": { "description": "The system prompt text sent to the AI when this command is invoked.", "type": "string", "x-order": 2 }, "tag": { "description": "Version tag for optimistic concurrency control.", "type": "string", "x-order": 6 } }, "required": [ "builtIn", "description", "modifiedAt", "name", "prompt", "tag" ], "type": "object" }, "AgentTask": { "description": "A Pulumi Copilot agent task representing a conversation and its associated context.", "properties": { "approvalMode": { "description": "Approval mode for this task. Valid values: 'manual', 'auto', 'balanced'.", "enum": [ "manual", "auto", "balanced" ], "type": "string", "x-order": 5, "x-pulumi-model-property": { "enumTypeName": "NeoApprovalMode", "enumComments": "NeoApprovalMode represents the default approval mode for Neo AI agent tasks in an organization" } }, "contextUsedTokens": { "description": "Total input tokens consumed across all model invocations for this task. Approximate context window usage.", "format": "int32", "type": "integer", "x-order": 13 }, "contextWindowTokens": { "description": "Maximum context window size in tokens for the primary model used by this task.", "format": "int32", "type": "integer", "x-order": 14 }, "createdAt": { "description": "When the task was created, in ISO 8601 format.", "format": "date-time", "type": "string", "x-order": 4 }, "createdBy": { "$ref": "#/components/schemas/UserInfo", "description": "Information about the user who created this task.", "x-order": 10 }, "entities": { "description": "Pulumi entities (stacks, projects, etc.) that provide context for the agent.", "items": { "$ref": "#/components/schemas/AgentEntity" }, "type": "array", "x-order": 6 }, "id": { "description": "Unique identifier for the task.", "type": "string", "x-order": 1 }, "isShared": { "description": "Whether this task is shared with other org members.", "type": "boolean", "x-order": 8 }, "name": { "description": "Display name for the task, typically auto-generated from the initial user message.", "type": "string", "x-order": 2 }, "permissionMode": { "description": "The permission scope for the task.", "enum": [ "default", "read-only" ], "type": "string", "x-order": 11, "x-pulumi-model-property": { "enumTypeName": "NeoPermissionMode", "enumComments": "Permission scope for a Neo agent task. Controls the level of access the agent has when acting on behalf of the user.", "enumFieldNames": [ "Default", "ReadOnly" ] } }, "planMode": { "description": "Whether the task is in plan mode. Set based on the first user message.", "type": "boolean", "x-order": 7 }, "runtimePhase": { "description": "The current runtime phase for this task. Null until the runtime checks in.", "enum": [ "booting", "ready", "running" ], "type": "string", "x-order": 12, "x-pulumi-model-property": { "enumTypeName": "AgentTaskRuntimePhase", "enumComments": "Runtime lifecycle phase for a Neo agent task runtime." } }, "sharedAt": { "description": "When the task was first shared. Null if never shared.", "format": "date-time", "type": "string", "x-order": 9 }, "status": { "description": "Current execution status of the task.", "enum": [ "running", "idle" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "AgentTaskStatus", "enumComments": "Execution status of an agent task. Valid values: 'running', 'idle'." } }, "toolExecutionMode": { "description": "Where tools are executed for this task. Valid values: 'cloud', 'cli'.", "enum": [ "cloud", "cli" ], "type": "string", "x-order": 15, "x-pulumi-model-property": { "enumTypeName": "ToolExecutionMode", "enumComments": "Where tools are executed for an agent task." } } }, "required": [ "approvalMode", "createdAt", "createdBy", "entities", "id", "isShared", "name", "planMode", "status" ], "type": "object" }, "AgentTaskIntegrationRef": { "description": "A reference to an integration enabled for an agent task. Structured as an object (rather than a bare string) so additional fields like instance name or scope can be added later without breaking the wire format.", "properties": { "id": { "description": "The catalog integration ID (e.g. 'honeycomb', 'datadog').", "type": "string", "x-order": 1 } }, "required": [ "id" ], "type": "object" }, "AgentUserEvent": { "description": "Represents an agent user event.", "discriminator": { "mapping": { "exec_tool_call": "#/components/schemas/AgentUserEventExecToolCall", "tool_result": "#/components/schemas/AgentUserEventToolResult", "user_cancel": "#/components/schemas/AgentUserEventCancel", "user_confirmation": "#/components/schemas/AgentUserEventConfirmation", "user_message": "#/components/schemas/AgentUserEventMessage" }, "propertyName": "type" }, "properties": { "entity_diff": { "$ref": "#/components/schemas/AgentEntityDiff", "description": "Entities to add or remove from the agent.", "x-order": 1 }, "timestamp": { "description": "When the event occurred.", "format": "date-time", "type": "string" }, "type": { "type": "string" } }, "required": [ "timestamp", "type" ], "type": "object" }, "AgentUserEventCancel": { "allOf": [ { "$ref": "#/components/schemas/AgentUserEvent" }, { "description": "Represents an agent user event.", "type": "object" } ] }, "AgentUserEventConfirmation": { "allOf": [ { "$ref": "#/components/schemas/AgentUserEvent" }, { "description": "Represents an agent user event.", "properties": { "approval_request_id": { "description": "ID to correlate the question the user is responding to.", "type": "string", "x-order": 1 }, "instructions": { "description": "If the request was rejected, this is field carries instructions to the agent on what to do instead.", "type": "string", "x-order": 3 }, "ok": { "description": "Boolean confirmation response.", "type": "boolean", "x-order": 2 } }, "required": [ "approval_request_id", "ok" ], "type": "object" } ] }, "AgentUserEventExecToolCall": { "allOf": [ { "$ref": "#/components/schemas/AgentUserEvent" }, { "description": "Notification from the CLI client that it is about to execute a tool call locally. Sent before each tool call from a prior AssistantMessage with execution_mode=cli, so the service can record a corresponding exec_tool_call backend event and the UI can render a running tool entry while the CLI executes it.", "properties": { "name": { "description": "Tool name.", "type": "string", "x-order": 2 }, "tool_call_id": { "description": "Tool call identifier, correlating to a tool call from a prior AssistantMessage with execution_mode=cli.", "type": "string", "x-order": 1 } }, "required": [ "name", "tool_call_id" ], "type": "object" } ] }, "AgentUserEventMessage": { "allOf": [ { "$ref": "#/components/schemas/AgentUserEvent" }, { "description": "Represents an agent user event.", "properties": { "commands": { "additionalProperties": { "$ref": "#/components/schemas/AgentSlashCommand" }, "description": "Slash Commands the user selected when creating their message.", "type": "object", "x-order": 2 }, "content": { "description": "The exact natural language instruction from the user.", "type": "string", "x-order": 1 } }, "required": [ "content" ], "type": "object" } ] }, "AgentUserEventToolResult": { "allOf": [ { "$ref": "#/components/schemas/AgentUserEvent" }, { "description": "Batch of tool results delivered back to the agent. Sent by the CLI client after it executes tool calls from a prior AssistantMessage that had execution_mode=cli, resuming the agent's turn.", "properties": { "tool_results": { "description": "Batch of tool results from CLI-side execution.", "items": { "$ref": "#/components/schemas/AgentUserEventToolResultItem" }, "type": "array", "x-order": 1 } }, "required": [ "tool_results" ], "type": "object" } ] }, "AgentUserEventToolResultItem": { "description": "A single tool result delivered back to the agent from the CLI client.", "properties": { "content": { "description": "The result content from tool execution.", "type": "object", "x-order": 3 }, "is_error": { "description": "Whether the tool execution resulted in an error.", "type": "boolean", "x-order": 4 }, "name": { "description": "Tool name.", "type": "string", "x-order": 2 }, "tool_call_id": { "description": "Tool call identifier, correlating to a tool call from a prior AssistantMessage with execution_mode=cli.", "type": "string", "x-order": 1 } }, "required": [ "content", "name", "tool_call_id" ], "type": "object" }, "AgentWorkflowDefinition": { "description": "Defines an agent workflow.", "properties": { "deploymentID": { "description": "Deprecated: use typeSpecificID instead.", "type": "string", "x-order": 4 }, "jobID": { "description": "The unique identifier for the workflow job.", "type": "string", "x-order": 5 }, "jobToken": { "description": "Authentication token for the workflow agent to make API calls to the Pulumi Service.", "type": "string", "x-order": 1 }, "oidcToken": { "description": "OIDC token for authenticating with cloud providers during workflow execution.", "type": "string", "x-order": 2 }, "runID": { "description": "The unique identifier for the workflow run.", "type": "string", "x-order": 6 }, "typeSpecificID": { "description": "The unique identifier specific to the workflow type. For deployments, this is the deployment ID.\nFor insights scans, this is the account ID.", "type": "string", "x-order": 3 } }, "required": [ "jobID", "jobToken", "oidcToken", "runID", "typeSpecificID" ], "type": "object" }, "Aggregation": { "description": "Aggregation collects the top 5 aggregated values for the requested dimension.", "properties": { "others": { "description": "The others", "format": "int64", "type": "integer", "x-order": 1 }, "results": { "description": "List of results", "items": { "$ref": "#/components/schemas/AggregationBucket" }, "type": "array", "x-order": 2 } }, "type": "object" }, "AggregationBucket": { "description": "AggregationBucket represents how many resources share that value.", "properties": { "aggregations": { "additionalProperties": { "$ref": "#/components/schemas/Aggregation" }, "description": "Map of aggregations", "type": "object", "x-order": 3 }, "count": { "description": "The count", "format": "int64", "type": "integer", "x-order": 2 }, "name": { "description": "The name", "type": "string", "x-order": 1 } }, "type": "object" }, "AngularGridAdvancedFilterModel": { "description": "Represents angular grid advanced filter model.", "properties": { "conditions": { "description": "List of conditions", "items": { "$ref": "#/components/schemas/AngularGridFilterModel" }, "type": "array", "x-order": 2 }, "type": { "description": "The type", "type": "string", "x-order": 1 } }, "required": [ "conditions", "type" ], "type": "object" }, "AngularGridColumn": { "description": "Represents angular grid column.", "properties": { "aggFunc": { "description": "The agg func", "type": "string", "x-order": 4 }, "displayName": { "description": "The display name", "type": "string", "x-order": 2 }, "field": { "description": "The field", "type": "string", "x-order": 3 }, "id": { "description": "The unique identifier", "type": "string", "x-order": 1 } }, "required": [ "displayName", "id" ], "type": "object" }, "AngularGridFilterModel": { "description": "Represents angular grid filter model.", "properties": { "colId": { "description": "The col identifier", "type": "string", "x-order": 2 }, "conditions": { "description": "List of conditions", "items": { "$ref": "#/components/schemas/AngularGridFilterModel" }, "type": "array", "x-order": 5 }, "filter": { "description": "The filter expression", "type": "string", "x-order": 1 }, "filterType": { "description": "The filter type", "type": "string", "x-order": 3 }, "type": { "description": "The type", "type": "string", "x-order": 4 } }, "required": [ "colId", "filter", "filterType", "type" ], "type": "object" }, "AngularGridGetRowsRequest": { "description": "https://www.ag-grid.com/javascript-data-grid/server-side-model-datasource/", "properties": { "endRow": { "description": "The end row", "format": "int64", "type": "integer", "x-order": 2 }, "filterModel": { "$ref": "#/components/schemas/AngularGridAdvancedFilterModel", "description": "The filter model", "x-order": 6 }, "groupKeys": { "description": "List of group keys", "items": { "type": "string" }, "type": "array", "x-order": 5 }, "rowGroupCols": { "description": "List of row group cols", "items": { "$ref": "#/components/schemas/AngularGridColumn" }, "type": "array", "x-order": 3 }, "sortModel": { "description": "List of sort model", "items": { "$ref": "#/components/schemas/AngularGridSortModelItem" }, "type": "array", "x-order": 7 }, "startRow": { "description": "The start row", "format": "int64", "type": "integer", "x-order": 1 }, "valueCols": { "description": "List of value cols", "items": { "$ref": "#/components/schemas/AngularGridColumn" }, "type": "array", "x-order": 4 } }, "required": [ "filterModel", "groupKeys", "rowGroupCols", "sortModel", "valueCols" ], "type": "object" }, "AngularGridSortModelItem": { "description": "Represents angular grid sort model item.", "properties": { "colId": { "description": "Column Id to apply the sort to.", "type": "string", "x-order": 1 }, "sort": { "description": "Sort direction", "type": "string", "x-order": 2 } }, "required": [ "colId", "sort" ], "type": "object" }, "AppAISettingsForUpdate": { "description": "Settings for updating AI/Copilot configuration on a stack.", "properties": { "copilotIsEnabled": { "description": "Whether the Pulumi Copilot AI assistant is enabled for this stack.", "type": "boolean", "x-order": 1 } }, "required": [ "copilotIsEnabled" ], "type": "object" }, "AppAPICapabilityConfig": { "description": "APICapabilityConfig captures a service backend capability and any associated\nconfiguration that may be required for integration.", "properties": { "capability": { "description": "The capability identifier for this configuration entry.", "enum": [ "delta-checkpoint-uploads", "delta-checkpoint-uploads-v2", "batch-encrypt", "copilot-summarize-error", "copilot-explain-preview", "deployment-schema-version", "stack-policy-packs" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppAPICapability", "enumComments": "An APICapability is the name of a capability or feature that a service backend may or may not support.", "enumFieldNames": [ "DeltaCheckpointUploads", "DeltaCheckpointUploadsV2", "BatchEncrypt", "CopilotSummarizeError", "CopilotExplainPreview", "DeploymentSchemaVersion", "StackPolicyPacks" ], "enumFieldComments": [ "Deprecated. Use DeltaCheckpointUploadsV2.", "DeltaCheckpointUploads is the feature that enables the CLI to upload checkpoints\nvia the PatchUpdateCheckpointDeltaRequest API to save on network bytes.", "Indicates that the service backend supports batch encryption.", "Indicates whether the service supports summarizing errors via Copilot.", "Indicates whether the service supports the Copilot explainer.", "Indicates the maximum deployment schema version that the service supports.", "Indicates whether the service supports retrieving a stack's required policy packs." ] } }, "configuration": { "description": "Additional configuration data required for client integration with this capability.", "type": "object", "x-order": 3 }, "version": { "description": "The version of this capability supported by the service.", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "capability" ], "type": "object" }, "AppAppendUpdateLogEntryRequest": { "description": "AppendUpdateLogEntryRequest defines the body of a request to the append update log entry endpoint of the service API.\nNo longer sent from the CLI, but the type definition is still required for backwards compat with older clients.", "properties": { "fields": { "additionalProperties": { "type": "object" }, "description": "The fields", "type": "object", "x-order": 2 }, "kind": { "description": "The kind", "type": "string", "x-order": 1 } }, "required": [ "fields", "kind" ], "type": "object" }, "AppBatchDecryptRequest": { "description": "BatchDecryptRequest defines the request body for batch decrypting secret values.", "properties": { "ciphertexts": { "description": "List of ciphertexts", "items": { "items": { "format": "byte", "type": "string" }, "type": "array" }, "type": "array", "x-order": 1 } }, "required": [ "ciphertexts" ], "type": "object" }, "AppBatchDecryptResponse": { "description": "BatchDecryptResponse defines the response body for batch decrypted secret values. The key in\nthe map is the base64 encoding of the ciphertext.", "properties": { "plaintexts": { "additionalProperties": { "items": { "format": "byte", "type": "string" }, "type": "array" }, "description": "Map of plaintexts", "type": "object", "x-order": 1 } }, "required": [ "plaintexts" ], "type": "object" }, "AppBatchEncryptRequest": { "description": "BatchEncryptRequest defines the request body for encrypting multiple values.", "properties": { "plaintexts": { "description": "The values to encrypt.", "items": { "items": { "format": "byte", "type": "string" }, "type": "array" }, "type": "array", "x-order": 1 } }, "required": [ "plaintexts" ], "type": "object" }, "AppBatchEncryptResponse": { "description": "BatchEncryptResponse defines the response body for multiple encrypted values.", "properties": { "ciphertexts": { "description": "The encrypted values, in order of the plaintexts from the request.", "items": { "items": { "format": "byte", "type": "string" }, "type": "array" }, "type": "array", "x-order": 1 } }, "required": [ "ciphertexts" ], "type": "object" }, "AppCLIVersionResponse": { "description": "CLIVersionResponse is the response from the server with information about CLI versions.", "properties": { "latestDevVersion": { "description": "The latest development/pre-release CLI version.", "type": "string", "x-order": 3 }, "latestVersion": { "description": "The latest stable CLI version (semver string, e.g. '3.100.0').", "type": "string", "x-order": 1 }, "oldestWithoutWarning": { "description": "The oldest CLI version that will not show an upgrade warning.", "type": "string", "x-order": 2 } }, "required": [ "latestDevVersion", "latestVersion", "oldestWithoutWarning" ], "type": "object" }, "AppCancelEvent": { "description": "CancelEvent is emitted when the user initiates a cancellation of the update in progress, or\nthe update successfully completes.", "type": "object" }, "AppCapabilitiesResponse": { "description": "CapabilitiesResponse defines all feature sets that are available in the service\nbackend and are therefore available for the CLI to integrate against.", "properties": { "capabilities": { "description": "List of capabilities", "items": { "$ref": "#/components/schemas/AppAPICapabilityConfig" }, "type": "array", "x-order": 1 } }, "required": [ "capabilities" ], "type": "object" }, "AppCompleteUpdateRequest": { "description": "CompleteUpdateRequest defines the body of a request to the update completion endpoint of the service API.", "properties": { "status": { "description": "The current status", "enum": [ "not started", "requested", "running", "failed", "succeeded", "cancelled" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppUpdateStatus", "enumComments": "UpdateStatus is an enum describing the current state during the lifecycle of an update.", "enumFieldNames": [ "NotStarted", "Requested", "Running", "Failed", "Succeeded", "Cancelled" ], "enumFieldComments": [ "StatusNotStarted is returned when the Update has been created but not applied.", "StatusRequested is returned when the Update application has been requested but not started.", "StatusRunning is returned when the Update is in progress.", "StatusFailed is returned when the update has failed.", "StatusSucceeded is returned when the update has succeeded.", "UpdateStatusCancelled indicates that an update completed due to cancellation." ] } } }, "required": [ "status" ], "type": "object" }, "AppConfigValue": { "description": "ConfigValue describes a single (possibly secret) configuration value.", "properties": { "object": { "description": "Object is true if this value is a JSON encoded object.", "type": "boolean", "x-order": 3 }, "secret": { "description": "Secret is true if this value is a secret and false otherwise.", "type": "boolean", "x-order": 2 }, "string": { "description": "When Object is false: String is either the plaintext value (for non-secrets) or the base64-encoded ciphertext\n(for secrets). When Object is true: String is a JSON encoded object. If both Object and Secret are true, then the\nobject contains at least one secure value. Secure values in an object are encoded as `{\"secure\":\"ciphertext\"}`\nwhere ciphertext is the base64-encoded ciphertext.", "type": "string", "x-order": 1 } }, "required": [ "object", "secret", "string" ], "type": "object" }, "AppCreatePolicyPackRequest": { "description": "CreatePolicyPackRequest defines the request body for creating a new Policy\nPack for an organization. The request contains the metadata related to the\nPolicy Pack.", "properties": { "description": { "description": "A brief description of the policy pack.", "type": "string", "x-order": 5 }, "displayName": { "description": "A pretty name for the Policy Pack that is supplied by the package.", "type": "string", "x-order": 2 }, "metadata": { "additionalProperties": { "type": "string" }, "description": "Metadata contains optional data about the environment performing the publish operation,\ne.g. the current source code control commit information.", "type": "object", "x-order": 10 }, "name": { "description": "Name is a unique URL-safe identifier (at the org level) for the package.\nIf the name has already been used by the organization, then the request will\ncreate a new version of the Policy Pack (incremented by one). This is supplied\nby the CLI.", "type": "string", "x-order": 1 }, "policies": { "description": "The Policies outline the specific Policies in the package, and are derived\nfrom the package by the CLI.", "items": { "$ref": "#/components/schemas/AppPolicy" }, "type": "array", "x-order": 4 }, "provider": { "description": "The cloud provider/platform this policy pack is associated with, e.g. AWS, Azure, etc.", "type": "string", "x-order": 7 }, "readme": { "description": "README text about the policy pack.", "type": "string", "x-order": 6 }, "repository": { "description": "A URL to the repository where the policy pack is defined.", "type": "string", "x-order": 9 }, "tags": { "description": "Tags for this policy pack.", "items": { "type": "string" }, "type": "array", "x-order": 8 }, "versionTag": { "description": "VersionTag is the semantic version of the Policy Pack. One a version is published, it\ncannot never be republished. Older clients will not have a version tag.", "type": "string", "x-order": 3 } }, "required": [ "displayName", "name", "policies" ], "type": "object" }, "AppCreatePolicyPackResponse": { "description": "CreatePolicyPackResponse is the response from creating a Policy Pack. It returns\na URI to upload the Policy Pack zip file to.", "properties": { "requiredHeaders": { "additionalProperties": { "type": "string" }, "description": "RequiredHeaders represents headers that the CLI must set in order for the upload to succeed.", "type": "object", "x-order": 3 }, "uploadURI": { "description": "The upload URI", "type": "string", "x-order": 2 }, "version": { "description": "The version number", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "uploadURI", "version" ], "type": "object" }, "AppCreateStackRequest": { "description": "CreateStackRequest defines the request body for creating a new Stack", "properties": { "config": { "$ref": "#/components/schemas/AppStackConfig", "description": "The configuration for the new stack.", "x-order": 5 }, "stackName": { "description": "The name of the stack being created.", "type": "string", "x-order": 1 }, "state": { "$ref": "#/components/schemas/AppUntypedDeployment", "description": "An optional state to initialize the stack with.", "x-order": 4 }, "tags": { "additionalProperties": { "type": "string" }, "description": "An optional set of tags to apply to the stack.", "type": "object", "x-order": 2 }, "teams": { "description": "An optional set of teams to assign to the stack.", "items": { "type": "string" }, "type": "array", "x-order": 3 } }, "required": [ "stackName" ], "type": "object" }, "AppCreateStackResponse": { "description": "CreateStackResponse is the response from a create Stack request.", "type": "object" }, "AppDecryptValueRequest": { "description": "DecryptValueRequest defines the request body for decrypting a value.", "properties": { "ciphertext": { "description": "The value to decrypt.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "ciphertext" ], "type": "object" }, "AppDecryptValueResponse": { "description": "DecryptValueResponse defines the response body for a decrypted value.", "properties": { "plaintext": { "description": "The decrypted value.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "plaintext" ], "type": "object" }, "AppDeploymentV3": { "description": "DeploymentV3 is the third version of the Deployment. It contains newer versions of the\nResource and Operation API types and a placeholder for a stack's secrets configuration.\nNote that both deployment schema versions 3 and 4 can be unmarshaled into DeploymentV3.", "properties": { "manifest": { "$ref": "#/components/schemas/AppManifestV1", "description": "Manifest contains metadata about this deployment.", "x-order": 1 }, "metadata": { "$ref": "#/components/schemas/AppSnapshotMetadataV1", "description": "Metadata associated with the snapshot.", "x-order": 5 }, "pending_operations": { "description": "PendingOperations are all operations that were known by the engine to be currently executing.", "items": { "$ref": "#/components/schemas/AppOperationV2" }, "type": "array", "x-order": 4 }, "resources": { "description": "Resources contains all resources that are currently part of this stack after this deployment has finished.", "items": { "$ref": "#/components/schemas/AppResourceV3" }, "type": "array", "x-order": 3 }, "secrets_providers": { "$ref": "#/components/schemas/AppSecretsProvidersV1", "description": "SecretsProviders is a placeholder for secret provider configuration.", "x-order": 2 } }, "required": [ "manifest" ], "type": "object" }, "AppDiagnosticEvent": { "description": "DiagnosticEvent is emitted whenever a diagnostic message is provided, for example errors from\na cloud resource provider while trying to create or update a resource.", "properties": { "color": { "description": "The output color", "type": "string", "x-order": 4 }, "ephemeral": { "description": "Whether ephemeral is enabled", "type": "boolean", "x-order": 7 }, "message": { "description": "The message content", "type": "string", "x-order": 3 }, "prefix": { "description": "The prefix", "type": "string", "x-order": 2 }, "severity": { "description": "Severity is one of \"info\", \"info#err\", \"warning\", or \"error\".", "type": "string", "x-order": 5 }, "streamID": { "description": "The stream identifier", "format": "int64", "type": "integer", "x-order": 6 }, "urn": { "description": "The Pulumi URN", "type": "string", "x-order": 1 } }, "required": [ "color", "message", "severity" ], "type": "object" }, "AppEncryptValueRequest": { "description": "EncryptValueRequest defines the request body for encrypting a value.", "properties": { "plaintext": { "description": "The value to encrypt.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "plaintext" ], "type": "object" }, "AppEncryptValueResponse": { "description": "EncryptValueResponse defines the response body for an encrypted value.", "properties": { "ciphertext": { "description": "The encrypted value.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "ciphertext" ], "type": "object" }, "AppEngineEvent": { "description": "EngineEvent describes a Pulumi engine event, such as a change to a resource or diagnostic\nmessage. EngineEvent is a discriminated union of all possible event types, and exactly one\nfield will be non-nil.", "properties": { "cancelEvent": { "$ref": "#/components/schemas/AppCancelEvent", "description": "The cancel event", "x-order": 3 }, "diagnosticEvent": { "$ref": "#/components/schemas/AppDiagnosticEvent", "description": "The diagnostic event", "x-order": 5 }, "errorEvent": { "$ref": "#/components/schemas/AppErrorEvent", "description": "The error event", "x-order": 19 }, "policyAnalyzeStackSummaryEvent": { "$ref": "#/components/schemas/AppPolicyAnalyzeStackSummaryEvent", "description": "The policy analyze stack summary event", "x-order": 16 }, "policyAnalyzeSummaryEvent": { "$ref": "#/components/schemas/AppPolicyAnalyzeSummaryEvent", "description": "The policy analyze summary event", "x-order": 14 }, "policyEvent": { "$ref": "#/components/schemas/AppPolicyEvent", "description": "The policy event", "x-order": 11 }, "policyLoadEvent": { "$ref": "#/components/schemas/AppPolicyLoadEvent", "description": "The policy load event", "x-order": 13 }, "policyRemediateSummaryEvent": { "$ref": "#/components/schemas/AppPolicyRemediateSummaryEvent", "description": "The policy remediate summary event", "x-order": 15 }, "policyRemediationEvent": { "$ref": "#/components/schemas/AppPolicyRemediationEvent", "description": "The policy remediation event", "x-order": 12 }, "preludeEvent": { "$ref": "#/components/schemas/AppPreludeEvent", "description": "The prelude event", "x-order": 6 }, "progressEvent": { "$ref": "#/components/schemas/AppProgressEvent", "description": "The progress event", "x-order": 18 }, "resOpFailedEvent": { "$ref": "#/components/schemas/AppResOpFailedEvent", "description": "The res op failed event", "x-order": 10 }, "resOutputsEvent": { "$ref": "#/components/schemas/AppResOutputsEvent", "description": "The res outputs event", "x-order": 9 }, "resourcePreEvent": { "$ref": "#/components/schemas/AppResourcePreEvent", "description": "The resource pre event", "x-order": 8 }, "sequence": { "description": "Sequence is a unique, and monotonically increasing number for each engine event sent to the\nPulumi Service. Since events may be sent concurrently, and/or delayed via network routing,\nthe sequence number is to ensure events can be placed into a total ordering.\n\n- No two events can have the same sequence number.\n- Events with a lower sequence number must have been emitted before those with a higher\n sequence number.", "format": "int64", "type": "integer", "x-order": 1 }, "startDebuggingEvent": { "$ref": "#/components/schemas/AppStartDebuggingEvent", "description": "The start debugging event", "x-order": 17 }, "stdoutEvent": { "$ref": "#/components/schemas/AppStdoutEngineEvent", "description": "The stdout event", "x-order": 4 }, "summaryEvent": { "$ref": "#/components/schemas/AppSummaryEvent", "description": "The summary event", "x-order": 7 }, "timestamp": { "description": "Timestamp is a Unix timestamp (seconds) of when the event was emitted.", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "sequence", "timestamp" ], "type": "object" }, "AppEngineEventBatch": { "description": "EngineEventBatch is a group of engine events.", "properties": { "events": { "description": "List of events", "items": { "$ref": "#/components/schemas/AppEngineEvent" }, "type": "array", "x-order": 1 } }, "required": [ "events" ], "type": "object" }, "AppErrorEvent": { "description": "ErrorEvent is emitted when an internal error occurs in the engine. This is not meant\nto be used for user facing errors, but rather for internal errors, where an event\ncan help with debugging.", "properties": { "error": { "description": "Error is the error message.", "type": "string", "x-order": 1 } }, "required": [ "error" ], "type": "object" }, "AppGetDefaultOrganizationResponse": { "description": "GetDefaultOrganizationResponse returns the backend's opinion of which organization\nto default to for a given user, if a default organization has not been configured.", "properties": { "GitHubLogin": { "description": "Returns the organization name. Can be an empty string, if the user is a member of no organizations", "type": "string", "x-order": 1 }, "Messages": { "description": "Messages is a list of messages that should be displayed to the user that contextualize\nthe default org; for example: warning new users if their default org as returned by the\nservice is on an expiring trial and not free tier, with possible recommendations\non how to configure their default org locally.\nCan be possibly empty.", "items": { "$ref": "#/components/schemas/AppMessage" }, "type": "array", "x-order": 2 } }, "required": [ "GitHubLogin", "Messages" ], "type": "object" }, "AppGetPolicyPackConfigSchemaResponse": { "description": "GetPolicyPackConfigSchemaResponse is the response that includes the JSON\nschemas of Policies within a particular Policy Pack.", "properties": { "configSchema": { "additionalProperties": { "$ref": "#/components/schemas/AppPolicyConfigSchema" }, "description": "The JSON schema for each Policy's configuration.", "type": "object", "x-order": 1 } }, "type": "object" }, "AppGetPolicyPackResponse": { "description": "GetPolicyPackResponse is the response to get a specific Policy Pack's metadata and policies.", "properties": { "applied": { "description": "Whether this policy pack version is currently applied to any policy group.", "type": "boolean", "x-order": 6 }, "displayName": { "description": "Human-readable display name of the policy pack.", "type": "string", "x-order": 2 }, "name": { "description": "The unique name of the policy pack.", "type": "string", "x-order": 1 }, "policies": { "description": "The individual policies contained in this policy pack.", "items": { "$ref": "#/components/schemas/AppPolicy" }, "type": "array", "x-order": 5 }, "version": { "description": "Numeric version of the policy pack, auto-incremented on each publish.", "format": "int64", "type": "integer", "x-order": 3 }, "versionTag": { "description": "Semantic version tag for this policy pack version (e.g. '1.2.0').", "type": "string", "x-order": 4 } }, "required": [ "applied", "displayName", "name", "policies", "version", "versionTag" ], "type": "object" }, "AppGetStackPolicyPacksResponse": { "description": "GetStackPolicyPacksResponse is the response to getting the applicable Policy Packs\nfor a particular stack. This allows the CLI to download the packs prior to\nstarting an update.", "properties": { "requiredPolicies": { "description": "RequiredPolicies is a list of required Policy Packs to run during the update.", "items": { "$ref": "#/components/schemas/AppRequiredPolicy" }, "type": "array", "x-order": 1 } }, "type": "object" }, "AppImportStackRequest": { "description": "ImportStackRequest defines the request body for importing a Stack.", "properties": { "deployment": { "description": "The opaque Pulumi deployment payload. Treated as a raw JSON value so the contents are preserved verbatim across client and server versions.", "type": "object", "x-order": 3 }, "features": { "description": "An optional list of features used by this deployment. The CLI will error when reading a deployment that uses a feature that is not supported by that version of the CLI. Only honored when `version` is 4 or greater.", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "version": { "description": "The schema version of the encoded deployment.", "format": "int64", "type": "integer", "x-order": 1 } }, "type": "object" }, "AppImportStackResponse": { "description": "ImportStackResponse defines the response body for importing a Stack.", "properties": { "updateId": { "description": "The update identifier", "type": "string", "x-order": 1 } }, "required": [ "updateId" ], "type": "object" }, "AppJournalEntries": { "description": "Collection of app journal entries.", "properties": { "entries": { "description": "List of entries", "items": { "$ref": "#/components/schemas/AppJournalEntry" }, "type": "array", "x-order": 1 } }, "type": "object" }, "AppJournalEntry": { "description": "Represents app journal entry.", "properties": { "deleteNew": { "description": "DeleteNew is the operation ID of the new resource to be marked as deleted.", "format": "int64", "type": "integer", "x-order": 10 }, "deleteOld": { "description": "DeleteOld is the index of the resource that's to be marked as deleted.", "format": "int64", "type": "integer", "x-order": 9 }, "isRefresh": { "description": "If true, this journal entry is part of a refresh operation.", "type": "boolean", "x-order": 13 }, "kind": { "description": "Kind of journal entry.", "enum": [ 0, 1, 2, 3, 4, 5, 6, 7 ], "format": "int64", "type": "integer", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "AppJournalEntryKind", "enumComments": "Represents app journal entry kind.", "enumFieldNames": [ "Begin", "Success", "Failure", "RefreshSuccess", "Outputs", "Write", "SecretsManager", "RebuiltBaseState" ] } }, "newSnapshot": { "$ref": "#/components/schemas/AppDeploymentV3", "description": "NewSnapshot is the new snapshot that this journal entry is associated with.", "x-order": 15 }, "operation": { "$ref": "#/components/schemas/AppOperationV2", "description": "The operation associated with this journal entry, if any.", "x-order": 12 }, "operationID": { "description": "ID of the operation this journal entry is associated with.", "format": "int64", "type": "integer", "x-order": 4 }, "pendingReplacementNew": { "description": "PendingReplacementNew is the operation ID of the new resource to be marked as pending replacement", "format": "int64", "type": "integer", "x-order": 8 }, "pendingReplacementOld": { "description": "PendingReplacementOld is the index of the resource that's to be marked as pending replacement", "format": "int64", "type": "integer", "x-order": 7 }, "removeNew": { "description": "ID for the delete Operation that this journal entry is associated with.", "format": "int64", "type": "integer", "x-order": 6 }, "removeOld": { "description": "ID for the delete Operation that this journal entry is associated with.", "format": "int64", "type": "integer", "x-order": 5 }, "secretsProvider": { "$ref": "#/components/schemas/AppSecretsProvidersV1", "description": "The secrets manager associated with this journal entry, if any.", "x-order": 14 }, "sequenceID": { "description": "Sequence ID of the operation.", "format": "int64", "type": "integer", "x-order": 3 }, "state": { "$ref": "#/components/schemas/AppResourceV3", "description": "The resource state associated with this journal entry.", "x-order": 11 }, "version": { "description": "Version of the journal entry format.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "kind", "operationID", "removeNew", "removeOld", "sequenceID", "version" ], "type": "object" }, "AppListPolicyGroupsResponse": { "description": "ListPolicyGroupsResponse lists a summary of the organization's Policy Groups.", "properties": { "policyGroups": { "description": "List of policy groups", "items": { "$ref": "#/components/schemas/AppPolicyGroupSummary" }, "type": "array", "x-order": 1 } }, "required": [ "policyGroups" ], "type": "object" }, "AppListPolicyPacksResponse": { "description": "ListPolicyPacksResponse is the response to list an organization's Policy Packs.", "properties": { "policyPacks": { "description": "List of policy packs", "items": { "$ref": "#/components/schemas/AppPolicyPackWithVersions" }, "type": "array", "x-order": 1 } }, "required": [ "policyPacks" ], "type": "object" }, "AppListStacksResponse": { "description": "ListStacksResponse returns a set of stack summaries. This call is designed to be inexpensive.", "properties": { "continuationToken": { "description": "ContinuationToken is an opaque value used to mark the end of the all stacks. If non-nil,\npass it into a subsequent call in order to get the next batch of results.\n\nA value of nil means that all stacks have been returned.", "type": "string", "x-order": 2 }, "stacks": { "description": "List of stacks", "items": { "$ref": "#/components/schemas/AppStackSummary" }, "type": "array", "x-order": 1 } }, "required": [ "stacks" ], "type": "object" }, "AppLog3rdPartyDecryptionEvent": { "description": "Log3rdPartyDecryptionEvent defines the request body for logging a 3rd party secrets provider decryption event.", "properties": { "commandName": { "description": "The command name", "type": "string", "x-order": 2 }, "secretName": { "description": "The secret name", "type": "string", "x-order": 1 } }, "type": "object" }, "AppManifestV1": { "description": "ManifestV1 captures meta-information about this checkpoint file, such as versions of binaries, etc.", "properties": { "magic": { "description": "Magic number, used to identify integrity of the checkpoint.", "type": "string", "x-order": 2 }, "plugins": { "description": "Plugins contains the binary version info of plug-ins used.", "items": { "$ref": "#/components/schemas/AppPluginInfoV1" }, "type": "array", "x-order": 4 }, "time": { "description": "Time of the update.", "format": "date-time", "type": "string", "x-order": 1 }, "version": { "description": "Version of the Pulumi engine used to render the checkpoint.", "type": "string", "x-order": 3 } }, "required": [ "magic", "time", "version" ], "type": "object" }, "AppMessage": { "description": "Message is a message from the backend to be displayed to the user.", "properties": { "message": { "description": "Message is the message to display to the user.", "type": "string", "x-order": 2 }, "severity": { "description": "Severity is the severity of the message.", "enum": [ "warning", "error", "info" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppMessageSeverity", "enumComments": "Represents app message severity." } } }, "required": [ "message" ], "type": "object" }, "AppOperationStatus": { "description": "OperationStatus describes the state of an operation being performed on a Pulumi stack.", "properties": { "author": { "description": "The login of the user who initiated this operation.", "type": "string", "x-order": 2 }, "kind": { "description": "The type of operation in progress (e.g. 'update', 'preview', 'destroy', 'refresh').", "enum": [ "update", "preview", "refresh", "rename", "destroy", "import", "Pupdate", "Prefresh", "Pdestroy", "Pimport", "Prename" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppUpdateKind", "enumComments": "UpdateKind is an enum for the type of update performed.\nShould generally mirror backend.UpdateKind, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "enumFieldNames": [ "Update", "Preview", "Refresh", "Rename", "Destroy", "Import", "PreviewUpdate", "PreviewRefresh", "PreviewDestroy", "PreviewImport", "PreviewRename" ], "enumFieldComments": [ "A Pulumi program update.", "A preview of an update, without impacting resources.", "A refresh operation.", "A rename of the stack or project name.\nNOTE: Do not remove this type - it is used by Pulumi Cloud code.", "An update which removes all resources.", "An update that entails importing a raw checkpoint file.", "A preview of an update operation.", "A preview of a refresh operation.", "A preview of a destroy operation.", "A preview of an import operation.", "A preview of a rename operation." ] } }, "started": { "description": "Unix epoch timestamp (seconds) when the operation started.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "author", "kind", "started" ], "type": "object" }, "AppOperationV2": { "description": "OperationV2 represents an operation that the engine is performing. It consists of a Resource, which is the state\nthat the engine used to initiate the operation, and a Status, which is a string representation of the operation\nthat the engine initiated.", "properties": { "resource": { "$ref": "#/components/schemas/AppResourceV3", "description": "Resource is the state that the engine used to initiate this operation.", "x-order": 1 }, "type": { "description": "Status is a string representation of the operation that the engine is performing.", "enum": [ "creating", "updating", "deleting", "reading" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "AppOperationType", "enumComments": "OperationType is the type of an operation initiated by the engine. Its value indicates the type of operation\nthat the engine initiated.", "enumFieldComments": [ "OperationTypeCreating is the state of resources that are being created.", "OperationTypeUpdating is the state of resources that are being updated.", "OperationTypeDeleting is the state of resources that are being deleted.", "OperationTypeReading is the state of resources that are being read." ] } } }, "required": [ "resource", "type" ], "type": "object" }, "AppPatchUpdateCheckpointDeltaRequest": { "description": "PatchUpdateCheckpointDeltaRequest defines the body of a request to the bandwidth-optimized version of the patch\nupdate checkpoint endpoint of the service API. It is semantically equivalent to the PatchUpdateCheckpointRequest, but\ninstead of transferring the entire Deployment as a JSON blob, it encodes it as a textual diff against the last-saved\ndeployment. This conserves bandwidth on large resources.", "properties": { "checkpointHash": { "description": "SHA256 hash of the result of aplying the DeploymentDelta to the previously saved deployment.", "type": "string", "x-order": 2 }, "deploymentDelta": { "description": "Textual diff that recovers the desired deployment JSON when applied to the previously saved deployment JSON.", "type": "object", "x-order": 4 }, "sequenceNumber": { "description": "Idempotency key incremented by the client on every PATCH call within the same update.", "format": "int64", "type": "integer", "x-order": 3 }, "version": { "description": "Protocol version.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "checkpointHash", "sequenceNumber", "version" ], "type": "object" }, "AppPatchUpdateCheckpointRequest": { "description": "PatchUpdateCheckpointRequest defines the body of a request to the patch update checkpoint endpoint of the service\nAPI. The `Deployment` field is expected to contain a serialized `Deployment` value, the schema of which is indicated\nby the `Version` field.", "properties": { "deployment": { "description": "The deployment data", "type": "object", "x-order": 4 }, "features": { "description": "The features", "items": { "type": "string" }, "type": "array", "x-order": 3 }, "isInvalid": { "description": "Whether invalid", "type": "boolean", "x-order": 1 }, "version": { "description": "The version number", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "isInvalid", "version" ], "type": "object" }, "AppPatchUpdateVerbatimCheckpointRequest": { "description": "PatchUpdateVerbatimCheckpointRequest defines the body of a request to a patch update checkpoint endpoint of the\nservice API, where `UntypedDeloyment` is an `apitype.UntypedDeployment`. Whereas the PatchUpdateCheckpointRequest\nAPI is subject to the service reformatting how a checkpoint is persisted, PatchUpdateVerbatimCheckpointRequest\nenables the CLI to define the exact format.\nDesigned to be compatible with the PatchUpdateCheckpointDeltaRequest API, where formatting is critical in calculating\ntextual diffs.", "properties": { "sequenceNumber": { "description": "Idempotency key incremented by the client on every PATCH call within the same update.", "format": "int64", "type": "integer", "x-order": 3 }, "untypedDeployment": { "description": "The untyped deployment", "type": "object", "x-order": 2 }, "version": { "description": "The version number", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "sequenceNumber", "version" ], "type": "object" }, "AppPluginInfoV1": { "description": "PluginInfoV1 captures the version and information about a plugin.", "properties": { "name": { "description": "The name", "type": "string", "x-order": 1 }, "path": { "description": "The path", "type": "string", "x-order": 2 }, "type": { "description": "The type", "enum": [ "analyzer", "language", "resource", "converter", "tool" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "AppPluginKind", "enumComments": "apitype.PluginKind represents a kind of a plugin that may be dynamically loaded and used by Pulumi.\nThese are being re exported in sdk/go/common/workspace/plugins.go to keep backward compatibility and should\nbe kept in sync", "enumFieldNames": [ "AnalyzerPlugin", "LanguagePlugin", "ResourcePlugin", "ConverterPlugin", "ToolPlugin" ], "enumFieldComments": [ "AnalyzerPlugin is a plugin that can be used as a resource analyzer.", "LanguagePlugin is a plugin that can be used as a language host.", "ResourcePlugin is a plugin that can be used as a resource provider for custom CRUD operations.", "ConverterPlugin is a plugin that can be used to convert from other ecosystems to Pulumi.", "ToolPlugin is an arbitrary plugin that can be run as a tool." ] } }, "version": { "description": "The version number", "type": "string", "x-order": 4 } }, "required": [ "name", "path", "type", "version" ], "type": "object" }, "AppPolicy": { "description": "Policy defines the metadata for an individual Policy within a Policy Pack.", "properties": { "configSchema": { "$ref": "#/components/schemas/AppPolicyConfigSchema", "description": "The JSON schema for the Policy's configuration.", "x-order": 6 }, "description": { "description": "Description is used to provide more context about the purpose of the policy.", "type": "string", "x-order": 3 }, "displayName": { "description": "The display name", "type": "string", "x-order": 2 }, "enforcementLevel": { "description": "The enforcement level", "enum": [ "advisory", "mandatory", "remediate", "disabled" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "AppEnforcementLevel", "enumComments": "EnforcementLevel indicates how a policy should be enforced", "enumFieldComments": [ "Advisory is an enforcement level where the resource is still created, but a\nmessage is displayed to the user for informational / warning purposes.", "Mandatory is an enforcement level that prevents a resource from being created.", "Remediate is an enforcement level that fixes policy issues instead of issuing diagnostics.", "Disabled is an enforcement level that disables the policy from being enforced." ] } }, "framework": { "$ref": "#/components/schemas/AppPolicyComplianceFramework", "description": "The compliance framework that this policy belongs to.", "x-order": 8 }, "message": { "description": "Message is the message that will be displayed to end users when they violate this policy.", "type": "string", "x-order": 5 }, "name": { "description": "Unique URL-safe name for the policy. This is unique to a specific version of a Policy Pack.", "type": "string", "x-order": 1 }, "remediationSteps": { "description": "A description of the steps to take to remediate a policy violation.", "type": "string", "x-order": 10 }, "severity": { "description": "The severity of the policy.", "enum": [ "", "low", "medium", "high", "critical" ], "type": "string", "x-order": 7, "x-pulumi-model-property": { "enumTypeName": "AppPolicySeverity", "enumComments": "Indicates the severity of a policy.", "enumFieldNames": [ "Unspecified", "Low", "Medium", "High", "Critical" ] } }, "tags": { "description": "Tags associated with the policy.", "items": { "type": "string" }, "type": "array", "x-order": 9 }, "url": { "description": "A URL to more information about the policy.", "type": "string", "x-order": 11 } }, "required": [ "description", "displayName", "enforcementLevel", "message", "name" ], "type": "object" }, "AppPolicyAnalyzeStackSummaryEvent": { "description": "PolicyAnalyzeStackSummaryEvent is emitted after a call to AnalyzeStack on an analyzer, summarizing the results.", "properties": { "failed": { "description": "The names of stack policies that failed (i.e. produced violations).", "items": { "type": "string" }, "type": "array", "x-order": 5 }, "passed": { "description": "The names of stack policies that passed (i.e. did not produce any violations).", "items": { "type": "string" }, "type": "array", "x-order": 4 }, "policyPackName": { "description": "The name of the policy pack.", "type": "string", "x-order": 1 }, "policyPackVersion": { "description": "The version of the policy pack.", "type": "string", "x-order": 2 }, "policyPackVersionTag": { "description": "The version tag of the policy pack.", "type": "string", "x-order": 3 } }, "required": [ "policyPackName", "policyPackVersion", "policyPackVersionTag" ], "type": "object" }, "AppPolicyAnalyzeSummaryEvent": { "description": "PolicyAnalyzeSummaryEvent is emitted after a call to Analyze on an analyzer, summarizing the results.", "properties": { "failed": { "description": "The names of resource policies that failed (i.e. produced violations).", "items": { "type": "string" }, "type": "array", "x-order": 6 }, "passed": { "description": "The names of resource policies that passed (i.e. did not produce any violations).", "items": { "type": "string" }, "type": "array", "x-order": 5 }, "policyPackName": { "description": "The name of the policy pack.", "type": "string", "x-order": 2 }, "policyPackVersion": { "description": "The version of the policy pack.", "type": "string", "x-order": 3 }, "policyPackVersionTag": { "description": "The version tag of the policy pack.", "type": "string", "x-order": 4 }, "resourceUrn": { "description": "The URN of the resource being analyzed.", "type": "string", "x-order": 1 } }, "required": [ "policyPackName", "policyPackVersion", "policyPackVersionTag", "resourceUrn" ], "type": "object" }, "AppPolicyComplianceFramework": { "description": "PolicyComplianceFramework represents a compliance framework that a policy belongs to.", "properties": { "name": { "description": "The compliance framework name.", "type": "string", "x-order": 1 }, "reference": { "description": "The compliance framework reference.", "type": "string", "x-order": 3 }, "specification": { "description": "The compliance framework specification.", "type": "string", "x-order": 4 }, "version": { "description": "The compliance framework version.", "type": "string", "x-order": 2 } }, "type": "object" }, "AppPolicyConfigSchema": { "description": "PolicyConfigSchema defines the JSON schema of a particular Policy's configuration.", "properties": { "properties": { "additionalProperties": { "type": "object" }, "description": "Config property name to JSON Schema map.", "type": "object", "x-order": 1 }, "required": { "description": "Required config properties.", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "type": { "description": "Type defines the data type allowed for the schema.", "enum": [ "object" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "AppJSONSchemaType", "enumComments": "JSONSchemaType in an enum of allowed data types for a schema.", "enumFieldComments": [ "Object is a dictionary." ] } } }, "required": [ "type" ], "type": "object" }, "AppPolicyEvent": { "description": "PolicyEvent is emitted whenever there is Policy violation.", "properties": { "color": { "description": "The output color", "type": "string", "x-order": 3 }, "enforcementLevel": { "description": "EnforcementLevel is one of \"warning\", \"mandatory\", \"remediate\", or \"none\".", "type": "string", "x-order": 8 }, "message": { "description": "The message content", "type": "string", "x-order": 2 }, "policyName": { "description": "The policy name", "type": "string", "x-order": 4 }, "policyPackName": { "description": "The policy pack name", "type": "string", "x-order": 5 }, "policyPackVersion": { "description": "The policy pack version", "type": "string", "x-order": 6 }, "policyPackVersionTag": { "description": "The policy pack version tag", "type": "string", "x-order": 7 }, "resourceUrn": { "description": "The resource urn", "type": "string", "x-order": 1 }, "severity": { "description": "Severity is one of \"low\", \"medium\", \"high\", or \"critical\".\nAn empty string is omitted and represents an unspecified severity.", "type": "string", "x-order": 9 } }, "required": [ "color", "enforcementLevel", "message", "policyName", "policyPackName", "policyPackVersion", "policyPackVersionTag" ], "type": "object" }, "AppPolicyGroupSummary": { "description": "PolicyGroupSummary details the name, applicable stacks and the applied Policy\nPacks for an organization's Policy Group.", "properties": { "entityType": { "description": "The type of entity this policy group targets (e.g. stacks, accounts).", "enum": [ "stacks", "accounts" ], "type": "string", "x-order": 5, "x-pulumi-model-property": { "enumTypeName": "AppEntityType", "enumComments": "EntityType indicates the type of entity a policy group applies to", "enumFieldComments": [ "Stacks indicates the policy group applies to stacks", "Accounts indicates the policy group applies to accounts" ] } }, "isOrgDefault": { "description": "Whether this is the organization's default policy group, applied to all stacks not in another group.", "type": "boolean", "x-order": 2 }, "mode": { "description": "The enforcement mode of the policy group.", "enum": [ "audit", "preventative" ], "type": "string", "x-order": 6, "x-pulumi-model-property": { "enumTypeName": "PolicyGroupMode", "enumComments": "PolicyGroupMode represents the enforcement mode for a policy group" } }, "name": { "description": "The unique name of the policy group.", "type": "string", "x-order": 1 }, "numAccounts": { "description": "Number of cloud accounts assigned to this policy group.", "format": "int64", "type": "integer", "x-order": 4 }, "numEnabledPolicyPacks": { "description": "Number of policy packs currently enabled in this group.", "format": "int64", "type": "integer", "x-order": 7 }, "numStacks": { "description": "Number of stacks assigned to this policy group.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "entityType", "isOrgDefault", "mode", "name", "numEnabledPolicyPacks", "numStacks" ], "type": "object" }, "AppPolicyLoadEvent": { "description": "PolicyLoadEvent is emitted when a policy starts loading", "type": "object" }, "AppPolicyPackMetadata": { "description": "PolicyPackMetadata is the metadata of a Policy Pack.", "properties": { "config": { "additionalProperties": { "type": "object" }, "description": "The configuration that is to be passed to the Policy Pack. This\nmap ties Policies with their configuration.", "type": "object", "x-order": 5 }, "displayName": { "description": "The display name", "type": "string", "x-order": 2 }, "environments": { "description": "References to ESC environments to use for this policy pack.", "items": { "type": "string" }, "type": "array", "x-order": 6 }, "name": { "description": "The name", "type": "string", "x-order": 1 }, "version": { "description": "The version number", "format": "int64", "type": "integer", "x-order": 3 }, "versionTag": { "description": "The version tag", "type": "string", "x-order": 4 } }, "required": [ "displayName", "name", "version", "versionTag" ], "type": "object" }, "AppPolicyPackWithVersions": { "description": "PolicyPackWithVersions details the specifics of a Policy Pack and all its available versions.", "properties": { "displayName": { "description": "The display name", "type": "string", "x-order": 2 }, "name": { "description": "The name", "type": "string", "x-order": 1 }, "versionTags": { "description": "List of version tags", "items": { "type": "string" }, "type": "array", "x-order": 4 }, "versions": { "description": "List of versions", "items": { "format": "int64", "type": "integer" }, "type": "array", "x-order": 3 } }, "required": [ "displayName", "name", "versionTags", "versions" ], "type": "object" }, "AppPolicyRemediateSummaryEvent": { "description": "PolicyRemediateSummaryEvent is emitted after a call to Remediate on an analyzer, summarizing the results.", "properties": { "failed": { "description": "The names of resource policies that failed (i.e. produced violations).", "items": { "type": "string" }, "type": "array", "x-order": 6 }, "passed": { "description": "The names of resource policies that passed (i.e. did not produce any violations).", "items": { "type": "string" }, "type": "array", "x-order": 5 }, "policyPackName": { "description": "The name of the policy pack.", "type": "string", "x-order": 2 }, "policyPackVersion": { "description": "The version of the policy pack.", "type": "string", "x-order": 3 }, "policyPackVersionTag": { "description": "The version tag of the policy pack.", "type": "string", "x-order": 4 }, "resourceUrn": { "description": "The URN of the resource being remediated.", "type": "string", "x-order": 1 } }, "required": [ "policyPackName", "policyPackVersion", "policyPackVersionTag", "resourceUrn" ], "type": "object" }, "AppPolicyRemediationEvent": { "description": "PolicyRemediationEvent is emitted whenever there is Policy transformation.", "properties": { "after": { "additionalProperties": { "type": "object" }, "description": "Map of after", "type": "object", "x-order": 8 }, "before": { "additionalProperties": { "type": "object" }, "description": "Map of before", "type": "object", "x-order": 7 }, "color": { "description": "The output color", "type": "string", "x-order": 2 }, "policyName": { "description": "The policy name", "type": "string", "x-order": 3 }, "policyPackName": { "description": "The policy pack name", "type": "string", "x-order": 4 }, "policyPackVersion": { "description": "The policy pack version", "type": "string", "x-order": 5 }, "policyPackVersionTag": { "description": "The policy pack version tag", "type": "string", "x-order": 6 }, "resourceUrn": { "description": "The resource urn", "type": "string", "x-order": 1 } }, "required": [ "color", "policyName", "policyPackName", "policyPackVersion", "policyPackVersionTag" ], "type": "object" }, "AppPreludeEvent": { "description": "PreludeEvent is emitted at the start of an update.", "properties": { "config": { "additionalProperties": { "type": "string" }, "description": "Config contains the keys and values for the update. Encrypted configuration values may be blinded.", "type": "object", "x-order": 1 } }, "required": [ "config" ], "type": "object" }, "AppProgressEvent": { "description": "ProgressEvent is emitted when a potentially long-running engine process is in progress.", "properties": { "done": { "description": "True if and only if the process has completed.", "type": "boolean", "x-order": 6 }, "id": { "description": "A unique identifier for the process.", "type": "string", "x-order": 2 }, "message": { "description": "A message accompanying the process.", "type": "string", "x-order": 3 }, "received": { "description": "The number of items completed so far (e.g. bytes received, items installed, etc.)", "format": "int64", "type": "integer", "x-order": 4 }, "total": { "description": "The total number of items that must be completed.", "format": "int64", "type": "integer", "x-order": 5 }, "type": { "description": "The type of process (e.g. plugin download, plugin install).", "enum": [ "plugin-download", "plugin-install" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppProgressType", "enumComments": "ProgressType is the type of process occurring.", "enumFieldNames": [ "PluginDownload", "PluginInstall" ], "enumFieldComments": [ "PluginDownload represents a download of a plugin.", "PluginInstall represents the installation of a plugin." ] } } }, "required": [ "done", "id", "message", "received", "total", "type" ], "type": "object" }, "AppProjectTemplateConfigValue": { "description": "ProjectTemplateConfigValue is a config value included in the project template manifest.", "properties": { "default": { "description": "Default is an optional default value for the config value.", "type": "string", "x-order": 2 }, "description": { "description": "Description is an optional description for the config value.", "type": "string", "x-order": 1 }, "secret": { "description": "Secret may be set to true to indicate that the config value should be encrypted.", "type": "boolean", "x-order": 3 } }, "type": "object" }, "AppPropertyDiff": { "description": "PropertyDiff describes the difference between a single property's old and new values.", "properties": { "diffKind": { "description": "Kind is the kind of difference.", "enum": [ "add", "add-replace", "delete", "delete-replace", "update", "update-replace" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppDiffKind", "enumComments": "DiffKind describes the kind of a particular property diff.", "enumFieldNames": [ "DiffAdd", "DiffAddReplace", "DiffDelete", "DiffDeleteReplace", "DiffUpdate", "DiffUpdateReplace" ], "enumFieldComments": [ "DiffAdd indicates that the property was added.", "DiffAddReplace indicates that the property was added and requires that the resource be replaced.", "DiffDelete indicates that the property was deleted.", "DiffDeleteReplace indicates that the property was deleted and requires that the resource be replaced.", "DiffUpdate indicates that the property was updated.", "DiffUpdateReplace indicates that the property was updated and requires that the resource be replaced." ] } }, "inputDiff": { "description": "InputDiff is true if this is a difference between old and new inputs rather than old state and new inputs.", "type": "boolean", "x-order": 2 } }, "required": [ "diffKind", "inputDiff" ], "type": "object" }, "AppPulumiStackReference": { "description": "PulumiStackReference contains the StackName and ProjectName of the stack.", "properties": { "name": { "description": "The name", "type": "string", "x-order": 1 }, "routingProject": { "description": "The routing project", "type": "string", "x-order": 2 } }, "required": [ "name", "routingProject" ], "type": "object" }, "AppRenewUpdateLeaseRequest": { "description": "RenewUpdateLeaseRequest defines the body of a request to the update lease renewal endpoint of the service API.", "properties": { "duration": { "description": "The duration for which to renew the lease in seconds (maximum 300).", "format": "int64", "type": "integer", "x-order": 2 }, "token": { "description": "The current, valid lease token.\nDEPRECATED as of Pulumi API version 5+. Pulumi API will expect the update token\nin the Authorization header instead of this property. This property will be removed\nwhen the minimum supported API version on the service is raised to 5.", "type": "string", "x-order": 1 } }, "required": [ "duration", "token" ], "type": "object" }, "AppRenewUpdateLeaseResponse": { "description": "RenewUpdateLeaseResponse defines the data returned by the update lease renewal endpoint of the service API.", "properties": { "token": { "description": "The renewed token.", "type": "string", "x-order": 1 }, "tokenExpiration": { "description": "TokenExpiration is a UNIX timestamp by which the token will expire.", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "token" ], "type": "object" }, "AppRequiredPolicy": { "description": "RequiredPolicy is the information regarding a particular Policy that is required by an organization.", "properties": { "config": { "additionalProperties": { "type": "object" }, "description": "The configuration that is to be passed to the Policy Pack. This is map a of policies\nmapped to their configuration. Each individual configuration must comply with the\nJSON schema for each Policy within the Policy Pack.", "type": "object", "x-order": 6 }, "displayName": { "description": "The pretty name of the required Policy Pack.", "type": "string", "x-order": 4 }, "environments": { "description": "References to ESC environments whose resolved values the CLI should inject into the policy pack process.", "items": { "type": "string" }, "type": "array", "x-order": 7 }, "name": { "description": "The name (unique and URL-safe) of the required Policy Pack.", "type": "string", "x-order": 1 }, "packLocation": { "description": "Where the Policy Pack can be downloaded from.", "type": "string", "x-order": 5 }, "version": { "description": "The version of the required Policy Pack.", "format": "int64", "type": "integer", "x-order": 2 }, "versionTag": { "description": "The version tag of the required Policy Pack.", "type": "string", "x-order": 3 } }, "required": [ "displayName", "name", "version", "versionTag" ], "type": "object" }, "AppResCustomTimeouts": { "description": "Custom timeout values (in seconds) for resource CRUD operations.", "properties": { "create": { "description": "Timeout in seconds for resource creation operations.", "format": "double", "type": "number", "x-order": 1 }, "delete": { "description": "Timeout in seconds for resource deletion operations.", "format": "double", "type": "number", "x-order": 3 }, "update": { "description": "Timeout in seconds for resource update operations.", "format": "double", "type": "number", "x-order": 2 } }, "type": "object" }, "AppResOpFailedEvent": { "description": "ResOpFailedEvent is emitted when a resource operation fails. Typically a DiagnosticEvent is\nemitted before this event, indicating the root cause of the error.", "properties": { "metadata": { "$ref": "#/components/schemas/AppStepEventMetadata", "description": "The metadata", "x-order": 1 }, "status": { "description": "The current status", "format": "int64", "type": "integer", "x-order": 2 }, "steps": { "description": "The steps", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "metadata", "status", "steps" ], "type": "object" }, "AppResOutputsEvent": { "description": "ResOutputsEvent is emitted when a resource is finished being provisioned.", "properties": { "metadata": { "$ref": "#/components/schemas/AppStepEventMetadata", "description": "The metadata", "x-order": 1 }, "planning": { "description": "Whether planning is enabled", "type": "boolean", "x-order": 2 } }, "required": [ "metadata" ], "type": "object" }, "AppResourcePreEvent": { "description": "ResourcePreEvent is emitted before a resource is modified.", "properties": { "metadata": { "$ref": "#/components/schemas/AppStepEventMetadata", "description": "The metadata", "x-order": 1 }, "planning": { "description": "Whether planning is enabled", "type": "boolean", "x-order": 2 } }, "required": [ "metadata" ], "type": "object" }, "AppResourceV3": { "description": "ResourceV3 is the third version of the Resource API type. It absorbs a few breaking changes:\n1. It adds a map from input property names to the dependencies that affect that input property. This is used to\nimprove the precision of delete-before-create operations.\n2. It adds a new boolean field, `PendingReplacement`, that marks resources that have been deleted as part of a\ndelete-before-create operation but have not yet been recreated.\nMigrating from ResourceV2 to ResourceV3 involves:\n1. Populating the map from input property names to dependencies by assuming that every dependency listed in\n`Dependencies` affects every input property.", "properties": { "additionalSecretOutputs": { "description": "AdditionalSecretOutputs is a list of outputs that were explicitly marked as secret when the resource was created.", "items": { "type": "string" }, "type": "array", "x-order": 17 }, "aliases": { "description": "Aliases is a list of previous URNs that this resource may have had in previous deployments.", "items": { "type": "string" }, "type": "array", "x-order": 18 }, "created": { "description": "Created tracks when the remote resource was first added to state by pulumi. Checkpoints prior to early 2023 do not include this.", "format": "date-time", "type": "string", "x-order": 24 }, "custom": { "description": "Custom is true when it is managed by a plugin.", "type": "boolean", "x-order": 2 }, "customTimeouts": { "$ref": "#/components/schemas/AppResCustomTimeouts", "description": "CustomTimeouts is a configuration block that can be used to control timeouts of CRUD operations.", "x-order": 19 }, "delete": { "description": "Delete is true when the resource should be deleted during the next update.", "type": "boolean", "x-order": 3 }, "deletedWith": { "description": "If set, the providers Delete method will not be called for this resource\nif specified resource is being deleted as well.", "type": "string", "x-order": 22 }, "dependencies": { "description": "Dependencies contains the dependency edges to other resources that this depends on.", "items": { "type": "string" }, "type": "array", "x-order": 12 }, "external": { "description": "External is set to true when the lifecycle of this resource is not managed by Pulumi.", "type": "boolean", "x-order": 11 }, "hideDiff": { "description": "HideDiff is a list of properties to hide the diff for.", "items": { "type": "string" }, "type": "array", "x-order": 29 }, "id": { "description": "ID is the provider-assigned resource, if any, for custom resources.", "type": "string", "x-order": 4 }, "ignoreChanges": { "description": "IgnoreChanges is a list of properties to ignore changes for.", "items": { "type": "string" }, "type": "array", "x-order": 28 }, "importID": { "description": "ImportID is the import input used for imported resources.", "type": "string", "x-order": 20 }, "initErrors": { "description": "InitErrors is the set of errors encountered in the process of initializing resource (i.e.,\nduring create or update).", "items": { "type": "string" }, "type": "array", "x-order": 13 }, "inputs": { "additionalProperties": { "type": "object" }, "description": "Inputs are the input properties supplied to the provider.", "type": "object", "x-order": 6 }, "modified": { "description": "Modified tracks when the resource state was last altered. Checkpoints prior to early 2023 do not include this.", "format": "date-time", "type": "string", "x-order": 25 }, "outputs": { "additionalProperties": { "type": "object" }, "description": "Outputs are the output properties returned by the provider after provisioning.", "type": "object", "x-order": 7 }, "parent": { "description": "Parent is an optional parent URN if this resource is a child of it.", "type": "string", "x-order": 8 }, "pendingReplacement": { "description": "PendingReplacement is used to track delete-before-replace resources that have been deleted but not yet\nrecreated.", "type": "boolean", "x-order": 16 }, "propertyDependencies": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "description": "PropertyDependencies maps from an input property name to the set of resources that property depends on.", "type": "object", "x-order": 15 }, "protect": { "description": "Protect is set to true when this resource is \"protected\" and may not be deleted.", "type": "boolean", "x-order": 9 }, "provider": { "description": "Provider is a reference to the provider that is associated with this resource.", "type": "string", "x-order": 14 }, "refreshBeforeUpdate": { "description": "RefreshBeforeUpdate indicates that this resource should always be refreshed prior to updates.", "type": "boolean", "x-order": 32 }, "replaceOnChanges": { "description": "ReplaceOnChanges is a list of properties that if changed trigger a replace.", "items": { "type": "string" }, "type": "array", "x-order": 30 }, "replaceWith": { "description": "ReplaceWith is a list of resources whose replaces will also trigger this resource's replace.", "items": { "type": "string" }, "type": "array", "x-order": 23 }, "replacementTrigger": { "description": "If set, the engine will diff this with the last recorded value, and trigger a replace if they are not equal.", "type": "object", "x-order": 31 }, "resourceHooks": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "description": "ResourceHooks is a map of hook types to lists of hook names for the given type.", "type": "object", "x-order": 34 }, "retainOnDelete": { "description": "If set to True, the providers Delete method will not be called for this resource. Pulumi simply stops tracking the deleted resource.", "type": "boolean", "x-order": 21 }, "sourcePosition": { "description": "SourcePosition tracks the source location of this resource's registration", "type": "string", "x-order": 26 }, "stackTrace": { "description": "StackTrace records the stack at the time this resource was registered", "items": { "$ref": "#/components/schemas/AppStackFrameV1" }, "type": "array", "x-order": 27 }, "taint": { "description": "Taint is set to true when we wish to force it to be replaced upon the next update.", "type": "boolean", "x-order": 10 }, "type": { "description": "Type is the resource's full type token.", "type": "string", "x-order": 5 }, "urn": { "description": "URN uniquely identifying this resource.", "type": "string", "x-order": 1 }, "viewOf": { "description": "ViewOf is a reference to the resource that this resource is a view of.", "type": "string", "x-order": 33 } }, "required": [ "custom", "type", "urn" ], "type": "object" }, "AppSecretsProvidersV1": { "description": "Represents app secrets providers v1.", "properties": { "state": { "description": "The current state", "type": "object", "x-order": 2 }, "type": { "description": "The type", "type": "string", "x-order": 1 } }, "required": [ "type" ], "type": "object" }, "AppSnapshotIntegrityErrorMetadataV1": { "description": "SnapshotIntegrityErrorMetadataV1 contains metadata about a snapshot integrity error, such as the version\nand invocation of the Pulumi engine that caused it.", "properties": { "command": { "description": "The command/invocation of the Pulumi engine that caused the integrity error.", "type": "string", "x-order": 2 }, "env_vars": { "additionalProperties": { "type": "string" }, "description": "The Pulumi environment variables that were set when the integrity error occurred.", "type": "object", "x-order": 4 }, "error": { "description": "The error message associated with the integrity error.", "type": "string", "x-order": 3 }, "version": { "description": "The version of the Pulumi engine that caused the integrity error.", "type": "string", "x-order": 1 } }, "type": "object" }, "AppSnapshotMetadataV1": { "description": "SnapshotMetadataV1 contains metadata about a deployment snapshot.", "properties": { "integrity_error": { "$ref": "#/components/schemas/AppSnapshotIntegrityErrorMetadataV1", "description": "Metadata associated with any integrity error affecting the snapshot.", "x-order": 1 } }, "type": "object" }, "AppStack": { "description": "Stack describes a Stack running on a Pulumi Cloud.", "properties": { "activeUpdate": { "description": "The active update", "type": "string", "x-order": 6 }, "config": { "$ref": "#/components/schemas/AppStackConfig", "description": "Optional cloud-persisted stack configuration.\nIf set, then the stack's configuration is loaded from the cloud and not a file on disk.", "x-order": 8 }, "currentOperation": { "$ref": "#/components/schemas/AppOperationStatus", "description": "CurrentOperation provides information about a stack operation in-progress, as applicable.", "x-order": 5 }, "id": { "description": "The logical identifier of the stack.", "type": "string", "x-order": 1 }, "orgName": { "description": "The organization name", "type": "string", "x-order": 2 }, "projectName": { "description": "The project name", "type": "string", "x-order": 3 }, "stackName": { "description": "The stack name", "type": "string", "x-order": 4 }, "tags": { "additionalProperties": { "type": "string" }, "description": "Map of tags", "type": "object", "x-order": 7 }, "version": { "description": "The version number", "format": "int64", "type": "integer", "x-order": 9 } }, "required": [ "activeUpdate", "id", "orgName", "projectName", "stackName", "version" ], "type": "object" }, "AppStackConfig": { "description": "StackConfig describes the configuration of a stack from Pulumi Cloud.", "properties": { "encryptedKey": { "description": "The KMS-encrypted ciphertext for the data key used for secrets encryption. Only used for cloud-based secrets providers.", "type": "string", "x-order": 3 }, "encryptionSalt": { "description": "The stack's base64-encoded encryption salt. Only used for passphrase-based secrets providers.", "type": "string", "x-order": 4 }, "environment": { "description": "Reference to ESC environment to use as stack configuration.", "type": "string", "x-order": 1 }, "secretsProvider": { "description": "The stack's secrets provider.", "type": "string", "x-order": 2 } }, "required": [ "environment" ], "type": "object" }, "AppStackFrameV1": { "description": "StackFrameV1 captures information about a stack frame.", "properties": { "sourcePosition": { "description": "SourcePosition contains the source position associated with the stack frame.", "type": "string", "x-order": 1 } }, "type": "object" }, "AppStackLinks": { "description": "Represents app stack links.", "properties": { "self": { "description": "The self link URL", "type": "string", "x-order": 1 } }, "required": [ "self" ], "type": "object" }, "AppStackRenameRequest": { "description": "StackRenameRequest is the shape of the request to change an existing stack's name.\nIf either NewName or NewProject is the empty string, the current project/name will\nbe preserved. (But at least one should be set.)", "properties": { "newName": { "description": "The new name", "type": "string", "x-order": 1 }, "newProject": { "description": "The new project", "type": "string", "x-order": 2 } }, "required": [ "newName", "newProject" ], "type": "object" }, "AppStackSummary": { "description": "StackSummary describes the state of a stack, without including its specific resources, etc.", "properties": { "id": { "description": "The logical identifier of the stack.", "type": "string", "x-order": 1 }, "lastUpdate": { "description": "LastUpdate is a Unix timestamp of the start time of the stack's last update, as applicable.", "format": "int64", "type": "integer", "x-order": 5 }, "links": { "$ref": "#/components/schemas/AppStackLinks", "description": "Links to the stack in the Pulumi Console", "x-order": 7 }, "orgName": { "description": "OrgName is the organization name the stack is found in.", "type": "string", "x-order": 2 }, "projectName": { "description": "ProjectName is the name of the project the stack is associated with.", "type": "string", "x-order": 3 }, "resourceCount": { "description": "ResourceCount is the number of resources associated with this stack, as applicable.", "format": "int64", "type": "integer", "x-order": 6 }, "stackName": { "description": "StackName is the name of the stack.", "type": "string", "x-order": 4 } }, "required": [ "id", "orgName", "projectName", "stackName" ], "type": "object" }, "AppStartDebuggingEvent": { "description": "StartDebuggingEvent is emitted to start a debugging session.", "properties": { "config": { "additionalProperties": { "type": "object" }, "description": "The configuration", "type": "object", "x-order": 1 } }, "type": "object" }, "AppStartUpdateRequest": { "description": "StartUpdateRequest requests that an update starts getting applied to a stack.", "properties": { "journalVersion": { "description": "JournalVersion indicates the maximum journal version the client supports. If 0, journaling\nis not supported.", "format": "int64", "type": "integer", "x-order": 2 }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags contains an updated set of Tags for the stack. If non-nil, will replace the current\nset of tags associated with the stack.", "type": "object", "x-order": 1 } }, "type": "object" }, "AppStartUpdateResponse": { "description": "StartUpdateResponse is the result of the command to start an update.", "properties": { "journalVersion": { "description": "JournalVersion indicates the maximum version of journal entries that should be\nsent to the server. Is expected to be less or equal than the JournalVersion we\nsent in the update request. If 0, journaling is disabled.", "format": "int64", "type": "integer", "x-order": 4 }, "token": { "description": "Token is the lease token (if any) to be used to authorize operations on this update.", "type": "string", "x-order": 2 }, "tokenExpiration": { "description": "TokenExpiration is a UNIX timestamp by which the token will expire.", "format": "int64", "type": "integer", "x-order": 3 }, "version": { "description": "Version is the version of the program once the update is complete.\n(Will be the current, unchanged value for previews.)", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "version" ], "type": "object" }, "AppStdoutEngineEvent": { "description": "StdoutEngineEvent is emitted whenever a generic message is written, for example warnings\nfrom the pulumi CLI itself. Less common that DiagnosticEvent", "properties": { "color": { "description": "The output color", "type": "string", "x-order": 2 }, "message": { "description": "The message content", "type": "string", "x-order": 1 } }, "required": [ "color", "message" ], "type": "object" }, "AppStepEventMetadata": { "description": "StepEventMetadata describes a \"step\" within the Pulumi engine, which is any concrete action\nto migrate a set of cloud resources from one state to another.", "properties": { "detailedDiff": { "additionalProperties": { "$ref": "#/components/schemas/AppPropertyDiff" }, "description": "The diff for this step as a map of property paths to difference types. An empty map indicates no detailed property-level diff is available; if this field is omitted or null, the diff was not computed.", "type": "object", "x-order": 8 }, "diffs": { "description": "Keys that changed with this step.", "items": { "type": "string" }, "type": "array", "x-order": 7 }, "keys": { "description": "Keys causing a replacement (only applicable for `create` and `replace` Ops).", "items": { "type": "string" }, "type": "array", "x-order": 6 }, "logical": { "description": "Logical is set if the step is a logical operation in the program.", "type": "boolean", "x-order": 9 }, "new": { "$ref": "#/components/schemas/AppStepEventStateMetadata", "description": "New is the state of the resource after performing the step.", "x-order": 5 }, "old": { "$ref": "#/components/schemas/AppStepEventStateMetadata", "description": "Old is the state of the resource before performing the step.", "x-order": 4 }, "op": { "description": "Op is the operation being performed.", "enum": [ "same", "create", "update", "delete", "replace", "create-replacement", "delete-replaced", "read", "read-replacement", "refresh", "discard", "discard-replaced", "remove-pending-replace", "import", "import-replacement" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppOpType", "enumComments": "OpType describes the type of operation performed to a resource managed by Pulumi.\nShould generally mirror deploy.StepOp, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "enumFieldNames": [ "OpSame", "OpCreate", "OpUpdate", "OpDelete", "OpReplace", "OpCreateReplacement", "OpDeleteReplaced", "OpRead", "OpReadReplacement", "OpRefresh", "OpReadDiscard", "OpDiscardReplaced", "OpRemovePendingReplace", "OpImport", "OpImportReplacement" ], "enumFieldComments": [ "OpSame indicates no change was made.", "OpCreate indicates a new resource was created.", "OpUpdate indicates an existing resource was updated.", "OpDelete indicates an existing resource was deleted.", "OpReplace indicates an existing resource was replaced with a new one.", "OpCreateReplacement indicates a new resource was created for a replacement.", "OpDeleteReplaced indicates an existing resource was deleted after replacement.", "OpRead indicates reading an existing resource.", "OpReadReplacement indicates reading an existing resource for a replacement.", "OpRefresh indicates refreshing an existing resource.", "OpReadDiscard indicates removing a resource that was read.", "OpDiscardReplaced indicates discarding a read resource that was replaced.", "OpRemovePendingReplace indicates removing a pending replace resource.", "OpImport indicates importing an existing resource.", "OpImportReplacement indicates replacement of an existing resource with an imported resource." ] } }, "provider": { "description": "Provider actually performing the step.", "type": "string", "x-order": 10 }, "type": { "description": "The type", "type": "string", "x-order": 3 }, "urn": { "description": "The Pulumi URN", "type": "string", "x-order": 2 } }, "required": [ "detailedDiff", "new", "old", "op", "provider", "type", "urn" ], "type": "object" }, "AppStepEventStateMetadata": { "description": "StepEventStateMetadata is the more detailed state information for a resource as it relates to\na step(s) being performed.", "properties": { "custom": { "description": "Custom indicates if the resource is managed by a plugin.", "type": "boolean", "x-order": 3 }, "delete": { "description": "Delete is true when the resource is pending deletion due to a replacement.", "type": "boolean", "x-order": 4 }, "external": { "description": "True if the resource is external to Pulumi (its lifecycle is managed outside of Pulumi).", "type": "boolean", "x-order": 14 }, "hideDiffs": { "description": "HideDiffs is the set of property paths where diffs are not displayed.", "items": { "type": "string" }, "type": "array", "x-order": 15 }, "id": { "description": "ID is the resource's unique ID, assigned by the resource provider (or blank if none/uncreated).", "type": "string", "x-order": 5 }, "initErrors": { "description": "InitErrors is the set of errors encountered in the process of initializing resource.", "items": { "type": "string" }, "type": "array", "x-order": 13 }, "inputs": { "additionalProperties": { "type": "object" }, "description": "Inputs contains the resource's input properties (as specified by the program). Secrets have\nfiltered out, and large assets have been replaced by hashes as applicable.", "type": "object", "x-order": 10 }, "outputs": { "additionalProperties": { "type": "object" }, "description": "Outputs contains the resource's complete output state (as returned by the resource provider).", "type": "object", "x-order": 11 }, "parent": { "description": "Parent is an optional parent URN that this resource belongs to.", "type": "string", "x-order": 6 }, "protect": { "description": "Protect is true to \"protect\" this resource (protected resources cannot be deleted).", "type": "boolean", "x-order": 7 }, "provider": { "description": "Provider is the resource's provider reference", "type": "string", "x-order": 12 }, "retainOnDelete": { "description": "RetainOnDelete is true if the resource is not physically deleted when it is logically deleted.", "type": "boolean", "x-order": 9 }, "taint": { "description": "Taint is set to true when we wish to force it to be replaced upon the next update.", "type": "boolean", "x-order": 8 }, "type": { "description": "The type", "type": "string", "x-order": 1 }, "urn": { "description": "The Pulumi URN", "type": "string", "x-order": 2 } }, "required": [ "id", "inputs", "outputs", "parent", "provider", "type", "urn" ], "type": "object" }, "AppSummaryEvent": { "description": "SummaryEvent is emitted at the end of an update, with a summary of the changes made.", "properties": { "PolicyPacks": { "additionalProperties": { "type": "string" }, "description": "Policy Packs run during the update, as a map from policy pack name to version. For newer clients, the value is the version tag prefixed with `v`; for older clients it is the raw version.", "type": "object", "x-order": 4 }, "durationSeconds": { "description": "Duration is the number of seconds the update was executing.", "format": "int64", "type": "integer", "x-order": 2 }, "isPreview": { "description": "IsPreview indicates whether this is a preview or an update.", "type": "boolean", "x-order": 5 }, "maybeCorrupt": { "description": "MaybeCorrupt is set if one or more of the resources is in an invalid state.", "type": "boolean", "x-order": 1 }, "resourceChanges": { "additionalProperties": { "format": "int64", "type": "integer" }, "description": "ResourceChanges contains the count for resource change by type.", "type": "object", "x-order": 3 } }, "required": [ "PolicyPacks", "durationSeconds", "isPreview", "maybeCorrupt", "resourceChanges" ], "type": "object" }, "AppUntypedDeployment": { "description": "UntypedDeployment contains an inner, untyped deployment structure.", "properties": { "deployment": { "description": "The opaque Pulumi deployment payload. Treated as a raw JSON value so the contents are preserved verbatim across client and server versions.", "type": "object", "x-order": 3 }, "features": { "description": "An optional list of features used by this deployment. The CLI will error when reading a deployment that uses a feature that is not supported by that version of the CLI. Only honored when `version` is 4 or greater.", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "version": { "description": "The schema version of the encoded deployment.", "format": "int64", "type": "integer", "x-order": 1 } }, "type": "object" }, "AppUpdateEvent": { "description": "UpdateEvent describes an event that happened on the Pulumi Cloud while processing an update.", "properties": { "fields": { "additionalProperties": { "type": "object" }, "description": "The fields", "type": "object", "x-order": 3 }, "index": { "description": "The index", "type": "string", "x-order": 1 }, "kind": { "description": "The kind", "enum": [ "stdout", "stderr" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "AppUpdateEventKind", "enumComments": "UpdateEventKind is an enum for the type of update events.", "enumFieldNames": [ "StdoutEvent", "StderrEvent" ], "enumFieldComments": [ "StdoutEvent is used to mark the event being emitted to STDOUT.", "StderrEvent is used to mark the event being emitted to STDERR." ] } } }, "required": [ "fields", "index", "kind" ], "type": "object" }, "AppUpdateInfo": { "description": "UpdateInfo describes a previous update.\nShould generally mirror backend.UpdateInfo, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "properties": { "config": { "additionalProperties": { "$ref": "#/components/schemas/AppConfigValue" }, "description": "Stack configuration values used during the update, keyed by config key.", "type": "object", "x-order": 5 }, "deployment": { "description": "Raw deployment state snapshot, if requested.", "type": "object", "x-order": 9 }, "endTime": { "description": "Unix epoch timestamp (seconds) when the update completed.", "format": "int64", "type": "integer", "x-order": 7 }, "environment": { "additionalProperties": { "type": "string" }, "description": "Environment variables that were set during the update, keyed by variable name.", "type": "object", "x-order": 4 }, "kind": { "description": "Information known before an update is started.", "enum": [ "update", "preview", "refresh", "rename", "destroy", "import", "Pupdate", "Prefresh", "Pdestroy", "Pimport", "Prename" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppUpdateKind", "enumComments": "UpdateKind is an enum for the type of update performed.\nShould generally mirror backend.UpdateKind, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "enumFieldNames": [ "Update", "Preview", "Refresh", "Rename", "Destroy", "Import", "PreviewUpdate", "PreviewRefresh", "PreviewDestroy", "PreviewImport", "PreviewRename" ], "enumFieldComments": [ "A Pulumi program update.", "A preview of an update, without impacting resources.", "A refresh operation.", "A rename of the stack or project name.\nNOTE: Do not remove this type - it is used by Pulumi Cloud code.", "An update which removes all resources.", "An update that entails importing a raw checkpoint file.", "A preview of an update operation.", "A preview of a refresh operation.", "A preview of a destroy operation.", "A preview of an import operation.", "A preview of a rename operation." ] } }, "message": { "description": "User-provided message describing the purpose of the update.", "type": "string", "x-order": 3 }, "resourceChanges": { "additionalProperties": { "format": "int64", "type": "integer" }, "description": "Count of resource changes by operation type (e.g. 'create': 5, 'update': 2, 'delete': 1).", "type": "object", "x-order": 10 }, "resourceCount": { "description": "Total number of resources managed by the stack after this update.", "format": "int64", "type": "integer", "x-order": 11 }, "result": { "description": "Information obtained from an update completing.", "enum": [ "not-started", "in-progress", "succeeded", "failed" ], "type": "string", "x-order": 6, "x-pulumi-model-property": { "enumTypeName": "AppUpdateResult", "enumComments": "UpdateResult is an enum for the result of the update.\nShould generally mirror backend.UpdateResult, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "enumFieldNames": [ "NotStarted", "InProgress", "Succeeded", "Failed" ], "enumFieldComments": [ "The update has not started.", "The update has not yet completed.", "The update completed successfully.", "The update has failed." ] } }, "startTime": { "description": "Unix epoch timestamp (seconds) when the update started.", "format": "int64", "type": "integer", "x-order": 2 }, "version": { "description": "The stack version after this update completed.", "format": "int64", "type": "integer", "x-order": 8 } }, "required": [ "config", "endTime", "environment", "kind", "message", "result", "startTime", "version" ], "type": "object" }, "AppUpdateMetadata": { "description": "UpdateMetadata describes optional metadata about an update.\nShould generally mirror backend.UpdateMetadata, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "properties": { "environment": { "additionalProperties": { "type": "string" }, "description": "Environment contains optional data from the deploying environment. e.g. the current\nsource code control commit information.", "type": "object", "x-order": 2 }, "message": { "description": "Message is an optional message associated with the update.", "type": "string", "x-order": 1 } }, "required": [ "environment", "message" ], "type": "object" }, "AppUpdateOptions": { "description": "UpdateOptions is the set of operations for configuring the output of an update.\nShould generally mirror engine.UpdateOptions, but we clone it in this package to add\nflexibility in case there is a breaking change in the engine-type.", "properties": { "color": { "description": "Terminal color mode for output rendering (e.g. 'always', 'never', 'auto').", "type": "string", "x-order": 2 }, "debug": { "description": "If true, enable verbose debug logging during the update.", "type": "boolean", "x-order": 9 }, "dryRun": { "description": "If true, perform a preview without actually applying changes.", "type": "boolean", "x-order": 3 }, "localPolicyPackPaths": { "description": "File system paths to local policy packs to apply during this update.", "items": { "type": "string" }, "type": "array", "x-order": 1 }, "parallel": { "description": "Maximum number of resource operations to perform in parallel. 0 or -1 for unlimited.", "format": "int32", "type": "integer", "x-order": 4 }, "showConfig": { "description": "If true, include configuration values in the update output.", "type": "boolean", "x-order": 5 }, "showNames": { "description": "If true, include unchanged resources in the update output.", "type": "boolean", "x-order": 7 }, "showReplacementSteps": { "description": "If true, include detailed replacement steps in the update output.", "type": "boolean", "x-order": 6 }, "summary": { "description": "If true, only show a summary of changes rather than full details.", "type": "boolean", "x-order": 8 } }, "required": [ "color", "debug", "dryRun", "localPolicyPackPaths", "parallel", "showConfig", "showNames", "showReplacementSteps", "summary" ], "type": "object" }, "AppUpdatePolicyGroupRequest": { "description": "UpdatePolicyGroupRequest modifies a Policy Group.", "properties": { "addPolicyPack": { "$ref": "#/components/schemas/AppPolicyPackMetadata", "description": "A policy pack to enable for the policy group.", "x-order": 4 }, "addStack": { "$ref": "#/components/schemas/AppPulumiStackReference", "description": "A stack to add to the policy group.", "x-order": 2 }, "newName": { "description": "The new name to assign to the policy group.", "type": "string", "x-order": 1 }, "removePolicyPack": { "$ref": "#/components/schemas/AppPolicyPackMetadata", "description": "A policy pack to disable for the policy group.", "x-order": 5 }, "removeStack": { "$ref": "#/components/schemas/AppPulumiStackReference", "description": "A stack to remove from the policy group.", "x-order": 3 } }, "type": "object" }, "AppUpdateProgramRequest": { "description": "UpdateProgramRequest is the request type for updating (aka deploying) a Pulumi program.", "properties": { "config": { "additionalProperties": { "$ref": "#/components/schemas/AppConfigValue" }, "description": "Configuration values.", "type": "object", "x-order": 6 }, "description": { "description": "The description", "type": "string", "x-order": 4 }, "main": { "description": "The main entry point", "type": "string", "x-order": 3 }, "metadata": { "$ref": "#/components/schemas/AppUpdateMetadata", "description": "The metadata", "x-order": 7 }, "name": { "description": "Properties from the Project file. Subset of pack.Package.", "type": "string", "x-order": 1 }, "options": { "$ref": "#/components/schemas/AppUpdateOptions", "description": "The options", "x-order": 5 }, "runtime": { "description": "The runtime", "type": "string", "x-order": 2 } }, "required": [ "config", "description", "main", "metadata", "name", "options", "runtime" ], "type": "object" }, "AppUpdateProgramResponse": { "description": "UpdateProgramResponse is the result of an update program request.", "properties": { "aiSettings": { "$ref": "#/components/schemas/AppAISettingsForUpdate", "description": "The ai settings", "x-order": 4 }, "messages": { "description": "Messages is a list of messages that should be displayed to the user.", "items": { "$ref": "#/components/schemas/AppMessage" }, "type": "array", "x-order": 3 }, "requiredPolicies": { "description": "RequiredPolicies is a list of required Policy Packs to run during the update.", "items": { "$ref": "#/components/schemas/AppRequiredPolicy" }, "type": "array", "x-order": 2 }, "updateID": { "description": "UpdateID is the opaque identifier of the requested update. This value is needed to begin an update, as\nwell as poll for its progress.", "type": "string", "x-order": 1 } }, "required": [ "updateID" ], "type": "object" }, "AppUpdateResults": { "description": "UpdateResults returns a series of events and the current status of an update. The events can be filtered. See\nAPI call for more details.", "properties": { "continuationToken": { "description": "ContinuationToken is an opaque value used to indiciate the end of the returned update\nresults. Pass it in the next request to obtain subsequent update events.\n\nThe same continuation token may be returned if no new update events are available, but the\nupdate is still in-progress.\n\nA value of nil means that no new updates will be available. Everything has been returned to\nthe client and the update has completed.", "type": "string", "x-order": 3 }, "events": { "description": "List of events", "items": { "$ref": "#/components/schemas/AppUpdateEvent" }, "type": "array", "x-order": 2 }, "status": { "description": "The current status", "enum": [ "not started", "requested", "running", "failed", "succeeded", "cancelled" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppUpdateStatus", "enumComments": "UpdateStatus is an enum describing the current state during the lifecycle of an update.", "enumFieldNames": [ "NotStarted", "Requested", "Running", "Failed", "Succeeded", "Cancelled" ], "enumFieldComments": [ "StatusNotStarted is returned when the Update has been created but not applied.", "StatusRequested is returned when the Update application has been requested but not started.", "StatusRunning is returned when the Update is in progress.", "StatusFailed is returned when the update has failed.", "StatusSucceeded is returned when the update has succeeded.", "UpdateStatusCancelled indicates that an update completed due to cancellation." ] } } }, "required": [ "events", "status" ], "type": "object" }, "AppendMessageToConversationRequest": { "description": "Request body for appending a message to a Copilot conversation.", "properties": { "message": { "description": "The message text to append to the conversation.", "type": "string", "x-order": 2 }, "message_schema_version": { "description": "Schema version of the message format, for forward/backward compatibility.", "type": "string", "x-order": 3 }, "model": { "description": "The AI model to use for generating the response (e.g. 'gpt-4', 'claude-3').", "type": "string", "x-order": 1 }, "role": { "description": "The role of the message sender (e.g. 'user', 'assistant', 'system').", "type": "string", "x-order": 5 }, "skills": { "description": "Comma-separated list of skill identifiers to enable for this message.", "type": "string", "x-order": 4 } }, "required": [ "message", "message_schema_version", "model", "role", "skills" ], "type": "object" }, "ApprovalRuleEligibilityInput": { "description": "Input specification for approval rule eligibility - contains minimal identifiers for API requests", "discriminator": { "mapping": { "has_permission_on_target": "#/components/schemas/ApprovalRuleEligibilityInputPermission", "specific_user": "#/components/schemas/ApprovalRuleEligibilityInputUser", "team_member": "#/components/schemas/ApprovalRuleEligibilityInputTeam" }, "propertyName": "eligibilityType" }, "properties": { "eligibilityType": { "type": "string" } }, "required": [ "eligibilityType" ], "type": "object" }, "ApprovalRuleEligibilityInputPermission": { "allOf": [ { "$ref": "#/components/schemas/ApprovalRuleEligibilityInput" }, { "description": "Represents approval rule eligibility input permission.", "properties": { "permission": { "description": "Permission required for eligibility condition", "enum": [ "", "stack:list", "project:encrypt", "project:decrypt", "project_annotations:read", "project_annotations:update", "stack:read", "stack:write", "stack:import", "stack:export", "stack:encrypt", "stack:decrypt", "stack:create", "stack:rename", "stack:delete", "stack:cancel_update", "stack:transfer", "stack:list_deleted", "stack:restore_deleted", "stack_deployment:create", "stack_deployment:read", "stack_deployment_settings:write", "stack_deployment_settings:read", "stack_deployment_settings:encrypt", "stack_deployment_cache:read", "stack_webhook:read", "stack_webhook:create", "stack_webhook:update", "stack_webhook:delete", "stack_access:read", "stack_access:update", "stack_tags:update", "stack_annotations:read", "stack_annotations:update", "stack_schedule:create", "stack_schedule:update", "stack_schedule:read", "stack_schedule:delete", "stack_schedule:pause", "stack_schedule:resume", "organization:read_usage", "organization:update", "organization:rename", "organization:delete", "organization:change_backend", "organization:billing", "organization:potential", "organization:transfer_stacks", "saml:read", "saml:update", "audit_logs:read", "audit_logs:export", "scim:read", "scim:update", "scim:delete", "tags:read", "org_integrations:read", "org_integrations:update", "integrations:update", "integrations:read", "invites:read", "invites:create", "org_requests:read", "org_requests:update", "org_member_access:read", "org_member:read", "org_member:delete", "org_member:add", "org_member:update", "org_member:set_admin", "org_token:read", "org_token:create", "org_token:delete", "auth_policies:read", "auth_policies:update", "oidc_issuers:read", "oidc_issuers:update", "oidc_issuers:regenerate_thumbprints", "oidc_issuers:create", "oidc_issuers:delete", "agent_pool:read", "agent_pool:create", "agent_pool:update", "agent_pool:delete", "organization_webhook:read", "organization_webhook:create", "organization_webhook:update", "organization_webhook:delete", "resources:index", "resources:search", "resources:dashboard", "templates:read", "templates_source:read", "templates_source:update", "templates_source:delete", "templates_source:create", "services:create", "services:read", "services:write", "services:admin", "deployments:read", "deployments:pause", "deployments:resume", "deployments:read_usage", "organization_annotations:read", "organization_annotations:update", "policy_groups:create", "policy_groups:read", "policy_groups:update", "policy_groups:delete", "policy_pack:create", "policy_pack:read", "policy_pack:update", "policy_pack:delete", "policy_results:read", "environment:create", "environment:list", "environment:read", "environment:open", "environment:write", "environment:delete", "environment_settings:read", "environment_settings:update", "environment:clone", "environment:rotate", "environment:rotate_history", "environment:list_deleted", "environment:restore_deleted", "environment_yaml:open", "environment_schedule:create", "environment_schedule:read", "environment_schedule:update", "environment_schedule:pause", "environment_schedule:resume", "environment_schedule:delete", "environment_tags:list", "environment_tag:read", "environment_tag:create", "environment_tag:update", "environment_tag:delete", "environment_version:create", "environment_version:read", "environment_version:update", "environment_version:delete", "environment_version:retract", "environment_version:open", "environment_webhook:read", "environment_webhook:create", "environment_webhook:update", "environment_webhook:delete", "environment_access:read", "environment_access:update", "team:list", "team:read", "team:create", "team:update", "team:delete", "team:create_token", "team:list_tokens", "team:delete_token", "github_team:create", "insights_account:list", "insights_account:read", "insights_account:create", "insights_account:update", "insights_account:delete", "insights_account:update_policy_results", "insights_account_access:read", "insights_account_access:update", "insights_account:scan", "insights_account_scan:read", "insights_account_scan:update", "insights_account_scan:cancel", "insights_account_scan:pause", "insights_account_scan:resume", "insights_policy_queue:read", "insights_policy_evaluator:read", "insights_policy_evaluator:delete", "insights_policy_evaluator:ensure", "insights_policy_evaluator:update", "ai_conversations:list_all", "ai_conversations:read", "ai_conversations:create", "ai_conversations:update", "role:create", "role:read", "role:update", "role:delete", "change_gate:create", "change_gate:update", "change_gate:delete" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "RbacPermission", "enumComments": "RbacPermission enumerates the permissions available in the RBAC system.", "enumFieldNames": [ "NoPermission", "StackList", "ProjectEncrypt", "ProjectDecrypt", "ProjectAnnotationRead", "ProjectAnnotationUpdate", "StackRead", "StackWrite", "StackImport", "StackExport", "StackEncrypt", "StackDecrypt", "StackCreate", "StackRename", "StackDelete", "StackCancelUpdate", "StackTransfer", "StackListDeleted", "StackRestoreDeleted", "StackDeploymentCreate", "StackDeploymentRead", "StackDeploymentSettingsWrite", "StackDeploymentSettingsRead", "StackDeploymentSettingsEncrypt", "StackDeploymentCacheRead", "StackWebhookRead", "StackWebhookCreate", "StackWebhookUpdate", "StackWebhookDelete", "StackAccessRead", "StackAccessUpdate", "StackTagsUpdate", "StackAnnotationRead", "StackAnnotationUpdate", "StackScheduleCreate", "StackScheduleUpdate", "StackScheduleRead", "StackScheduleDelete", "StackSchedulePause", "StackScheduleResume", "OrganizationReadUsage", "OrganizationUpdate", "OrganizationRename", "OrganizationDelete", "OrganizationChangeBackend", "OrganizationBilling", "OrganizationPotential", "OrganizationTransferStacks", "SAMLRead", "SAMLUpdate", "AuditLogsRead", "AuditLogsExport", "SCIMRead", "SCIMUpdate", "SCIMDelete", "TagsRead", "OrgIntegrationsRead", "OrgIntegrationsUpdate", "IntegrationsUpdate", "IntegrationsRead", "InvitesRead", "InvitesCreate", "OrgRequestsRead", "OrgRequestsUpdate", "OrgMemberAccessRead", "OrgMemberRead", "OrgMemberDelete", "OrgMemberAdd", "OrgMemberUpdate", "OrgMemberSetAdmin", "OrgTokenRead", "OrgTokenCreate", "OrgTokenDelete", "AuthPoliciesRead", "AuthPoliciesUpdate", "OidcIssuersRead", "OidcIssuersUpdate", "OidcIssuersRegenerateThumbprints", "OidcIssuersCreate", "OidcIssuersDelete", "AgentPoolRead", "AgentPoolCreate", "AgentPoolUpdate", "AgentPoolDelete", "OrganizationWebhookRead", "OrganizationWebhookCreate", "OrganizationWebhookUpdate", "OrganizationWebhookDelete", "ResourcesIndex", "ResourcesSearch", "ResourcesDashboard", "TemplatesRead", "TemplatesSourceRead", "TemplatesSourceUpdate", "TemplatesSourceDelete", "TemplatesSourceCreate", "ServicesCreate", "ServicesRead", "ServicesWrite", "ServicesAdmin", "DeploymentsRead", "DeploymentsPause", "DeploymentsResume", "DeploymentsReadUsage", "OrganizationAnnotationsRead", "OrganizationAnnotationsUpdate", "InsightsPolicyGroupsCreate", "InsightsPolicyGroupsRead", "InsightsPolicyGroupsUpdate", "InsightsPolicyGroupsDelete", "InsightsPolicyPackCreate", "InsightsPolicyPackRead", "InsightsPolicyPackUpdate", "InsightsPolicyPackDelete", "InsightsPolicyResultsRead", "EnvironmentCreate", "EnvironmentList", "EnvironmentRead", "EnvironmentOpen", "EnvironmentWrite", "EnvironmentDelete", "EnvironmentSettingsRead", "EnvironmentSettingsUpdate", "EnvironmentClone", "EnvironmentRotate", "EnvironmentRotateHistory", "EnvironmentListDeleted", "EnvironmentRestoreDeleted", "EnvironmentYamlOpen", "EnvironmentScheduleCreate", "EnvironmentScheduleRead", "EnvironmentScheduleUpdate", "EnvironmentSchedulePause", "EnvironmentScheduleResume", "EnvironmentScheduleDelete", "EnvironmentTagsList", "EnvironmentTagRead", "EnvironmentTagCreate", "EnvironmentTagUpdate", "EnvironmentTagDelete", "EnvironmentVersionCreate", "EnvironmentVersionRead", "EnvironmentVersionUpdate", "EnvironmentVersionDelete", "EnvironmentVersionRetract", "EnvironmentVersionOpen", "EnvironmentWebhookRead", "EnvironmentWebhookCreate", "EnvironmentWebhookUpdate", "EnvironmentWebhookDelete", "EnvironmentAccessRead", "EnvironmentAccessUpdate", "TeamList", "TeamRead", "TeamCreate", "TeamUpdate", "TeamDelete", "TeamCreateToken", "TeamListTokens", "TeamDeleteToken", "GithubTeamCreate", "InsightsAccountList", "InsightsAccountRead", "InsightsAccountCreate", "InsightsAccountUpdate", "InsightsAccountDelete", "InsightsAccountUpdatePolicyResults", "InsightsAccountAccessRead", "InsightsAccountAccessUpdate", "InsightsAccountScan", "InsightsAccountScanRead", "InsightsAccountScanUpdate", "InsightsAccountScanCancel", "InsightsAccountScanPause", "InsightsAccountScanResume", "InsightsPolicyQueueRead", "InsightsPolicyEvaluatorRead", "InsightsPolicyEvaluatorDelete", "InsightsPolicyEvaluatorEnsure", "InsightsPolicyEvaluatorUpdate", "AIConversationsListAll", "AIConversationsRead", "AIConversationsCreate", "AIConversationsUpdate", "RoleCreate", "RoleRead", "RoleUpdate", "RoleDelete", "ChangeGateCreate", "ChangeGateUpdate", "ChangeGateDelete" ], "enumFieldComments": [ "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "OrganizationTransferStacks differs from Stack Transfer as it enables transferring all stacks within the organization, rather than being tied to an individual stack.", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "" ] } } }, "required": [ "permission" ], "type": "object" } ] }, "ApprovalRuleEligibilityInputTeam": { "allOf": [ { "$ref": "#/components/schemas/ApprovalRuleEligibilityInput" }, { "description": "Represents approval rule eligibility input team.", "properties": { "teamName": { "description": "Team name for team eligibility condition", "type": "string", "x-order": 1 } }, "required": [ "teamName" ], "type": "object" } ] }, "ApprovalRuleEligibilityInputUser": { "allOf": [ { "$ref": "#/components/schemas/ApprovalRuleEligibilityInput" }, { "description": "Represents approval rule eligibility input user.", "properties": { "userLogin": { "description": "User login for user eligibility condition", "type": "string", "x-order": 1 } }, "required": [ "userLogin" ], "type": "object" } ] }, "ApprovalRuleEligibilityOutput": { "description": "Output representation of approval rule eligibility - contains full details for API responses", "discriminator": { "mapping": { "has_permission_on_target": "#/components/schemas/ApprovalRuleEligibilityOutputPermission", "specific_user": "#/components/schemas/ApprovalRuleEligibilityOutputUser", "team_member": "#/components/schemas/ApprovalRuleEligibilityOutputTeam" }, "propertyName": "eligibilityType" }, "properties": { "eligibilityType": { "type": "string" } }, "required": [ "eligibilityType" ], "type": "object" }, "ApprovalRuleEligibilityOutputPermission": { "allOf": [ { "$ref": "#/components/schemas/ApprovalRuleEligibilityOutput" }, { "description": "Represents approval rule eligibility output permission.", "properties": { "permission": { "description": "Required permission", "enum": [ "", "stack:list", "project:encrypt", "project:decrypt", "project_annotations:read", "project_annotations:update", "stack:read", "stack:write", "stack:import", "stack:export", "stack:encrypt", "stack:decrypt", "stack:create", "stack:rename", "stack:delete", "stack:cancel_update", "stack:transfer", "stack:list_deleted", "stack:restore_deleted", "stack_deployment:create", "stack_deployment:read", "stack_deployment_settings:write", "stack_deployment_settings:read", "stack_deployment_settings:encrypt", "stack_deployment_cache:read", "stack_webhook:read", "stack_webhook:create", "stack_webhook:update", "stack_webhook:delete", "stack_access:read", "stack_access:update", "stack_tags:update", "stack_annotations:read", "stack_annotations:update", "stack_schedule:create", "stack_schedule:update", "stack_schedule:read", "stack_schedule:delete", "stack_schedule:pause", "stack_schedule:resume", "organization:read_usage", "organization:update", "organization:rename", "organization:delete", "organization:change_backend", "organization:billing", "organization:potential", "organization:transfer_stacks", "saml:read", "saml:update", "audit_logs:read", "audit_logs:export", "scim:read", "scim:update", "scim:delete", "tags:read", "org_integrations:read", "org_integrations:update", "integrations:update", "integrations:read", "invites:read", "invites:create", "org_requests:read", "org_requests:update", "org_member_access:read", "org_member:read", "org_member:delete", "org_member:add", "org_member:update", "org_member:set_admin", "org_token:read", "org_token:create", "org_token:delete", "auth_policies:read", "auth_policies:update", "oidc_issuers:read", "oidc_issuers:update", "oidc_issuers:regenerate_thumbprints", "oidc_issuers:create", "oidc_issuers:delete", "agent_pool:read", "agent_pool:create", "agent_pool:update", "agent_pool:delete", "organization_webhook:read", "organization_webhook:create", "organization_webhook:update", "organization_webhook:delete", "resources:index", "resources:search", "resources:dashboard", "templates:read", "templates_source:read", "templates_source:update", "templates_source:delete", "templates_source:create", "services:create", "services:read", "services:write", "services:admin", "deployments:read", "deployments:pause", "deployments:resume", "deployments:read_usage", "organization_annotations:read", "organization_annotations:update", "policy_groups:create", "policy_groups:read", "policy_groups:update", "policy_groups:delete", "policy_pack:create", "policy_pack:read", "policy_pack:update", "policy_pack:delete", "policy_results:read", "environment:create", "environment:list", "environment:read", "environment:open", "environment:write", "environment:delete", "environment_settings:read", "environment_settings:update", "environment:clone", "environment:rotate", "environment:rotate_history", "environment:list_deleted", "environment:restore_deleted", "environment_yaml:open", "environment_schedule:create", "environment_schedule:read", "environment_schedule:update", "environment_schedule:pause", "environment_schedule:resume", "environment_schedule:delete", "environment_tags:list", "environment_tag:read", "environment_tag:create", "environment_tag:update", "environment_tag:delete", "environment_version:create", "environment_version:read", "environment_version:update", "environment_version:delete", "environment_version:retract", "environment_version:open", "environment_webhook:read", "environment_webhook:create", "environment_webhook:update", "environment_webhook:delete", "environment_access:read", "environment_access:update", "team:list", "team:read", "team:create", "team:update", "team:delete", "team:create_token", "team:list_tokens", "team:delete_token", "github_team:create", "insights_account:list", "insights_account:read", "insights_account:create", "insights_account:update", "insights_account:delete", "insights_account:update_policy_results", "insights_account_access:read", "insights_account_access:update", "insights_account:scan", "insights_account_scan:read", "insights_account_scan:update", "insights_account_scan:cancel", "insights_account_scan:pause", "insights_account_scan:resume", "insights_policy_queue:read", "insights_policy_evaluator:read", "insights_policy_evaluator:delete", "insights_policy_evaluator:ensure", "insights_policy_evaluator:update", "ai_conversations:list_all", "ai_conversations:read", "ai_conversations:create", "ai_conversations:update", "role:create", "role:read", "role:update", "role:delete", "change_gate:create", "change_gate:update", "change_gate:delete" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "RbacPermission", "enumComments": "RbacPermission enumerates the permissions available in the RBAC system.", "enumFieldNames": [ "NoPermission", "StackList", "ProjectEncrypt", "ProjectDecrypt", "ProjectAnnotationRead", "ProjectAnnotationUpdate", "StackRead", "StackWrite", "StackImport", "StackExport", "StackEncrypt", "StackDecrypt", "StackCreate", "StackRename", "StackDelete", "StackCancelUpdate", "StackTransfer", "StackListDeleted", "StackRestoreDeleted", "StackDeploymentCreate", "StackDeploymentRead", "StackDeploymentSettingsWrite", "StackDeploymentSettingsRead", "StackDeploymentSettingsEncrypt", "StackDeploymentCacheRead", "StackWebhookRead", "StackWebhookCreate", "StackWebhookUpdate", "StackWebhookDelete", "StackAccessRead", "StackAccessUpdate", "StackTagsUpdate", "StackAnnotationRead", "StackAnnotationUpdate", "StackScheduleCreate", "StackScheduleUpdate", "StackScheduleRead", "StackScheduleDelete", "StackSchedulePause", "StackScheduleResume", "OrganizationReadUsage", "OrganizationUpdate", "OrganizationRename", "OrganizationDelete", "OrganizationChangeBackend", "OrganizationBilling", "OrganizationPotential", "OrganizationTransferStacks", "SAMLRead", "SAMLUpdate", "AuditLogsRead", "AuditLogsExport", "SCIMRead", "SCIMUpdate", "SCIMDelete", "TagsRead", "OrgIntegrationsRead", "OrgIntegrationsUpdate", "IntegrationsUpdate", "IntegrationsRead", "InvitesRead", "InvitesCreate", "OrgRequestsRead", "OrgRequestsUpdate", "OrgMemberAccessRead", "OrgMemberRead", "OrgMemberDelete", "OrgMemberAdd", "OrgMemberUpdate", "OrgMemberSetAdmin", "OrgTokenRead", "OrgTokenCreate", "OrgTokenDelete", "AuthPoliciesRead", "AuthPoliciesUpdate", "OidcIssuersRead", "OidcIssuersUpdate", "OidcIssuersRegenerateThumbprints", "OidcIssuersCreate", "OidcIssuersDelete", "AgentPoolRead", "AgentPoolCreate", "AgentPoolUpdate", "AgentPoolDelete", "OrganizationWebhookRead", "OrganizationWebhookCreate", "OrganizationWebhookUpdate", "OrganizationWebhookDelete", "ResourcesIndex", "ResourcesSearch", "ResourcesDashboard", "TemplatesRead", "TemplatesSourceRead", "TemplatesSourceUpdate", "TemplatesSourceDelete", "TemplatesSourceCreate", "ServicesCreate", "ServicesRead", "ServicesWrite", "ServicesAdmin", "DeploymentsRead", "DeploymentsPause", "DeploymentsResume", "DeploymentsReadUsage", "OrganizationAnnotationsRead", "OrganizationAnnotationsUpdate", "InsightsPolicyGroupsCreate", "InsightsPolicyGroupsRead", "InsightsPolicyGroupsUpdate", "InsightsPolicyGroupsDelete", "InsightsPolicyPackCreate", "InsightsPolicyPackRead", "InsightsPolicyPackUpdate", "InsightsPolicyPackDelete", "InsightsPolicyResultsRead", "EnvironmentCreate", "EnvironmentList", "EnvironmentRead", "EnvironmentOpen", "EnvironmentWrite", "EnvironmentDelete", "EnvironmentSettingsRead", "EnvironmentSettingsUpdate", "EnvironmentClone", "EnvironmentRotate", "EnvironmentRotateHistory", "EnvironmentListDeleted", "EnvironmentRestoreDeleted", "EnvironmentYamlOpen", "EnvironmentScheduleCreate", "EnvironmentScheduleRead", "EnvironmentScheduleUpdate", "EnvironmentSchedulePause", "EnvironmentScheduleResume", "EnvironmentScheduleDelete", "EnvironmentTagsList", "EnvironmentTagRead", "EnvironmentTagCreate", "EnvironmentTagUpdate", "EnvironmentTagDelete", "EnvironmentVersionCreate", "EnvironmentVersionRead", "EnvironmentVersionUpdate", "EnvironmentVersionDelete", "EnvironmentVersionRetract", "EnvironmentVersionOpen", "EnvironmentWebhookRead", "EnvironmentWebhookCreate", "EnvironmentWebhookUpdate", "EnvironmentWebhookDelete", "EnvironmentAccessRead", "EnvironmentAccessUpdate", "TeamList", "TeamRead", "TeamCreate", "TeamUpdate", "TeamDelete", "TeamCreateToken", "TeamListTokens", "TeamDeleteToken", "GithubTeamCreate", "InsightsAccountList", "InsightsAccountRead", "InsightsAccountCreate", "InsightsAccountUpdate", "InsightsAccountDelete", "InsightsAccountUpdatePolicyResults", "InsightsAccountAccessRead", "InsightsAccountAccessUpdate", "InsightsAccountScan", "InsightsAccountScanRead", "InsightsAccountScanUpdate", "InsightsAccountScanCancel", "InsightsAccountScanPause", "InsightsAccountScanResume", "InsightsPolicyQueueRead", "InsightsPolicyEvaluatorRead", "InsightsPolicyEvaluatorDelete", "InsightsPolicyEvaluatorEnsure", "InsightsPolicyEvaluatorUpdate", "AIConversationsListAll", "AIConversationsRead", "AIConversationsCreate", "AIConversationsUpdate", "RoleCreate", "RoleRead", "RoleUpdate", "RoleDelete", "ChangeGateCreate", "ChangeGateUpdate", "ChangeGateDelete" ], "enumFieldComments": [ "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "OrganizationTransferStacks differs from Stack Transfer as it enables transferring all stacks within the organization, rather than being tied to an individual stack.", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "" ] } } }, "required": [ "permission" ], "type": "object" } ] }, "ApprovalRuleEligibilityOutputTeam": { "allOf": [ { "$ref": "#/components/schemas/ApprovalRuleEligibilityOutput" }, { "description": "Represents approval rule eligibility output team.", "properties": { "displayName": { "description": "Display name", "type": "string", "x-order": 2 }, "name": { "description": "Team name", "type": "string", "x-order": 1 } }, "required": [ "displayName", "name" ], "type": "object" } ] }, "ApprovalRuleEligibilityOutputUser": { "allOf": [ { "$ref": "#/components/schemas/ApprovalRuleEligibilityOutput" }, { "description": "Represents approval rule eligibility output user.", "properties": { "user": { "$ref": "#/components/schemas/UserInfo", "description": "The user", "x-order": 1 } }, "required": [ "user" ], "type": "object" } ] }, "ApproveChangeRequestRequest": { "description": "ApproveChangeRequestRequest is used to approve a change request or a specific revision.", "properties": { "comment": { "description": "Optional note accompanying the approval", "type": "string", "x-order": 2 }, "revisionNumber": { "description": "Which revision to approve.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "revisionNumber" ], "type": "object" }, "ArtifactVersionNameSpec": { "description": "ArtifactVersionNameSpec represents an arbitrary artifact version name for serialization.", "properties": { "name": { "description": "The name", "type": "string", "x-order": 1 }, "publisher": { "description": "The publisher", "type": "string", "x-order": 2 }, "source": { "description": "The source", "type": "string", "x-order": 3 }, "version": { "description": "The version number", "type": "string", "x-order": 4 } }, "required": [ "name", "publisher", "source", "version" ], "type": "object" }, "AuditLogEvent": { "description": "AuditLogEvent represents an AuditLogEvent. It also contains the user who invoked it.", "properties": { "actorName": { "description": "Display name of the non-human actor (e.g. deploy token name) that triggered the event.", "type": "string", "x-order": 11 }, "actorUrn": { "description": "Pulumi URN of the non-human actor that triggered the event.", "type": "string", "x-order": 12 }, "authFailure": { "description": "Whether this event represents a failed authentication attempt.", "type": "boolean", "x-order": 10 }, "description": { "description": "Human-readable description of the event.", "type": "string", "x-order": 4 }, "event": { "description": "The audit event type identifier (e.g. 'stack.update', 'member.added').", "type": "string", "x-order": 3 }, "reqOrgAdmin": { "description": "Whether the action that triggered this event required the organization ADMIN role.", "type": "boolean", "x-order": 8 }, "reqStackAdmin": { "description": "Whether the action required stack admin privileges.", "type": "boolean", "x-order": 9 }, "sourceIP": { "description": "IP address of the client that triggered the event.", "type": "string", "x-order": 2 }, "timestamp": { "description": "Unix epoch timestamp (seconds) when the event occurred.", "format": "int64", "type": "integer", "x-order": 1 }, "tokenID": { "description": "ID of the access token used to authenticate, if applicable.", "type": "string", "x-order": 6 }, "tokenName": { "description": "Name of the access token used to authenticate, if applicable.", "type": "string", "x-order": 7 }, "user": { "$ref": "#/components/schemas/UserInfo", "description": "The user who performed the action.", "x-order": 5 } }, "required": [ "description", "event", "sourceIP", "timestamp", "user" ], "type": "object" }, "AuditLogExportResult": { "description": "AuditLogExportResult is the result of an audit log export or attempt to test access.", "properties": { "message": { "description": "If the last result was successful, message will be \"\".\nAny other value is a user-facing error message.", "type": "string", "x-order": 2 }, "timestamp": { "description": "The timestamp", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "message", "timestamp" ], "type": "object" }, "AuditLogsExportS3Config": { "description": "AuditLogsExportS3Config describes how a Pulumi organization's audit log data can be exported to S3.", "properties": { "iamRoleArn": { "description": "ARN of the IAM role that Pulumi will assume to write to the S3 bucket.", "type": "string", "x-order": 3 }, "s3BucketName": { "description": "Name of the S3 bucket to export audit logs to.", "type": "string", "x-order": 1 }, "s3PathPrefix": { "description": "Optional path prefix within the S3 bucket for exported log files.", "type": "string", "x-order": 2 } }, "required": [ "iamRoleArn", "s3BucketName" ], "type": "object" }, "AuthPolicy": { "description": "Represents auth policy.", "properties": { "created": { "description": "The creation timestamp", "type": "string", "x-order": 3 }, "id": { "description": "The unique identifier", "type": "string", "x-order": 1 }, "modified": { "description": "The last modification timestamp", "type": "string", "x-order": 4 }, "policies": { "description": "List of policies", "items": { "$ref": "#/components/schemas/AuthPolicyDefinition" }, "type": "array", "x-order": 5 }, "version": { "description": "The version number", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "id", "policies", "version" ], "type": "object" }, "AuthPolicyDefinition": { "description": "A single rule within an authentication policy, specifying access decisions for a token type.", "properties": { "authorizedPermissions": { "description": "The set of permissions granted when this rule matches.", "items": { "type": "string" }, "type": "array", "x-order": 7 }, "decision": { "description": "The access decision for matching tokens (e.g. 'allow', 'deny').", "type": "string", "x-order": 1 }, "roleID": { "description": "Role ID filter. When set, this rule only applies to tokens with this role.", "type": "string", "x-order": 6 }, "rules": { "additionalProperties": { "type": "object" }, "description": "Additional rule conditions as key-value pairs.", "type": "object", "x-order": 8 }, "runnerID": { "description": "Runner ID filter. When set, this rule only applies to tokens for this deployment runner.", "type": "string", "x-order": 5 }, "teamName": { "description": "Team name filter. When set, this rule only applies to tokens belonging to this team.", "type": "string", "x-order": 3 }, "tokenType": { "description": "The type of token this rule applies to (e.g. 'personal', 'org', 'team').", "type": "string", "x-order": 2 }, "userLogin": { "description": "User login filter. When set, this rule only applies to tokens belonging to this user.", "type": "string", "x-order": 4 } }, "required": [ "authorizedPermissions", "decision", "rules", "tokenType" ], "type": "object" }, "AuthPolicyUpdateRequest": { "description": "Request body for auth policy update.", "properties": { "policies": { "description": "List of policies", "items": { "$ref": "#/components/schemas/AuthPolicyDefinition" }, "type": "array", "x-order": 1 } }, "required": [ "policies" ], "type": "object" }, "AwsKmsConfig": { "description": "Configuration for using AWS KMS as a secrets encryption provider.", "properties": { "keyArn": { "description": "ARN of the KMS key to use for encrypting/decrypting secrets.", "type": "string", "x-order": 2 }, "roleArn": { "description": "ARN of the IAM role to assume for KMS operations.", "type": "string", "x-order": 1 } }, "required": [ "keyArn", "roleArn" ], "type": "object" }, "AzureDevOpsAccessResponse": { "description": "AzureDevOpsAccessResponse describes the user's Azure DevOps access status for an organization.", "properties": { "availableOrgs": { "description": "The Azure DevOps organizations the user's token can access.", "items": { "$ref": "#/components/schemas/AzureDevOpsOrganization" }, "type": "array", "x-order": 3 }, "hasIntegration": { "description": "Whether the org has an Azure DevOps integration installed.", "type": "boolean", "x-order": 2 }, "hasUserToken": { "description": "Whether the user has an Azure DevOps OAuth or PAT token.", "type": "boolean", "x-order": 1 } }, "required": [ "hasIntegration", "hasUserToken" ], "type": "object" }, "AzureDevOpsAppIntegrationResponse": { "description": "Response containing the Azure DevOps app integration status and configuration for a Pulumi organization.", "properties": { "authUser": { "$ref": "#/components/schemas/User", "description": "The Pulumi user whose Azure DevOps authentication token is being used", "x-order": 5 }, "disableDetailedDiff": { "description": "Whether detailed property-level diffs are disabled for PR comments", "type": "boolean", "x-order": 8 }, "disableNeoSummaries": { "description": "Whether Neo AI summaries are disabled for this integration", "type": "boolean", "x-order": 7 }, "disablePRComments": { "description": "Whether PR comments are disabled for this integration", "type": "boolean", "x-order": 6 }, "installed": { "description": "Does the org have an Azure DevOps app integration configured", "type": "boolean", "x-order": 1 }, "organization": { "$ref": "#/components/schemas/AzureDevOpsOrganization", "description": "Metadata about the Azure DevOps organization linked to the Pulumi organization", "x-order": 3 }, "project": { "$ref": "#/components/schemas/AzureDevOpsProject", "description": "Metadata about the Azure DevOps project linked to the Pulumi organization", "x-order": 4 }, "valid": { "description": "Is the app integration valid", "type": "boolean", "x-order": 2 } }, "required": [ "installed", "valid" ], "type": "object" }, "AzureDevOpsIntegrationDetails": { "description": "AzureDevOpsIntegrationDetails describes a single Azure DevOps integration installation.", "properties": { "disableCodeAccessForReviews": { "description": "Whether code access for AI reviews is disabled for this integration", "type": "boolean", "x-order": 8 }, "disableDetailedDiff": { "description": "Whether detailed property-level diffs are disabled for PR comments", "type": "boolean", "x-order": 7 }, "disableNeoSummaries": { "description": "Whether Neo AI summaries are disabled for this integration", "type": "boolean", "x-order": 6 }, "disablePRComments": { "description": "Whether PR comments are disabled for this integration", "type": "boolean", "x-order": 5 }, "id": { "description": "The Pulumi ID of the Azure DevOps integration.", "type": "string", "x-order": 1 }, "organization": { "$ref": "#/components/schemas/AzureDevOpsOrganization", "description": "Metadata about the Azure DevOps organization.", "x-order": 2 }, "project": { "$ref": "#/components/schemas/AzureDevOpsProject", "description": "Metadata about the Azure DevOps project.", "x-order": 3 }, "valid": { "description": "Whether the integration is currently valid (tokens, hooks, etc.).", "type": "boolean", "x-order": 4 } }, "required": [ "id", "valid" ], "type": "object" }, "AzureDevOpsOrganization": { "description": "Metadata about an Azure DevOps organization, including its name, URL, and permission status.", "properties": { "accountUrl": { "description": "The account URL for the organization (e.g., https://dev.azure.com/myorg)", "type": "string", "x-order": 3 }, "hasRequiredPermissions": { "description": "Whether the current user has the required permissions", "type": "boolean", "x-order": 4 }, "id": { "description": "The unique ID of the organization", "type": "string", "x-order": 1 }, "name": { "description": "The name of the organization", "type": "string", "x-order": 2 } }, "required": [ "name" ], "type": "object" }, "AzureDevOpsProject": { "description": "Metadata about an Azure DevOps project within an organization.", "properties": { "id": { "description": "The unique ID of the project", "type": "string", "x-order": 1 }, "name": { "description": "The name of the project", "type": "string", "x-order": 2 } }, "required": [ "id", "name" ], "type": "object" }, "AzureDevOpsSettingsRequest": { "description": "AzureDevOpsSettingsRequest describes settings for an Azure DevOps integration.", "properties": { "disableDetailedDiff": { "description": "Whether detailed property-level diffs are disabled for PR comments", "type": "boolean", "x-order": 3 }, "disableNeoSummaries": { "description": "Whether Neo AI summaries are disabled for this integration", "type": "boolean", "x-order": 2 }, "disablePRComments": { "description": "Whether PR comments are disabled for this integration", "type": "boolean", "x-order": 1 } }, "type": "object" }, "AzureEnvironmentInfo": { "description": "Azure environment configuration information", "properties": { "environmentName": { "description": "ESC environment name", "type": "string", "x-order": 4 }, "projectName": { "description": "ESC project name", "type": "string", "x-order": 3 }, "roleID": { "description": "Azure role ID", "type": "string", "x-order": 2 }, "subscriptionID": { "description": "Azure subscription ID", "type": "string", "x-order": 1 } }, "required": [ "environmentName", "projectName", "roleID", "subscriptionID" ], "type": "object" }, "AzureOptions": { "description": "Azure provider options", "properties": { "apiName": { "description": "Azure API name identifying which Azure service to target.", "enum": [ "ado", "graph", "arm" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "AzureApiName", "enumComments": "Azure API name identifying which Azure service API to target.", "enumFieldComments": [ "Azure DevOps API", "Microsoft Graph API", "Azure Resource Manager API" ] } }, "tenantId": { "description": "Azure tenant ID", "type": "string", "x-order": 1 } }, "type": "object" }, "AzureSetupRequest": { "description": "Request to setup Azure infrastructure and ESC environments", "properties": { "armSessionId": { "description": "ARM (Azure Resource Manager) OAuth session ID", "type": "string", "x-order": 1 }, "azureEnvironmentInfos": { "description": "List of Azure environment configurations to create", "items": { "$ref": "#/components/schemas/AzureEnvironmentInfo" }, "type": "array", "x-order": 3 }, "graphSessionId": { "description": "Microsoft Graph OAuth session ID", "type": "string", "x-order": 2 } }, "required": [ "armSessionId", "azureEnvironmentInfos", "graphSessionId" ], "type": "object" }, "BaseCreateAccessTokenRequest": { "description": "Request body for base create access token.", "properties": { "description": { "description": "The description", "type": "string", "x-order": 1 }, "expires": { "description": "The expiration time", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "description", "expires" ], "type": "object" }, "BaseUsageRecord": { "description": "Only deploy usage records populate the count field. This struct makes it easier to\nscan non-deploy usage records (with no counts) from the database.", "properties": { "OrgID": { "description": "The org identifier", "type": "string", "x-order": 1 }, "Timestamp": { "description": "The usage timestamp", "format": "int64", "type": "integer", "x-order": 2 }, "UsageRangeEnd": { "description": "The usage range end", "format": "int64", "type": "integer", "x-order": 4 }, "UsageRangeStart": { "description": "The usage range start", "format": "int64", "type": "integer", "x-order": 3 }, "Value": { "description": "The value", "format": "int64", "type": "integer", "x-order": 5 } }, "required": [ "OrgID", "Timestamp", "UsageRangeEnd", "UsageRangeStart", "Value" ], "type": "object" }, "BasicAuth": { "description": "BasicAuth configures git authentication through basic auth —\ni.e. username and password. Both UserName and Password are required.", "properties": { "password": { "$ref": "#/components/schemas/SecretValue", "description": "The password", "x-order": 2 }, "userName": { "$ref": "#/components/schemas/SecretValue", "description": "The user name", "x-order": 1 } }, "required": [ "password", "userName" ], "type": "object" }, "BasicAuthRequest": { "description": "Request body for basic auth.", "properties": { "password": { "$ref": "#/components/schemas/SecretValue", "description": "The password", "x-order": 2 }, "userName": { "$ref": "#/components/schemas/SecretValue", "description": "The user name", "x-order": 1 } }, "type": "object" }, "BitBucketAccessStatusResponse": { "description": "Information about a user's BitBucket access status, including whether they have a valid OAuth token and which workspaces are available.", "properties": { "availableWorkspaces": { "description": "List of BitBucket workspaces available to the user for integration.", "items": { "$ref": "#/components/schemas/BitBucketWorkspace" }, "type": "array", "x-order": 2 }, "hasUserToken": { "description": "Whether the current user has a valid BitBucket OAuth token.", "type": "boolean", "x-order": 1 } }, "required": [ "hasUserToken" ], "type": "object" }, "BitBucketIntegrationDetails": { "description": "Detailed information about a BitBucket VCS integration, including its configuration, authentication method, and validity status.", "properties": { "authType": { "description": "The authentication type used: 'workspace_token', 'user_token', or 'pat'.", "type": "string", "x-order": 8 }, "authUser": { "$ref": "#/components/schemas/User", "description": "The user whose BitBucket OAuth token is being used for authentication, if user-based auth is configured.", "x-order": 9 }, "avatarUrl": { "description": "URL of the BitBucket workspace avatar image.", "type": "string", "x-order": 5 }, "disableDetailedDiff": { "description": "Whether detailed property-level diffs are disabled for PR comments.", "type": "boolean", "x-order": 12 }, "disableNeoSummaries": { "description": "Whether Neo AI summaries are disabled for this integration.", "type": "boolean", "x-order": 11 }, "disablePRComments": { "description": "Whether PR comments are disabled for this integration.", "type": "boolean", "x-order": 10 }, "id": { "description": "Unique identifier for this BitBucket integration.", "type": "string", "x-order": 1 }, "installed": { "description": "Whether this integration is fully installed and operational.", "type": "boolean", "x-order": 6 }, "valid": { "description": "Whether the integration's credentials are currently valid.", "type": "boolean", "x-order": 7 }, "workspaceName": { "description": "Display name of the BitBucket workspace.", "type": "string", "x-order": 4 }, "workspaceSlug": { "description": "The slug (URL-friendly name) of the linked BitBucket workspace.", "type": "string", "x-order": 3 }, "workspaceUuid": { "description": "The UUID of the linked BitBucket workspace.", "type": "string", "x-order": 2 } }, "required": [ "disableDetailedDiff", "disableNeoSummaries", "disablePRComments", "id", "installed", "valid", "workspaceSlug", "workspaceUuid" ], "type": "object" }, "BitBucketSettingsRequest": { "description": "Request body for updating BitBucket integration settings such as PR comment preferences and AI summary options.", "properties": { "disableDetailedDiff": { "description": "If true, disable detailed property-level diffs in PR comments.", "type": "boolean", "x-order": 3 }, "disableNeoSummaries": { "description": "If true, disable Neo AI-generated deployment summaries in PR comments.", "type": "boolean", "x-order": 2 }, "disablePRComments": { "description": "If true, disable automatic PR comments on deployments.", "type": "boolean", "x-order": 1 } }, "type": "object" }, "BitBucketSetupRequest": { "description": "Request body for creating a new BitBucket VCS integration. Specifies the workspace to integrate and the authentication method.", "properties": { "useUserAuth": { "description": "If true, use the current user's BitBucket OAuth token for authentication instead of a workspace access token.", "type": "boolean", "x-order": 3 }, "workspaceAccessToken": { "description": "Optional workspace access token or personal access token (PAT) for authenticating with the BitBucket API. Required if useUserAuth is false.", "type": "string", "x-order": 4 }, "workspaceSlug": { "description": "The slug (URL-friendly name) of the BitBucket workspace.", "type": "string", "x-order": 2 }, "workspaceUuid": { "description": "The UUID of the BitBucket workspace to integrate.", "type": "string", "x-order": 1 } }, "required": [ "workspaceSlug", "workspaceUuid" ], "type": "object" }, "BitBucketWorkspace": { "description": "Represents a BitBucket workspace with its identifying information.", "properties": { "avatarUrl": { "description": "URL of the workspace's avatar image.", "type": "string", "x-order": 4 }, "name": { "description": "The display name of the workspace.", "type": "string", "x-order": 2 }, "slug": { "description": "The URL-friendly slug of the workspace.", "type": "string", "x-order": 3 }, "uuid": { "description": "The unique UUID of the BitBucket workspace.", "type": "string", "x-order": 1 } }, "required": [ "name", "slug", "uuid" ], "type": "object" }, "BulkCreateInsightsAccountFailure": { "description": "Details about a single account that failed to be created during a bulk operation.", "properties": { "error": { "description": "A human-readable error message describing why the account creation failed.", "type": "string", "x-order": 2 }, "name": { "description": "The name of the account that failed to be created.", "type": "string", "x-order": 1 } }, "required": [ "error", "name" ], "type": "object" }, "BulkCreateInsightsAccountItem": { "description": "Definition of a single Insights account to create as part of a bulk operation.", "properties": { "agentPoolID": { "description": "The ID of the agent pool to run account discovery workflows.\nIf not specified, discovery will use the default agent pool.", "type": "string", "x-order": 5 }, "environment": { "description": "Reference to an ESC environment containing provider credentials,\nin the format 'project/environment' with an optional @version suffix.", "type": "string", "x-order": 3 }, "name": { "description": "The name of the account to create. Must be unique within the organization.", "type": "string", "x-order": 1 }, "provider": { "description": "The cloud provider for the account (e.g., aws, gcp, azure-native).", "enum": [ "aws", "gcp", "azure-native", "oci", "kubernetes" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "InsightsAccountProvider", "enumComments": "InsightsAccountProvider is an enum defining the cloud provider for an Insights account.", "enumFieldNames": [ "Aws", "Gcp", "AzureNative", "Oci", "Kubernetes" ], "enumFieldComments": [ "Amazon Web Services provider.", "Google Cloud Platform provider.", "Azure Native provider.", "Oracle Cloud Infrastructure provider.", "Kubernetes provider." ] } }, "providerConfig": { "description": "Provider-specific configuration for the account.", "type": "object", "x-order": 6 }, "scanSchedule": { "description": "Schedule for automated discovery scans (e.g., 'none', 'daily').", "enum": [ "none", "12h", "daily" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "ScanSchedule", "enumComments": "ScanSchedule represents the schedule for automated scans.", "enumFieldNames": [ "None", "TwelveHours", "Daily" ], "enumFieldComments": [ "No automated scanning is configured.", "Scans run automatically every 12 hours.", "Scans run automatically on a daily schedule." ] } } }, "required": [ "environment", "name", "provider" ], "type": "object" }, "BulkCreateInsightsAccountsRequest": { "description": "Request body for creating multiple Insights accounts in a single operation. Each account is created independently; failures for individual accounts do not prevent other accounts from being created.", "properties": { "accounts": { "description": "The list of accounts to create. Each item defines a single Insights account with its provider, ESC environment reference, and optional configuration. Maximum 100 accounts per request.", "items": { "$ref": "#/components/schemas/BulkCreateInsightsAccountItem" }, "type": "array", "x-order": 1 } }, "required": [ "accounts" ], "type": "object" }, "BulkCreateInsightsAccountsResponse": { "description": "Response from a bulk Insights account creation operation. Contains both successfully created accounts and details about any failures.", "properties": { "accounts": { "description": "The list of accounts that were successfully created.", "items": { "$ref": "#/components/schemas/InsightsAccount" }, "type": "array", "x-order": 1 }, "failures": { "description": "The list of accounts that failed to be created, with error details.", "items": { "$ref": "#/components/schemas/BulkCreateInsightsAccountFailure" }, "type": "array", "x-order": 2 } }, "required": [ "accounts", "failures" ], "type": "object" }, "CacheOptions": { "description": "Configuration options for deployment build caching.", "properties": { "enable": { "description": "Whether build caching is enabled for deployments on this stack.", "type": "boolean", "x-order": 1 } }, "required": [ "enable" ], "type": "object" }, "CacheOptionsRequest": { "description": "Request body for updating deployment build cache options.", "properties": { "enable": { "description": "Whether build caching should be enabled for deployments on this stack.", "type": "boolean", "x-order": 1 } }, "type": "object" }, "CacheURLRequest": { "description": "Request body for cache url.", "properties": { "key": { "description": "The key", "type": "string", "x-order": 2 }, "method": { "description": "S3 method of the presigned URL", "type": "string", "x-order": 1 } }, "required": [ "key", "method" ], "type": "object" }, "CacheURLResponse": { "description": "Response body for cache url.", "properties": { "url": { "description": "The URL", "type": "string", "x-order": 1 } }, "required": [ "url" ], "type": "object" }, "ChangeGate": { "description": "A change gate requires that certain actions on an entity are staged via a change request, and established conditions that change request must satisfy to be applied.", "properties": { "enabled": { "description": "Whether the change gate is enabled", "type": "boolean", "x-order": 3 }, "id": { "description": "Unique identifier of the change gate", "type": "string", "x-order": 1 }, "name": { "description": "Name of the change gate", "type": "string", "x-order": 2 }, "rule": { "$ref": "#/components/schemas/ChangeGateRuleOutput", "description": "Rule configuration for the gate", "x-order": 4 }, "target": { "$ref": "#/components/schemas/ChangeGateTargetOutput", "description": "Target configuration for the gate", "x-order": 5 } }, "required": [ "enabled", "id", "name", "rule", "target" ], "type": "object" }, "ChangeGateApprovalRuleEvaluation": { "allOf": [ { "$ref": "#/components/schemas/ChangeGateRuleEvaluation" }, { "description": "Represents change gate approval rule evaluation.", "properties": { "approvers": { "description": "List of users who have approved this gate", "items": { "$ref": "#/components/schemas/UserInfo" }, "type": "array", "x-order": 2 }, "requiredApprovals": { "description": "Number of approvals required for this gate", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "approvers", "requiredApprovals" ], "type": "object" } ] }, "ChangeGateApprovalRuleInput": { "allOf": [ { "$ref": "#/components/schemas/ChangeGateRuleInput" }, { "description": "Configuration for the approval_required change gate rule, which defines how many approvals are needed and who is eligible to approve before a change can proceed.", "properties": { "allowSelfApproval": { "description": "Whether self approval is allowed, (assuming the author matches approver eligibility criteria)", "type": "boolean", "x-order": 2 }, "eligibleApprovers": { "description": "List of eligible approvers", "items": { "$ref": "#/components/schemas/ApprovalRuleEligibilityInput" }, "type": "array", "x-order": 4 }, "numApprovalsRequired": { "description": "Number of approvals required", "format": "int64", "type": "integer", "x-order": 1 }, "requireReapprovalOnChange": { "description": "Whether reapproval is required when the change request is modified", "type": "boolean", "x-order": 3 } }, "required": [ "allowSelfApproval", "eligibleApprovers", "numApprovalsRequired", "requireReapprovalOnChange" ], "type": "object" } ] }, "ChangeGateApprovalRuleOutput": { "allOf": [ { "$ref": "#/components/schemas/ChangeGateRuleOutput" }, { "description": "Represents change gate approval rule output.", "properties": { "allowSelfApproval": { "description": "Whether self approval is allowed", "type": "boolean", "x-order": 2 }, "eligibleApprovers": { "description": "List of eligible approvers", "items": { "$ref": "#/components/schemas/ApprovalRuleEligibilityOutput" }, "type": "array", "x-order": 4 }, "numApprovalsRequired": { "description": "Number of approvals required", "format": "int64", "type": "integer", "x-order": 1 }, "requireReapprovalOnChange": { "description": "Whether reapproval is required when the change request is modified", "type": "boolean", "x-order": 3 } }, "required": [ "allowSelfApproval", "eligibleApprovers", "numApprovalsRequired", "requireReapprovalOnChange" ], "type": "object" } ] }, "ChangeGateEvaluation": { "description": "ChangeGateEvaluation contains the evaluation status of a single change gate", "properties": { "id": { "description": "The unique identifier of the gate", "type": "string", "x-order": 1 }, "name": { "description": "The human-readable name of the gate", "type": "string", "x-order": 2 }, "ruleDetails": { "$ref": "#/components/schemas/ChangeGateRuleEvaluation", "description": "Rule-type-specific evaluation details", "x-order": 4 }, "satisfied": { "description": "Indicates whether this gate's requirements have been met", "type": "boolean", "x-order": 3 } }, "required": [ "id", "name", "ruleDetails", "satisfied" ], "type": "object" }, "ChangeGateRuleEvaluation": { "description": "Represents change gate rule evaluation.", "discriminator": { "mapping": { "approval_required": "#/components/schemas/ChangeGateApprovalRuleEvaluation" }, "propertyName": "ruleType" }, "properties": { "ruleType": { "type": "string" } }, "required": [ "ruleType" ], "type": "object" }, "ChangeGateRuleInput": { "description": "Input specification for change gate rule - contains minimal identifiers for API requests", "discriminator": { "mapping": { "approval_required": "#/components/schemas/ChangeGateApprovalRuleInput" }, "propertyName": "ruleType" }, "properties": { "ruleType": { "type": "string" } }, "required": [ "ruleType" ], "type": "object" }, "ChangeGateRuleOutput": { "description": "Output representation of change gate rule - contains full details for API responses", "discriminator": { "mapping": { "approval_required": "#/components/schemas/ChangeGateApprovalRuleOutput" }, "propertyName": "ruleType" }, "properties": { "ruleType": { "type": "string" } }, "required": [ "ruleType" ], "type": "object" }, "ChangeGateTargetInput": { "description": "Input specification for change gate target - contains minimal identifiers for API requests", "properties": { "actionTypes": { "description": "The action types this gate targets (currently only supports single action)", "items": { "enum": [ "update", "open" ], "type": "string", "x-pulumi-model-property": { "enumTypeName": "ChangeGateTargetActionType", "enumComments": "ChangeGateTargetActionType represents the type of action a gate governs" } }, "type": "array", "x-order": 3 }, "entityType": { "description": "The entity type this gate targets", "enum": [ "environment" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "ChangeGateTargetEntityType", "enumComments": "Represents change gate target entity type." } }, "qualifiedName": { "description": "The qualified name of the entity this gate targets (e.g., 'project/env')", "type": "string", "x-order": 2 } }, "required": [ "actionTypes", "entityType" ], "type": "object" }, "ChangeGateTargetOutput": { "description": "Output representation of change gate target - contains full details for API responses", "properties": { "actionTypes": { "description": "The action types this gate targets", "items": { "enum": [ "update", "open" ], "type": "string", "x-pulumi-model-property": { "enumTypeName": "ChangeGateTargetActionType", "enumComments": "ChangeGateTargetActionType represents the type of action a gate governs" } }, "type": "array", "x-order": 3 }, "entityInfo": { "$ref": "#/components/schemas/TargetEntity", "description": "Populated details about the target entity", "x-order": 4 }, "entityType": { "description": "The entity type this gate targets", "enum": [ "environment" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "ChangeGateTargetEntityType", "enumComments": "Represents change gate target entity type." } }, "qualifiedName": { "description": "The qualified name of the entity this gate targets (e.g., 'project/env')", "type": "string", "x-order": 2 } }, "required": [ "actionTypes", "entityType" ], "type": "object" }, "ChangeRequest": { "description": "Request body for change.", "properties": { "action": { "description": "The type of action this change request will perform", "enum": [ "update", "open" ], "type": "string", "x-order": 8, "x-pulumi-model-property": { "enumTypeName": "ChangeGateTargetActionType", "enumComments": "ChangeGateTargetActionType represents the type of action a gate governs" } }, "createdAt": { "description": "When this change request was created", "format": "date-time", "type": "string", "x-order": 6 }, "createdBy": { "$ref": "#/components/schemas/UserInfo", "description": "The user who created this change request", "x-order": 4 }, "description": { "description": "The description/justification for this change request", "type": "string", "x-order": 5 }, "entity": { "$ref": "#/components/schemas/TargetEntity", "description": "The entity this change request targets", "x-order": 7 }, "id": { "description": "The change request ID", "type": "string", "x-order": 1 }, "latestRevisionNumber": { "description": "The current revision number", "format": "int64", "type": "integer", "x-order": 9 }, "orgID": { "description": "The organization ID", "type": "string", "x-order": 3 }, "status": { "description": "The current status of the change request", "type": "string", "x-order": 2 } }, "required": [ "action", "createdAt", "createdBy", "description", "entity", "id", "latestRevisionNumber", "orgID", "status" ], "type": "object" }, "ChangeRequestApplyResult": { "description": "ChangeRequestApplyResult represents the result of applying a change request.\nIt provides the necessary information for the frontend to navigate to the updated entity.", "properties": { "entityUrl": { "description": "API endpoint for fetching the updated entity", "type": "string", "x-order": 1 }, "message": { "description": "Optional details about the apply operation", "type": "string", "x-order": 2 } }, "required": [ "entityUrl" ], "type": "object" }, "ChangeRequestApprovedEvent": { "allOf": [ { "$ref": "#/components/schemas/ChangeRequestEvent" }, { "description": "ChangeRequestApprovedEvent is logged when a user approves a change request.", "type": "object" } ] }, "ChangeRequestCommentedEvent": { "allOf": [ { "$ref": "#/components/schemas/ChangeRequestEvent" }, { "description": "ChangeRequestCommentedEvent is logged when a user adds a comment.", "type": "object" } ] }, "ChangeRequestDescriptionUpdatedEvent": { "allOf": [ { "$ref": "#/components/schemas/ChangeRequestEvent" }, { "description": "ChangeRequestDescriptionUpdatedEvent is logged when the change request description is updated.", "properties": { "newDescription": { "description": "The new description after the update", "type": "string", "x-order": 2 }, "previousDescription": { "description": "The previous description before the update", "type": "string", "x-order": 1 } }, "required": [ "newDescription", "previousDescription" ], "type": "object" } ] }, "ChangeRequestEvent": { "description": "ChangeRequestEvent represents an entry in the change request's activity log", "discriminator": { "mapping": { "approved_by_user": "#/components/schemas/ChangeRequestApprovedEvent", "commented": "#/components/schemas/ChangeRequestCommentedEvent", "description_updated": "#/components/schemas/ChangeRequestDescriptionUpdatedEvent", "revision_added": "#/components/schemas/ChangeRequestRevisionAddedEvent", "status_changed": "#/components/schemas/ChangeRequestStatusChangedEvent", "unapproved_by_user": "#/components/schemas/ChangeRequestUnapprovedEvent" }, "propertyName": "eventType" }, "properties": { "changeRequestId": { "description": "The change request this event belongs to", "type": "string", "x-order": 3 }, "comment": { "description": "Optional comment associated with this event", "type": "string", "x-order": 7 }, "createdAt": { "description": "When this event occurred", "format": "date-time", "type": "string", "x-order": 6 }, "createdBy": { "$ref": "#/components/schemas/UserInfo", "description": "The user who triggered this event", "x-order": 5 }, "eventType": { "type": "string" }, "id": { "description": "The event ID", "type": "string", "x-order": 1 }, "replacedBy": { "description": "ID of event that replaces this one (for event updates)", "type": "string", "x-order": 2 }, "revisionNumber": { "description": "The revision number that was latest when this event occurred", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "changeRequestId", "createdAt", "createdBy", "id", "revisionNumber", "eventType" ], "type": "object" }, "ChangeRequestGateEvaluation": { "description": "Represents change request gate evaluation.", "properties": { "applicableGates": { "description": "Lists all gates that apply to this change request", "items": { "$ref": "#/components/schemas/ChangeGateEvaluation" }, "type": "array", "x-order": 2 }, "satisfied": { "description": "Indicates if all applicable gates are satisfied and the change request is ready for application", "type": "boolean", "x-order": 1 } }, "required": [ "applicableGates", "satisfied" ], "type": "object" }, "ChangeRequestRef": { "description": "Represents change request ref.", "properties": { "changeRequestId": { "description": "The change request identifier", "type": "string", "x-order": 1 }, "latestRevisionNumber": { "description": "The latest revision number", "format": "int64", "type": "integer", "x-order": 2 } }, "type": "object" }, "ChangeRequestRevisionAddedEvent": { "allOf": [ { "$ref": "#/components/schemas/ChangeRequestEvent" }, { "description": "ChangeRequestRevisionAddedEvent is logged when a new revision is added to a change request.", "type": "object" } ] }, "ChangeRequestStatusChangedEvent": { "allOf": [ { "$ref": "#/components/schemas/ChangeRequestEvent" }, { "description": "ChangeRequestStatusChangedEvent is logged when the change request status changes.", "properties": { "newStatus": { "description": "The status the change request transitioned to", "type": "string", "x-order": 1 }, "previousStatus": { "description": "The status the change request transitioned from", "type": "string", "x-order": 2 }, "reason": { "description": "Why the status changed", "type": "string", "x-order": 3 } }, "required": [ "newStatus", "previousStatus", "reason" ], "type": "object" } ] }, "ChangeRequestUnapprovedEvent": { "allOf": [ { "$ref": "#/components/schemas/ChangeRequestEvent" }, { "description": "ChangeRequestUnapprovedEvent is logged when a user withdraws their approval.", "type": "object" } ] }, "CheckEnvironmentResponse": { "allOf": [ { "$ref": "#/components/schemas/EscEnvironment" }, { "description": "Response body for check environment.", "properties": { "diagnostics": { "description": "List of diagnostics", "items": { "$ref": "#/components/schemas/EnvironmentDiagnostic" }, "type": "array", "x-order": 1 }, "environmentFunctionSummary": { "$ref": "#/components/schemas/EnvironmentFunctionSummary", "description": "The environment function summary", "x-order": 2 } }, "required": [ "environmentFunctionSummary" ], "type": "object" } ] }, "CloneEnvironmentRequest": { "description": "Request body for cloning an ESC environment to a new environment.", "properties": { "name": { "description": "Name for the newly cloned environment.", "type": "string", "x-order": 2 }, "preserveAccess": { "description": "Whether to copy access control settings from the source environment.", "type": "boolean", "x-order": 5 }, "preserveEnvironmentTags": { "description": "Whether to copy environment-level tags from the source environment.", "type": "boolean", "x-order": 6 }, "preserveHistory": { "description": "Whether to copy the revision history from the source environment.", "type": "boolean", "x-order": 4 }, "preserveRevisionTags": { "description": "Whether to copy revision-level tags from the source environment.", "type": "boolean", "x-order": 7 }, "project": { "description": "Target project for the cloned environment. If omitted, uses the source project.", "type": "string", "x-order": 1 }, "version": { "description": "Specific version of the source environment to clone. If omitted, clones the latest version.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "name" ], "type": "object" }, "CloseChangeRequestRequest": { "description": "CloseChangeRequestRequest is used to close a change request without applying it", "properties": { "comment": { "description": "Optional comment explaining why the change request is being closed", "type": "string", "x-order": 1 } }, "type": "object" }, "CloudAccount": { "description": "Cloud account information", "properties": { "id": { "description": "Account/subscription ID", "type": "string", "x-order": 1 }, "name": { "description": "Account/subscription name", "type": "string", "x-order": 2 }, "number": { "description": "Project number (for Azure)", "format": "int64", "type": "integer", "x-order": 4 }, "roles": { "description": "Roles", "items": { "type": "string" }, "type": "array", "x-order": 3 } }, "required": [ "id", "name" ], "type": "object" }, "CloudSetupProvider": { "description": "CloudSetupProvider configuration", "properties": { "azure": { "$ref": "#/components/schemas/AzureOptions", "description": "Azure-specific configuration options", "x-order": 2 }, "name": { "description": "CloudSetupProvider name (e.g., 'azure', 'gcp')", "type": "string", "x-order": 1 } }, "required": [ "name" ], "type": "object" }, "CloudSetupResource": { "description": "A cloud resource that was created or managed during setup", "properties": { "error": { "description": "Error message if the resource operation failed", "type": "string", "x-order": 5 }, "id": { "description": "Unique identifier of the resource", "type": "string", "x-order": 2 }, "name": { "description": "Name of the resource", "type": "string", "x-order": 3 }, "properties": { "additionalProperties": { "type": "string" }, "description": "Additional properties of the resource", "type": "object", "x-order": 6 }, "status": { "description": "Status of the resource operation", "type": "string", "x-order": 4 }, "type": { "description": "Type of the resource", "type": "string", "x-order": 1 } }, "required": [ "id", "name", "status", "type" ], "type": "object" }, "CloudSetupResult": { "description": "Result of a cloud setup operation", "properties": { "message": { "description": "Optional message about the setup operation", "type": "string", "x-order": 3 }, "resources": { "description": "List of resources created or managed during setup", "items": { "$ref": "#/components/schemas/CloudSetupResource" }, "type": "array", "x-order": 2 }, "success": { "description": "Whether the setup operation was successful", "type": "boolean", "x-order": 1 } }, "required": [ "resources", "success" ], "type": "object" }, "CompleteOAuthRequest": { "description": "Request to complete OAuth flow by exchanging authorization code for access token", "properties": { "code": { "description": "Authorization code returned from OAuth provider", "type": "string", "x-order": 3 }, "provider": { "$ref": "#/components/schemas/CloudSetupProvider", "description": "CloudSetupProvider configuration for OAuth authentication", "x-order": 1 }, "sessionID": { "description": "Session identifier from OAuth initiation", "type": "string", "x-order": 2 } }, "required": [ "code", "provider", "sessionID" ], "type": "object" }, "CompleteOAuthResponse": { "description": "Response from OAuth completion", "type": "object" }, "ConsoleUpdateSummary": { "description": "A human readable summary of the update, in the same manner as generated by the CLI via commands such as `pulumi up`.", "properties": { "summary": { "description": "Human-readable text summarizing the update results (resource counts, changes, etc.).", "type": "string", "x-order": 1 } }, "required": [ "summary" ], "type": "object" }, "ConsumptionUsage": { "description": "ConsumptionUsage captures the unit rate and current consumption for a consumption-based product.", "properties": { "consumed": { "additionalProperties": { "format": "int64", "type": "integer" }, "description": "The consumed amount", "type": "object", "x-order": 2 }, "statsV0": { "$ref": "#/components/schemas/ConsumptionUsageStatsV0", "description": "StatsV0 are the usage statistics, and will be populated for graduated-v0 plans.", "x-order": 7 }, "statsV1": { "$ref": "#/components/schemas/ConsumptionUsageStatsV1", "description": "StatsV1 are the usage statistics, and will be populated for graduated-v1 plans.", "x-order": 8 }, "totalConsumed": { "description": "The total consumed", "format": "int64", "type": "integer", "x-order": 1 }, "unitRateGraduatedV0": { "$ref": "#/components/schemas/UnitRateGraduatedV0", "description": "UnitRateGraduatedV0 will be populated for `UnitRateSchemaGraduatedV0` plans.", "x-order": 4 }, "unitRateGraduatedV1": { "$ref": "#/components/schemas/UnitRateGraduatedV1", "description": "UnitRateGraduatedV1 will be populated for `UnitRateSchemaGraduatedV1` plans.", "x-order": 5 }, "unitRateGraduatedV2": { "$ref": "#/components/schemas/UnitRateGraduatedV2", "description": "UnitRateGraduatedV2 will be populated for `UnitRateSchemaGraduatedV2` plans.", "x-order": 6 }, "unitRateSchema": { "description": "UnitRateSchema captures which pricing plan is associated with the product subscription,\nand further indicates which pricing rate structure should be read.", "enum": [ "graduated-v0", "graduated-v1", "graduated-v2" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "UnitRateSchema", "enumComments": "UnitRateSchema describes the pricing schema used for a subscription's unit rate.", "enumFieldNames": [ "GraduatedV0", "GraduatedV1", "GraduatedV2" ], "enumFieldComments": [ "UnitRateSchemaGraduatedV0 is the initial pricing schema that we launched with the advent of our\nGrowth plans. Pricing plan rates are pasred into `UnitRateGraduatedV0`.", "UnitRateSchemaGraduated plans used graduated pricing plans, with plans parsed into\n`UnitRateGraduatedV1`. These plans are introduced starting 2025.", "UnitRateSchemaGraduatedV2 is used for pricing plans where the free tier is handled\nvia credit grants (dollar credits) rather than being baked into the pricing tiers. Rates are parsed into\n`UnitRateGraduatedV2` and contain only paid (on-demand) tiers. The tiers field uses `UnitRateGraduatedTier`\nfor graduated prices with multiple tiers, and a single-element tiers array for per-unit prices with only\none rate tier." ] } } }, "required": [ "consumed", "totalConsumed", "unitRateSchema" ], "type": "object" }, "ConsumptionUsageStatsV0": { "description": "ConsumptionUsageStatsV0 are the usage statistics for a billing family's total usage for graduated-v0 plans.", "properties": { "estimatedOnDemandCost": { "description": "EstimatedOnDemandCost is the estimated cost of the on-demand usage (beyond the free units), in USD cents.", "format": "double", "type": "number", "x-order": 4 }, "estimatedTotalCost": { "description": "EstimatedTotalCost is the estimated total cost of billing family's usage for the current billing cycle, in USD cents.", "format": "double", "type": "number", "x-order": 5 }, "includedUnits": { "description": "IncludedUnits is the number of units included in the subscription.", "format": "int64", "type": "integer", "x-order": 1 }, "isIncludedUnitsFree": { "description": "IsIncludedUnitsFree indicates whether the included units are free of charge.", "type": "boolean", "x-order": 2 }, "onDemandRate": { "description": "OnDemandRate is the on-demand rate for the billing family's total usage, in USD cents per unit.", "format": "double", "type": "number", "x-order": 3 } }, "required": [ "estimatedOnDemandCost", "estimatedTotalCost", "includedUnits", "isIncludedUnitsFree", "onDemandRate" ], "type": "object" }, "ConsumptionUsageStatsV1": { "allOf": [ { "$ref": "#/components/schemas/ConsumptionUsageStatsV0" }, { "description": "ConsumptionUsageStatsV1 are the usage statistics for a billing family's total usage for graduated-v1 plans.\nIt extends ConsumptionUsageStatsV0 with additional fields for effective rate and volume savings.", "properties": { "effectiveRate": { "description": "EffectiveRate is the effective rate for the billing family's total usage, in USD dollar per unit.", "format": "double", "type": "number", "x-order": 1 }, "volumeSavingsPercentage": { "description": "VolumeSavingsAmount is the amount of volume savings for the billing family's total usage, in USD dollar.", "format": "double", "type": "number", "x-order": 2 } }, "required": [ "effectiveRate", "volumeSavingsPercentage" ], "type": "object" } ] }, "Conversation": { "description": "Represents conversation.", "properties": { "created": { "description": "The creation timestamp", "type": "string", "x-order": 2 }, "id": { "description": "The unique identifier", "type": "string", "x-order": 1 }, "summary": { "description": "The summary", "type": "string", "x-order": 4 }, "title": { "description": "The title", "type": "string", "x-order": 3 } }, "required": [ "created", "id", "summary", "title" ], "type": "object" }, "CreateAccessTokenResponse": { "description": "CreateAccessTokenResponse is the shape of the response after creating a token. The ID is an opaque ID that can be used\nin future CRUD operations and the Token is the actual token value (that is presented in the authorization header).", "properties": { "id": { "description": "The unique identifier", "type": "string", "x-order": 1 }, "tokenValue": { "description": "The token value", "type": "string", "x-order": 2 } }, "required": [ "id", "tokenValue" ], "type": "object" }, "CreateAgentTaskRequest": { "description": "Create a new task by sending the first event in the conversation.", "properties": { "approvalMode": { "description": "Optional approval mode override for this task. If omitted, org default is used.", "enum": [ "manual", "auto", "balanced" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "NeoApprovalMode", "enumComments": "NeoApprovalMode represents the default approval mode for Neo AI agent tasks in an organization" } }, "enabledIntegrations": { "description": "Optional list of integrations to enable for this task. Semantics: omitted/null → inherit all org-enabled integrations; empty list → explicit opt-out (no integration credentials for this task); populated list → whitelist of specific integrations by ID. Modeled as an object array rather than a bare string array so multi-instance support (instance_name, scope, etc.) can be added later without a wire break.", "items": { "$ref": "#/components/schemas/AgentTaskIntegrationRef" }, "type": "array", "x-order": 6 }, "message": { "$ref": "#/components/schemas/AgentUserEventMessage", "description": "The message content", "x-order": 1 }, "permissionMode": { "description": "Controls the permission scope for the task. When omitted, defaults to 'default' (the agent uses the creating user's full permissions).", "enum": [ "default", "read-only" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "NeoPermissionMode", "enumComments": "Permission scope for a Neo agent task. Controls the level of access the agent has when acting on behalf of the user.", "enumFieldNames": [ "Default", "ReadOnly" ] } }, "planMode": { "description": "Whether to enable plan mode for this task.", "type": "boolean", "x-order": 3 }, "toolExecutionMode": { "description": "Where tools should be executed. Defaults to 'cloud' if omitted.", "enum": [ "cloud", "cli" ], "type": "string", "x-order": 5, "x-pulumi-model-property": { "enumTypeName": "ToolExecutionMode", "enumComments": "Where tools are executed for an agent task." } } }, "type": "object" }, "CreateAgentTaskResponse": { "description": "Response body for creating an agent task.", "properties": { "taskId": { "description": "The task identifier", "type": "string", "x-order": 1 } }, "required": [ "taskId" ], "type": "object" }, "CreateChangeGateRequest": { "description": "CreateChangeGateRequest represents the request to create a new change gate", "properties": { "enabled": { "description": "Whether the change gate is enabled", "type": "boolean", "x-order": 2 }, "name": { "description": "Name of the change gate", "type": "string", "x-order": 1 }, "rule": { "$ref": "#/components/schemas/ChangeGateRuleInput", "description": "Rule configuration for the gate", "x-order": 3 }, "target": { "$ref": "#/components/schemas/ChangeGateTargetInput", "description": "Target configuration for the gate", "x-order": 4 } }, "required": [ "enabled", "name", "rule", "target" ], "type": "object" }, "CreateConversationRequest": { "description": "Request body for creating a conversation.", "properties": { "conversation_id": { "description": "Unique identifier for the conversation, provided by the client.", "type": "string", "x-order": 1 }, "origin": { "description": "The origin", "type": "string", "x-order": 2 } }, "required": [ "conversation_id" ], "type": "object" }, "CreateDeploymentRequest": { "allOf": [ { "$ref": "#/components/schemas/DeploymentSettingsRequest" }, { "description": "CreateDeploymentRequest defines the request payload that is expected when creating a new deployment.", "properties": { "inheritSettings": { "description": "Whether this deployment should inherit the stack's deployment settings. Defaults to true.", "type": "boolean", "x-order": 2 }, "operation": { "description": "The Pulumi operation to perform.", "enum": [ "update", "preview", "destroy", "refresh", "detect-drift", "remediate-drift" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "PulumiOperation", "enumComments": "PulumiOperation describes what operation to perform on the stack as defined in the Job spec.", "enumFieldNames": [ "Update", "Preview", "Destroy", "Refresh", "DetectDrift", "RemediateDrift" ] } } }, "type": "object" } ] }, "CreateDeploymentResponse": { "description": "CreateDeploymentResponse defines the response given when a new Deployment is created.", "properties": { "consoleUrl": { "description": "The Pulumi Console URL for the deployment.", "type": "string", "x-order": 2 }, "id": { "description": "The generated deployment identifier.", "type": "string", "x-order": 1 }, "version": { "description": "The numerical sequential version for the deployment.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "consoleUrl", "id", "version" ], "type": "object" }, "CreateEnvironmentOpenRequest": { "description": "CreateEnvironmentOpenRequest is used to create an environment open request", "properties": { "accessDurationSeconds": { "description": "Total duration that the resulting grant can be used to access the environment open endpoint (after first open)", "format": "int64", "type": "integer", "x-order": 2 }, "grantExpirationSeconds": { "description": "Time from application of the request until the resulting grant expires", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "accessDurationSeconds", "grantExpirationSeconds" ], "type": "object" }, "CreateEnvironmentOpenRequestResponse": { "description": "Response body for create environment open request.", "properties": { "changeRequests": { "description": "List of change requests", "items": { "$ref": "#/components/schemas/CreateEnvironmentOpenRequestResult" }, "type": "array", "x-order": 1 } }, "required": [ "changeRequests" ], "type": "object" }, "CreateEnvironmentOpenRequestResult": { "description": "Result of create environment open request.", "properties": { "changeRequestId": { "description": "The change request identifier", "type": "string", "x-order": 3 }, "environmentName": { "description": "The environment name", "type": "string", "x-order": 2 }, "etag": { "description": "The entity tag for concurrency control", "type": "string", "x-order": 5 }, "latestRevisionNumber": { "description": "The latest revision number", "format": "int64", "type": "integer", "x-order": 4 }, "projectName": { "description": "The project name", "type": "string", "x-order": 1 } }, "required": [ "changeRequestId", "environmentName", "etag", "latestRevisionNumber", "projectName" ], "type": "object" }, "CreateEnvironmentRequest": { "description": "Request body for create environment.", "properties": { "name": { "description": "The name of the environment.", "type": "string", "x-order": 2 }, "project": { "description": "The project name for the environment.", "type": "string", "x-order": 1 } }, "required": [ "name", "project" ], "type": "object" }, "CreateEnvironmentRevisionTagRequest": { "description": "Request body for create environment revision tag.", "properties": { "name": { "description": "The name", "type": "string", "x-order": 1 }, "revision": { "description": "The revision", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "name" ], "type": "object" }, "CreateEnvironmentScheduleRequest": { "description": "CreateEnvironmentScheduleRequest is an API request model to create all types of environment schedules.", "properties": { "scheduleCron": { "description": "The schedule cron", "type": "string", "x-order": 1 }, "scheduleOnce": { "description": "The schedule once", "format": "date-time", "type": "string", "x-order": 2 }, "secretRotationRequest": { "$ref": "#/components/schemas/CreateEnvironmentSecretRotationScheduleRequest", "description": "The secret rotation request", "x-order": 3 } }, "type": "object" }, "CreateEnvironmentSecretRotationScheduleRequest": { "description": "CreateEnvironmentSecretRotationScheduleRequest defines the request payload that is expected when\ncreating a new environment secret rotation schedule.", "properties": { "environmentPath": { "description": "Environment Path specifies a path to a rotated secret to be updated\nLeave the field blank to rotate ALL rotated secrets in an environment", "type": "string", "x-order": 1 } }, "required": [ "environmentPath" ], "type": "object" }, "CreateEnvironmentTagRequest": { "description": "Request body for create environment tag.", "properties": { "name": { "description": "The name", "type": "string", "x-order": 1 }, "value": { "description": "The value", "type": "string", "x-order": 2 } }, "required": [ "name", "value" ], "type": "object" }, "CreateGitHubTeamRequest": { "description": "CreateGitHubTeamRequest is the request to create a new Pulumi Team backed by a GitHub team.", "properties": { "githubTeamID": { "description": "GitHubTeamID is the GitHub ID of the team to mirror.\nMust be in the same GitHub organization that the Pulumi org is backed by.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "githubTeamID" ], "type": "object" }, "CreateInsightsAccountRequest": { "description": "Request body for creating an Insights account.", "properties": { "agentPoolID": { "description": "The ID of the agent pool to run account discovery workflows.\nIf not specified, discovery will use the default agent pool.", "type": "string", "x-order": 5 }, "cron": { "deprecated": true, "description": "Deprecated: Use scanSchedule instead. Cron expression for scheduling scans.", "type": "string", "x-order": 3 }, "environment": { "description": "Reference to an ESC environment containing provider credentials,\nin the format 'project/environment' with an optional @version suffix.", "type": "string", "x-order": 2 }, "provider": { "description": "The cloud provider for the account (e.g., aws, gcp, azure-native).", "enum": [ "aws", "gcp", "azure-native", "oci", "kubernetes" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "InsightsAccountProvider", "enumComments": "InsightsAccountProvider is an enum defining the cloud provider for an Insights account.", "enumFieldNames": [ "Aws", "Gcp", "AzureNative", "Oci", "Kubernetes" ], "enumFieldComments": [ "Amazon Web Services provider.", "Google Cloud Platform provider.", "Azure Native provider.", "Oracle Cloud Infrastructure provider.", "Kubernetes provider." ] } }, "providerConfig": { "description": "Provider-specific configuration for the account.", "type": "object", "x-order": 6 }, "scanSchedule": { "description": "Schedule for automated discovery scans (e.g., 'none', 'daily').", "enum": [ "none", "12h", "daily" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "ScanSchedule", "enumComments": "ScanSchedule represents the schedule for automated scans.", "enumFieldNames": [ "None", "TwelveHours", "Daily" ], "enumFieldComments": [ "No automated scanning is configured.", "Scans run automatically every 12 hours.", "Scans run automatically on a daily schedule." ] } } }, "required": [ "environment", "provider" ], "type": "object" }, "CreateOrgAccessTokenRequest": { "allOf": [ { "$ref": "#/components/schemas/BaseCreateAccessTokenRequest" }, { "description": "CreateOrgAccessTokenRequest is the accepted request body for creating an organization access token.", "properties": { "admin": { "description": "Whether the entity has admin privileges", "type": "boolean", "x-order": 2 }, "name": { "description": "The name", "type": "string", "x-order": 1 }, "roleID": { "description": "The role identifier", "type": "string", "x-order": 3 } }, "required": [ "admin", "name" ], "type": "object" } ] }, "CreateOrgAgentPoolRequest": { "description": "Request body for create org agent pool.", "properties": { "description": { "description": "The description", "type": "string", "x-order": 2 }, "name": { "description": "The name", "type": "string", "x-order": 1 } }, "required": [ "description", "name" ], "type": "object" }, "CreatePersonalAccessTokenRequest": { "allOf": [ { "$ref": "#/components/schemas/BaseCreateAccessTokenRequest" }, { "description": "CreatePersonalAccessTokenRequest is the accepted request body for creating a personal access token.", "type": "object" } ] }, "CreatePulumiTeamRequest": { "description": "CreatePulumiTeamRequest creates a new Pulumi-backed team.", "properties": { "description": { "description": "The description", "type": "string", "x-order": 3 }, "displayName": { "description": "The display name", "type": "string", "x-order": 2 }, "name": { "description": "The name", "type": "string", "x-order": 1 } }, "required": [ "description", "displayName", "name" ], "type": "object" }, "CreateScheduledDeploymentRequest": { "description": "CreateScheduledDeploymentRequest is the API request for a scheduled deployment.", "properties": { "request": { "$ref": "#/components/schemas/CreateDeploymentRequest", "description": "Deployment request payload to execute when the schedule fires. This has the same shape and semantics as CreateDeploymentRequest used for immediate deployments.", "x-order": 3 }, "scheduleCron": { "description": "Cron expression defining a recurring schedule for this deployment. When set, scheduleOnce must be null. Uses standard 5-field cron syntax (MIN HOUR DOM MON DOW) and is evaluated in UTC.", "type": "string", "x-order": 1 }, "scheduleOnce": { "description": "Single point-in-time schedule for this deployment. When set, scheduleCron must be null. The value must be an ISO 8601 timestamp with timezone.", "format": "date-time", "type": "string", "x-order": 2 } }, "type": "object" }, "CreateScheduledDriftDeploymentRequest": { "description": "CreateScheduledDriftDeploymentRequest is the API request for a scheduled drift deployment.", "properties": { "autoRemediate": { "description": "If true, automatically run a remediation update when drift is detected.", "type": "boolean", "x-order": 2 }, "scheduleCron": { "description": "Cron expression defining when drift detection should run (e.g. '0 */4 * * *' for every 4 hours).", "type": "string", "x-order": 1 } }, "type": "object" }, "CreateScheduledTTLDeploymentRequest": { "description": "CreateScheduledTTLDeploymentRequest is the API request for a ttl scheduled deployment.", "properties": { "deleteAfterDestroy": { "description": "If true, delete the stack from Pulumi Cloud after successfully destroying its resources.", "type": "boolean", "x-order": 2 }, "timestamp": { "description": "When the TTL expires and the stack should be destroyed, in ISO 8601 format.", "format": "date-time", "type": "string", "x-order": 1 } }, "type": "object" }, "CreateServiceRequest": { "description": "Request for creating a new service with an optional list\nof items to populate the service with after creation.", "properties": { "description": { "description": "an optional description of the service", "type": "string", "x-order": 4 }, "items": { "description": "an optional list of items to add during service creation", "items": { "$ref": "#/components/schemas/AddServiceItem" }, "type": "array", "x-order": 5 }, "name": { "description": "the name of the service", "type": "string", "x-order": 3 }, "ownerName": { "description": "the service owner name", "type": "string", "x-order": 2 }, "ownerType": { "description": "the service owner type", "type": "string", "x-order": 1 }, "properties": { "description": "an optional list of properties to set on the service", "items": { "$ref": "#/components/schemas/ServiceProperty" }, "type": "array", "x-order": 6 } }, "required": [ "description", "items", "name", "ownerName", "ownerType", "properties" ], "type": "object" }, "CreateTeamAccessTokenRequest": { "allOf": [ { "$ref": "#/components/schemas/BaseCreateAccessTokenRequest" }, { "description": "CreateTeamAccessTokenRequest is the accepted request body for creating a team access token.", "properties": { "name": { "description": "The name", "type": "string", "x-order": 1 } }, "required": [ "name" ], "type": "object" } ] }, "CustomerManagedKey": { "description": "Represents customer managed key.", "properties": { "awsKms": { "$ref": "#/components/schemas/AwsKmsConfig", "description": "The aws kms", "x-order": 4 }, "id": { "description": "The unique identifier", "type": "string", "x-order": 1 }, "keyType": { "description": "The key type", "enum": [ "aws_kms", "service" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "KeyType", "enumComments": "The type of encryption key used for secrets management. Valid values: 'aws_kms' (AWS KMS), 'service' (Pulumi-managed).", "enumFieldNames": [ "AwsKms", "Service" ] } }, "name": { "description": "The name", "type": "string", "x-order": 2 }, "state": { "description": "The current state", "type": "string", "x-order": 5 } }, "required": [ "id", "keyType", "name" ], "type": "object" }, "CustomerManagedKeyInput": { "description": "Represents customer managed key input.", "properties": { "awsKms": { "$ref": "#/components/schemas/AwsKmsConfig", "description": "The aws kms", "x-order": 3 }, "keyType": { "description": "The key type", "enum": [ "aws_kms", "service" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "KeyType", "enumComments": "The type of encryption key used for secrets management. Valid values: 'aws_kms' (AWS KMS), 'service' (Pulumi-managed).", "enumFieldNames": [ "AwsKms", "Service" ] } }, "name": { "description": "The name", "type": "string", "x-order": 1 } }, "required": [ "keyType", "name" ], "type": "object" }, "DecryptEnvironmentSecretsRequest": { "description": "DecryptEnvironmentSecretsRequest defines the request body for decrypting secret values.", "properties": { "ciphertexts": { "description": "The list of encrypted ciphertext values to decrypt.", "items": { "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "ciphertexts" ], "type": "object" }, "DecryptEnvironmentSecretsResponse": { "description": "DecryptEnvironmentSecretsResponse defines the response body for multiple decrypted values.", "properties": { "plaintexts": { "description": "The list of decrypted plaintext values.", "items": { "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "plaintexts" ], "type": "object" }, "DeletedStack": { "description": "DeletedStack represents a stack that has been deleted, including its metadata and last update information.", "properties": { "deletedAt": { "description": "The Unix timestamp when the stack was deleted.", "format": "int64", "type": "integer", "x-order": 6 }, "id": { "description": "The unique identifier of the deleted stack.", "type": "string", "x-order": 1 }, "lastUpdate": { "$ref": "#/components/schemas/UpdateSummary", "description": "The last update summary for the stack before deletion.", "x-order": 7 }, "programId": { "description": "The program identifier associated with the stack.", "type": "string", "x-order": 2 }, "projectName": { "description": "The name of the project the stack belonged to.", "type": "string", "x-order": 3 }, "stackName": { "description": "The name of the stack.", "type": "string", "x-order": 4 }, "version": { "description": "The version number of the stack.", "format": "int64", "type": "integer", "x-order": 5 } }, "required": [ "deletedAt", "id", "lastUpdate", "programId", "projectName", "stackName", "version" ], "type": "object" }, "DeploymentAgentMetadata": { "description": "DeploymentAgentMetadata contains metadata about a deployment agent, including version, platform, and connectivity information.", "properties": { "hostname": { "description": "The hostname of the machine running the agent.", "type": "string", "x-order": 3 }, "ip": { "description": "The IP address of the agent.", "type": "string", "x-order": 4 }, "lastSeen": { "description": "The Unix timestamp when the agent was last seen.", "format": "int64", "type": "integer", "x-order": 6 }, "pid": { "description": "The process ID of the agent.", "type": "string", "x-order": 5 }, "platform": { "description": "The platform the agent is running on.", "type": "string", "x-order": 2 }, "status": { "description": "The current status of the deployment agent.", "enum": [ "online", "offline" ], "type": "string", "x-order": 7, "x-pulumi-model-property": { "enumTypeName": "DeploymentAgentStatus", "enumComments": "DeploymentAgentStatus is an enum representing the online/offline status of a deployment agent." } }, "version": { "description": "The version of the deployment agent.", "type": "string", "x-order": 1 } }, "required": [ "hostname", "ip", "lastSeen", "pid", "platform", "status", "version" ], "type": "object" }, "DeploymentConfiguration": { "description": "DeploymentConfiguration contains the configuration for a deployment, including environment variables and source settings.", "properties": { "environmentVariables": { "description": "The list of environment variables for the deployment.", "items": { "$ref": "#/components/schemas/EnvironmentVariable" }, "type": "array", "x-order": 1 }, "source": { "$ref": "#/components/schemas/DeploymentSource", "description": "The source configuration for the deployment.", "x-order": 2 } }, "required": [ "environmentVariables" ], "type": "object" }, "DeploymentCounts": { "description": "DeploymentCounts contains the count of deployments in each status category.", "properties": { "accepted": { "description": "The number of deployments that have been accepted.", "format": "int64", "type": "integer", "x-order": 2 }, "failed": { "description": "The number of deployments that have failed.", "format": "int64", "type": "integer", "x-order": 4 }, "notStarted": { "description": "The number of deployments that have not started.", "format": "int64", "type": "integer", "x-order": 1 }, "running": { "description": "The number of deployments currently running.", "format": "int64", "type": "integer", "x-order": 3 }, "skipped": { "description": "The number of deployments that have been skipped.", "format": "int64", "type": "integer", "x-order": 6 }, "succeeded": { "description": "The number of deployments that have succeeded.", "format": "int64", "type": "integer", "x-order": 5 }, "total": { "description": "The total number of deployments.", "format": "int64", "type": "integer", "x-order": 7 } }, "required": [ "accepted", "failed", "notStarted", "running", "skipped", "succeeded", "total" ], "type": "object" }, "DeploymentJob": { "description": "DeploymentJob represents a deployment job with its status, timing, and step information.", "properties": { "lastUpdated": { "description": "The timestamp when the job was last updated.", "format": "date-time", "type": "string", "x-order": 3 }, "started": { "description": "The timestamp when the job started.", "format": "date-time", "type": "string", "x-order": 2 }, "status": { "description": "The current status of the deployment job.", "enum": [ "not-started", "accepted", "running", "failed", "succeeded", "skipped" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "JobStatus", "enumComments": "JobStatus describes the status of a job run.", "enumFieldNames": [ "NotStarted", "Accepted", "Running", "Failed", "Succeeded", "Skipped" ], "enumFieldComments": [ "JobStatusNotStarted indicates that a job has not yet started.", "JobStatusAccepted indicates that a job has been accepted for execution, but is not yet running.", "JobStatusRunning indicates that a job is running.", "JobStatusFailed indicates that a job has failed.", "JobStatusSucceeded indicates that a job has succeeded.", "JobStatusSkipped indicates that a job has skipped as there are fresher deployments to execute in the queue." ] } }, "steps": { "description": "The list of steps in the deployment job.", "items": { "$ref": "#/components/schemas/StepRun" }, "type": "array", "x-order": 4 } }, "required": [ "status", "steps" ], "type": "object" }, "DeploymentLogLine": { "description": "DeploymentLogLine contains a log line associated with a deployment.", "properties": { "header": { "description": "The header for the line, if any. When present, this field should be printed prior to the line. The header\ncontains information about the step, and is generally used to indicate when a new step has started.", "type": "string", "x-order": 1 }, "line": { "description": "The line itself.", "type": "string", "x-order": 3 }, "timestamp": { "description": "The time at which the line was written.", "format": "date-time", "type": "string", "x-order": 2 } }, "type": "object" }, "DeploymentLogs": { "allOf": [ { "$ref": "#/components/schemas/DeploymentLogsBase" }, { "description": "DeploymentLogs contains log lines for a deployment. This is returned by the \"deployment logs\" API.", "properties": { "lines": { "description": "The log lines.", "items": { "$ref": "#/components/schemas/DeploymentLogLine" }, "type": "array", "x-order": 1 }, "nextToken": { "description": "The continuation token to pass to the next request. When empty, there are no more logs for the deployment.", "type": "string", "x-order": 2 } }, "type": "object" } ] }, "DeploymentLogsBase": { "description": "DeploymentLogsBase is the base type for deployment log responses, discriminated by type.", "discriminator": { "mapping": { "DeploymentLogs": "#/components/schemas/DeploymentLogs", "DeploymentLogsStep": "#/components/schemas/DeploymentLogsStep" }, "propertyName": "__type" }, "properties": { "__type": { "type": "string" } }, "required": [ "__type" ], "type": "object" }, "DeploymentLogsStep": { "allOf": [ { "$ref": "#/components/schemas/DeploymentLogsBase" }, { "description": "DeploymentLogsStep contains log lines for a deployment step. This is returned by the \"step logs\" API.", "properties": { "lines": { "description": "The step's log lines.", "items": { "$ref": "#/components/schemas/DeploymentStepLogLine" }, "type": "array", "x-order": 2 }, "name": { "description": "The name of the step.", "type": "string", "x-order": 1 }, "nextOffset": { "description": "The next offset at which to fetch lines. When this field is nil, there are no more lines to fetch.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "lines" ], "type": "object" } ] }, "DeploymentNestedUpdate": { "description": "DeploymentNestedUpdate represents an update that is nested within a deployment, including its status and metadata.", "properties": { "endTime": { "description": "The Unix timestamp when the update ended.", "format": "int64", "type": "integer", "x-order": 5 }, "environment": { "additionalProperties": { "type": "string" }, "description": "The environment variables associated with the update.", "type": "object", "x-order": 9 }, "id": { "description": "Unique identifier for this update.", "type": "string", "x-order": 1 }, "kind": { "description": "The kind of update operation.", "enum": [ "update", "preview", "refresh", "rename", "destroy", "import", "Pupdate", "Prefresh", "Pdestroy", "Pimport", "Prename" ], "type": "string", "x-order": 7, "x-pulumi-model-property": { "enumTypeName": "AppUpdateKind", "enumComments": "UpdateKind is an enum for the type of update performed.\nShould generally mirror backend.UpdateKind, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "enumFieldNames": [ "Update", "Preview", "Refresh", "Rename", "Destroy", "Import", "PreviewUpdate", "PreviewRefresh", "PreviewDestroy", "PreviewImport", "PreviewRename" ], "enumFieldComments": [ "A Pulumi program update.", "A preview of an update, without impacting resources.", "A refresh operation.", "A rename of the stack or project name.\nNOTE: Do not remove this type - it is used by Pulumi Cloud code.", "An update which removes all resources.", "An update that entails importing a raw checkpoint file.", "A preview of an update operation.", "A preview of a refresh operation.", "A preview of a destroy operation.", "A preview of an import operation.", "A preview of a rename operation." ] } }, "message": { "description": "A message associated with the update.", "type": "string", "x-order": 8 }, "result": { "description": "The result of the update operation.", "enum": [ "not-started", "in-progress", "succeeded", "failed" ], "type": "string", "x-order": 6, "x-pulumi-model-property": { "enumTypeName": "AppUpdateResult", "enumComments": "UpdateResult is an enum for the result of the update.\nShould generally mirror backend.UpdateResult, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "enumFieldNames": [ "NotStarted", "InProgress", "Succeeded", "Failed" ], "enumFieldComments": [ "The update has not started.", "The update has not yet completed.", "The update completed successfully.", "The update has failed." ] } }, "startTime": { "description": "The Unix timestamp when the update started.", "format": "int64", "type": "integer", "x-order": 4 }, "updateID": { "description": "Identifier of the underlying Pulumi CLI update operation.", "type": "string", "x-order": 2 }, "version": { "description": "The version number of the update.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "endTime", "environment", "id", "kind", "message", "result", "startTime", "updateID", "version" ], "type": "object" }, "DeploymentRole": { "description": "DeploymentRole represents a role used for Pulumi Deployments access control.", "properties": { "defaultIdentifier": { "description": "The default identifier associated with this role.", "type": "string", "x-order": 3 }, "id": { "description": "The unique identifier of the deployment role.", "type": "string", "x-order": 1 }, "name": { "description": "The name of the deployment role.", "type": "string", "x-order": 2 } }, "required": [ "id" ], "type": "object" }, "DeploymentRoleRequest": { "description": "DeploymentRoleRequest represents a request to create or update a deployment role.", "properties": { "defaultIdentifier": { "description": "The default identifier to assign to this role.", "type": "string", "x-order": 3 }, "id": { "description": "The unique identifier of the deployment role.", "type": "string", "x-order": 1 }, "name": { "description": "The name of the deployment role.", "type": "string", "x-order": 2 } }, "type": "object" }, "DeploymentSettings": { "description": "DeploymentSettings contains the configuration settings for Pulumi Deployments on a stack.", "properties": { "agentPoolID": { "description": "The identifier of the agent pool to use for deployments.", "type": "string", "x-order": 9 }, "cacheOptions": { "$ref": "#/components/schemas/CacheOptions", "description": "Cache options for the deployment.", "x-order": 10 }, "executorContext": { "$ref": "#/components/schemas/ExecutorContext", "description": "The executor context defining the execution environment.", "x-order": 3 }, "gitHub": { "$ref": "#/components/schemas/DeploymentSettingsGitHub", "description": "GitHub-specific deployment settings", "x-order": 5 }, "operationContext": { "$ref": "#/components/schemas/OperationContext", "description": "The operation context defining pre-run and post-run commands and environment variables.", "x-order": 7 }, "source": { "description": "The source from which the deployment settings were created.", "enum": [ "console", "api", "provider", "github-review-stack", "azure-devops-review-stack", "gitlab-review-stack", "bitbucket-review-stack", "github-gitops" ], "type": "string", "x-order": 8, "x-pulumi-model-property": { "enumTypeName": "DeploymentSettingsSource", "enumComments": "DeploymentSettingsSource is an enum indicating the source from which deployment settings were configured.", "enumFieldNames": [ "Console", "API", "Provider", "GitHubReviewStack", "AzureDevOpsReviewStack", "GitLabReviewStack", "BitBucketReviewStack", "GitHubGitOps" ] } }, "sourceContext": { "$ref": "#/components/schemas/SourceContext", "description": "The source context defining where the source code is located.", "x-order": 4 }, "tag": { "description": "A tag to identify the deployment settings configuration.", "type": "string", "x-order": 2 }, "vcs": { "$ref": "#/components/schemas/DeploymentSettingsVCS", "description": "VCS provider settings", "x-order": 6 }, "version": { "description": "The version of the deployment settings.", "format": "int64", "type": "integer", "x-order": 1 } }, "type": "object" }, "DeploymentSettingsGitHub": { "description": "DeploymentSettingsGitHub contains GitHub-specific configuration for Pulumi Deployments.", "properties": { "deployCommits": { "description": "Whether to automatically deploy commits pushed to the target branch.", "type": "boolean", "x-order": 3 }, "deployPullRequest": { "description": "The pull request number to deploy, if targeting a specific pull request.", "format": "int64", "type": "integer", "x-order": 5 }, "installationId": { "description": "The GitHub App installation ID.", "type": "string", "x-order": 7 }, "paths": { "description": "The list of file paths to filter deployment triggers.", "items": { "type": "string" }, "type": "array", "x-order": 6 }, "previewPullRequests": { "description": "Whether to automatically preview pull requests.", "type": "boolean", "x-order": 4 }, "pullRequestTemplate": { "description": "Whether to use a pull request template for deployment previews.", "type": "boolean", "x-order": 2 }, "repository": { "description": "The GitHub repository in the format owner/repo.", "type": "string", "x-order": 1 } }, "type": "object" }, "DeploymentSettingsGitHubRequest": { "description": "DeploymentSettingsGitHubRequest is the request body for updating GitHub-specific deployment settings.", "properties": { "deployCommits": { "description": "Whether to automatically deploy commits pushed to the target branch.", "type": "boolean", "x-order": 2 }, "deployPullRequest": { "description": "The pull request number to deploy, if targeting a specific pull request.", "format": "int64", "type": "integer", "x-order": 5 }, "installationId": { "description": "The GitHub App installation ID.", "type": "string", "x-order": 7 }, "paths": { "description": "The list of file paths to filter deployment triggers.", "items": { "type": "string" }, "type": "array", "x-order": 6 }, "previewPullRequests": { "description": "Whether to automatically preview pull requests.", "type": "boolean", "x-order": 3 }, "pullRequestTemplate": { "description": "Whether to use a pull request template for deployment previews.", "type": "boolean", "x-order": 4 }, "repository": { "description": "The GitHub repository in the format owner/repo.", "type": "string", "x-order": 1 } }, "required": [ "pullRequestTemplate" ], "type": "object" }, "DeploymentSettingsRequest": { "description": "DeploymentSettingsRequest is the request body for creating or updating deployment settings.", "properties": { "agentPoolID": { "description": "The identifier of the agent pool to use for deployments.", "type": "string", "x-order": 7 }, "cacheOptions": { "$ref": "#/components/schemas/CacheOptionsRequest", "description": "Cache options for the deployment.", "x-order": 8 }, "executorContext": { "$ref": "#/components/schemas/ExecutorSettingsRequest", "description": "The executor context defining the execution environment.", "x-order": 2 }, "gitHub": { "$ref": "#/components/schemas/DeploymentSettingsGitHubRequest", "description": "GitHub-specific deployment settings", "x-order": 4 }, "operationContext": { "$ref": "#/components/schemas/OperationContextRequest", "description": "The operation context defining pre-run and post-run commands and environment variables.", "x-order": 6 }, "sourceContext": { "$ref": "#/components/schemas/SourceContextRequest", "description": "The source context defining where the source code is located.", "x-order": 3 }, "tag": { "description": "A tag to identify the deployment settings configuration.", "type": "string", "x-order": 1 }, "vcs": { "$ref": "#/components/schemas/DeploymentSettingsVCS", "description": "VCS provider settings", "x-order": 5 } }, "type": "object" }, "DeploymentSettingsVCS": { "description": "DeploymentSettingsVCS contains VCS provider deployment settings.", "discriminator": { "mapping": { "azure_devops": "#/components/schemas/DeploymentSettingsVCSAzureDevOps", "bitbucket": "#/components/schemas/DeploymentSettingsVCSBitbucket", "generic": "#/components/schemas/DeploymentSettingsVCSGeneric", "github": "#/components/schemas/DeploymentSettingsVCSGitHub", "gitlab": "#/components/schemas/DeploymentSettingsVCSGitLab" }, "propertyName": "provider" }, "properties": { "deployCommits": { "description": "Whether to deploy all commits to the default branch", "type": "boolean", "x-order": 2 }, "deployPullRequest": { "description": "Specific pull request number to deploy (overrides automatic deployment)", "format": "int64", "type": "integer", "x-order": 7 }, "installationId": { "description": "VCS installation/integration ID linking to the VCS provider", "type": "string", "x-order": 4 }, "paths": { "description": "Paths within the repository that trigger deployments when changed", "items": { "type": "string" }, "type": "array", "x-order": 3 }, "previewPullRequests": { "description": "Whether to create preview deployments for pull requests", "type": "boolean", "x-order": 6 }, "provider": { "type": "string" }, "pullRequestTemplate": { "description": "Whether to use pull request templates for deployment PRs", "type": "boolean", "x-order": 5 }, "repository": { "description": "The VCS repository reference (format varies by provider)", "type": "string", "x-order": 1 } }, "required": [ "provider" ], "type": "object" }, "DeploymentSettingsVCSAzureDevOps": { "allOf": [ { "$ref": "#/components/schemas/DeploymentSettingsVCS" }, { "description": "Azure DevOps-specific VCS deployment settings.", "type": "object" } ] }, "DeploymentSettingsVCSBitbucket": { "allOf": [ { "$ref": "#/components/schemas/DeploymentSettingsVCS" }, { "description": "Bitbucket-specific VCS deployment settings.", "type": "object" } ] }, "DeploymentSettingsVCSGeneric": { "allOf": [ { "$ref": "#/components/schemas/DeploymentSettingsVCS" }, { "description": "Generic VCS deployment settings for user-managed version control systems.", "type": "object" } ] }, "DeploymentSettingsVCSGitHub": { "allOf": [ { "$ref": "#/components/schemas/DeploymentSettingsVCS" }, { "description": "GitHub-specific VCS deployment settings.", "type": "object" } ] }, "DeploymentSettingsVCSGitLab": { "allOf": [ { "$ref": "#/components/schemas/DeploymentSettingsVCS" }, { "description": "GitLab-specific VCS deployment settings.", "type": "object" } ] }, "DeploymentSource": { "description": "DeploymentSource describes the source of a deployment, which may be a Git repository or a template.", "properties": { "git": { "$ref": "#/components/schemas/DeploymentSourceGit", "description": "The Git source configuration for the deployment.", "x-order": 1 }, "template": { "$ref": "#/components/schemas/DeploymentSourceTemplate", "description": "The template source configuration for the deployment.", "x-order": 2 } }, "type": "object" }, "DeploymentSourceGit": { "description": "DeploymentSourceGit is like SourceContextGit but does not include the Auth data as we don't want to include that\nin our deployment response.", "properties": { "branch": { "description": "The branch to deploy from.", "type": "string", "x-order": 2 }, "commit": { "description": "(optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This\nis mutually exclusive with the Branch setting. Either value needs to be specified.", "type": "string", "x-order": 4 }, "repoDir": { "description": "RepoDir is the directory to work from in the project's source repository\nwhere Pulumi.yaml is located. It is used in case Pulumi.yaml is not\nin the project source root.", "type": "string", "x-order": 3 }, "repoURL": { "description": "The URL of the Git repository.", "type": "string", "x-order": 1 } }, "required": [ "repoURL" ], "type": "object" }, "DeploymentSourceTemplate": { "description": "DeploymentSourceTemplate is like SourceContextTemplate but does not include the Auth data as we don't want to\ninclude that in the deployment response.", "properties": { "sourceUrl": { "description": "The URL of the template source. Supports two URL schemes:\n\n**Registry-backed templates** use the `registry://` scheme with the format:\n`registry://templates/source/publisher/name[@version]`\n\n- `source`: The template source identifier (e.g., the registry source name)\n- `publisher`: The organization or user that published the template\n- `name`: The template name\n- `version`: Optional semver version (e.g., `1.0.0`). If omitted, defaults to the latest version\n\nExample: `registry://templates/pulumi/acme-corp/aws-vpc@2.1.0`\n\n**VCS-backed templates** use standard VCS URLs (GitHub, GitLab, Azure DevOps, etc.):\n`https://github.com/org/repo`", "type": "string", "x-order": 1 } }, "required": [ "sourceUrl" ], "type": "object" }, "DeploymentStepLogLine": { "description": "DeploymentStepLogLine is a line in the logs for a deployment step.", "properties": { "line": { "description": "The line itself.", "type": "string", "x-order": 2 }, "timestamp": { "description": "The time at which the line was written.", "format": "date-time", "type": "string", "x-order": 1 } }, "required": [ "line", "timestamp" ], "type": "object" }, "DeploymentWithRelatedUpdates": { "allOf": [ { "$ref": "#/components/schemas/GetDeploymentResponse" }, { "description": "DeploymentWithRelatedUpdates extends the deployment response with a list of related updates.", "properties": { "updates": { "description": "The list of updates related to this deployment.", "items": { "$ref": "#/components/schemas/UpdateInfo" }, "type": "array", "x-order": 1 } }, "required": [ "updates" ], "type": "object" } ] }, "DisableCustomerManagedKeyRequest": { "description": "DisableCustomerManagedKeyRequest is the request body for disabling a customer-managed encryption key.", "properties": { "destID": { "description": "The destination identifier for the customer-managed key to disable.", "type": "string", "x-order": 1 } }, "required": [ "destID" ], "type": "object" }, "DiscoveredProject": { "description": "A discovered project containing cloud infrastructure stacks", "properties": { "name": { "description": "The discovered project name.", "type": "string", "x-order": 2 }, "orgName": { "description": "The organization name.", "type": "string", "x-order": 1 }, "stacks": { "description": "The discovered stacks belonging to this project.", "items": { "$ref": "#/components/schemas/DiscoveredStack" }, "type": "array", "x-order": 3 } }, "required": [ "name", "orgName", "stacks" ], "type": "object" }, "DiscoveredResourceInfo": { "description": "A discovered resource with its indexed search representation.", "properties": { "annotation": { "$ref": "#/components/schemas/ResourceMigrationAnnotation", "description": "User-created migration annotation, if any.", "x-order": 8 }, "managedBy": { "description": "The orchestrator or tool that manages this resource (e.g. 'CloudFormation', 'ARM', 'Pulumi').", "type": "string", "x-order": 4 }, "migrationStatus": { "description": "Migration status of the resource relative to the comparison stack.", "enum": [ "Migrated", "PulumiOnly", "Ready", "Pending", "Unmapped", "NotApplicable" ], "type": "string", "x-order": 7, "x-pulumi-model-property": { "enumTypeName": "MigrationStatus", "enumComments": "Migration status of a discovered resource relative to a comparison Pulumi stack. Migrated and PulumiOnly are only possible when the compareTo parameter is provided.", "enumFieldComments": [ "Resource identity match found in the comparison stack.", "Resource exists only in the comparison Pulumi stack.", "Mapped to a Pulumi type with virtual state available.", "Mapped to a Pulumi type but no virtual state yet.", "No Pulumi type mapping exists for this resource.", "Migration status is not applicable (e.g. stack or deployment containers)." ] } }, "name": { "description": "A human-friendly resource name derived from the cloud provider", "type": "string", "x-order": 2 }, "originType": { "description": "The native cloud resource type (e.g. 'AWS::S3::Bucket', 'Microsoft.Storage/storageAccounts').", "type": "string", "x-order": 3 }, "providerType": { "description": "The mapped Pulumi provider type token (e.g. 'aws:s3/bucket:Bucket'). Omitted when the resource has not been mapped to a Pulumi type.", "type": "string", "x-order": 5 }, "resource": { "$ref": "#/components/schemas/Resource", "description": "The resource, using the same shape as regular stack resources.", "x-order": 1 }, "virtualState": { "additionalProperties": { "type": "object" }, "description": "The Pulumi-compatible state, if available.", "type": "object", "x-order": 6 } }, "required": [ "resource" ], "type": "object" }, "DiscoveredStack": { "description": "A discovered cloud infrastructure stack from an Insights scan, representing a single Discovered Stack with is_discovered=true.", "properties": { "id": { "description": "The Discovered Stack ID.", "type": "string", "x-order": 1 }, "lastScanTime": { "description": "Unix epoch timestamp (seconds) of the last scan. Omitted if never scanned.", "format": "int64", "type": "integer", "x-order": 6 }, "name": { "description": "The stack name.", "type": "string", "x-order": 2 }, "provider": { "description": "The cloud provider package (e.g. 'aws-cloudformation', 'azure-arm').", "type": "string", "x-order": 4 }, "resourceCount": { "description": "Number of cloud resources discovered in this stack.", "format": "int32", "type": "integer", "x-order": 3 }, "tags": { "additionalProperties": { "type": "string" }, "description": "User-defined tags associated with the discovered stack.", "type": "object", "x-order": 5 } }, "required": [ "id", "name", "provider", "resourceCount" ], "type": "object" }, "DockerImage": { "description": "A DockerImage describes a Docker image reference + optional credentials for use with aa job definition.", "properties": { "credentials": { "$ref": "#/components/schemas/DockerImageCredentials", "description": "The credentials needed to pull the Docker image.", "x-order": 3 }, "isDefault": { "description": "IsDefault indicates to the workflow runner that it should use its build-in default image if available\nand ignore the specified reference.", "type": "boolean", "x-order": 2 }, "reference": { "description": "The Docker image reference (e.g. registry/image:tag).", "type": "string", "x-order": 1 } }, "required": [ "reference" ], "type": "object" }, "DockerImageCredentials": { "description": "DockerImageCredentials describes the credentials needed to access a Docker repository.", "properties": { "password": { "$ref": "#/components/schemas/SecretValue", "description": "The password for authenticating with the Docker registry.", "x-order": 2 }, "username": { "description": "The username for authenticating with the Docker registry.", "type": "string", "x-order": 1 } }, "required": [ "password", "username" ], "type": "object" }, "DockerImageCredentialsRequest": { "description": "DockerImageCredentialsRequest is the request body for specifying Docker registry credentials.", "properties": { "password": { "$ref": "#/components/schemas/SecretValue", "description": "The password for authenticating with the Docker registry.", "x-order": 2 }, "username": { "description": "The username for authenticating with the Docker registry.", "type": "string", "x-order": 1 } }, "type": "object" }, "DockerImageRequest": { "description": "DockerImageRequest is the request body for specifying a Docker image and its credentials.", "properties": { "credentials": { "$ref": "#/components/schemas/DockerImageCredentialsRequest", "description": "The credentials needed to pull the Docker image.", "x-order": 2 }, "reference": { "description": "The Docker image reference (e.g. registry/image:tag).", "type": "string", "x-order": 1 } }, "type": "object" }, "DriftRun": { "description": "DriftRun represents a drift detection run, including whether drift was detected and any associated updates.", "properties": { "created": { "description": "The timestamp when the drift run was created.", "type": "string", "x-order": 3 }, "deploymentId": { "description": "The deployment identifier associated with the drift run.", "type": "string", "x-order": 5 }, "deploymentVersion": { "description": "The deployment version associated with the drift run.", "format": "int64", "type": "integer", "x-order": 6 }, "detectUpdate": { "$ref": "#/components/schemas/DriftRunUpdate", "description": "The update that performed drift detection.", "x-order": 7 }, "driftDetected": { "description": "Whether drift was detected during the run.", "type": "boolean", "x-order": 2 }, "id": { "description": "The unique identifier of the drift run.", "type": "string", "x-order": 1 }, "remediateUpdate": { "$ref": "#/components/schemas/DriftRunUpdate", "description": "The update that performed drift remediation.", "x-order": 8 }, "status": { "description": "The current status of the drift run.", "enum": [ "not-started", "accepted", "running", "failed", "succeeded", "skipped" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "JobStatus", "enumComments": "JobStatus describes the status of a job run.", "enumFieldNames": [ "NotStarted", "Accepted", "Running", "Failed", "Succeeded", "Skipped" ], "enumFieldComments": [ "JobStatusNotStarted indicates that a job has not yet started.", "JobStatusAccepted indicates that a job has been accepted for execution, but is not yet running.", "JobStatusRunning indicates that a job is running.", "JobStatusFailed indicates that a job has failed.", "JobStatusSucceeded indicates that a job has succeeded.", "JobStatusSkipped indicates that a job has skipped as there are fresher deployments to execute in the queue." ] } } }, "required": [ "created", "driftDetected", "id", "status" ], "type": "object" }, "DriftRunUpdate": { "description": "DriftRunUpdate represents an update within a drift run, including resource changes and status.", "properties": { "modified": { "description": "The timestamp when the update was last modified.", "type": "string", "x-order": 3 }, "resourceChanges": { "additionalProperties": { "format": "int64", "type": "integer" }, "description": "A map of operation types to the count of resources affected.", "type": "object", "x-order": 2 }, "status": { "description": "The current status of the update.", "enum": [ "not-started", "accepted", "running", "failed", "succeeded", "skipped" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "JobStatus", "enumComments": "JobStatus describes the status of a job run.", "enumFieldNames": [ "NotStarted", "Accepted", "Running", "Failed", "Succeeded", "Skipped" ], "enumFieldComments": [ "JobStatusNotStarted indicates that a job has not yet started.", "JobStatusAccepted indicates that a job has been accepted for execution, but is not yet running.", "JobStatusRunning indicates that a job is running.", "JobStatusFailed indicates that a job has failed.", "JobStatusSucceeded indicates that a job has succeeded.", "JobStatusSkipped indicates that a job has skipped as there are fresher deployments to execute in the queue." ] } }, "updateId": { "description": "The unique identifier of the update.", "type": "string", "x-order": 1 } }, "required": [ "modified", "status", "updateId" ], "type": "object" }, "EncryptEnvironmentSecretsRequest": { "description": "EncryptEnvironmentSecretsRequest defines the request body for encrypting secret values.", "properties": { "plaintexts": { "description": "The list of plaintext values to encrypt.", "items": { "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "plaintexts" ], "type": "object" }, "EncryptEnvironmentSecretsResponse": { "description": "EncryptEnvironmentSecretsResponse defines the response body for multiple encrypted values.", "properties": { "ciphertexts": { "description": "The encrypted values, in order of the plaintexts from the request.", "items": { "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "ciphertexts" ], "type": "object" }, "EngineEvent": { "description": "EngineEvent expands apitype.EngineEvent, adding a little more metadata.", "properties": { "cancelEvent": { "$ref": "#/components/schemas/AppCancelEvent", "description": "Present when `type` is `cancelEvent`.", "x-order": 3 }, "diagnosticEvent": { "$ref": "#/components/schemas/AppDiagnosticEvent", "description": "Present when `type` is `diagnosticEvent`.", "x-order": 5 }, "errorEvent": { "$ref": "#/components/schemas/AppErrorEvent", "description": "Present when `type` is `errorEvent`.", "x-order": 19 }, "policyAnalyzeStackSummaryEvent": { "$ref": "#/components/schemas/AppPolicyAnalyzeStackSummaryEvent", "description": "Present when `type` is `policyAnalyzeStackSummaryEvent`.", "x-order": 16 }, "policyAnalyzeSummaryEvent": { "$ref": "#/components/schemas/AppPolicyAnalyzeSummaryEvent", "description": "Present when `type` is `policyAnalyzeSummaryEvent`.", "x-order": 14 }, "policyEvent": { "$ref": "#/components/schemas/AppPolicyEvent", "description": "Present when `type` is `policyEvent`.", "x-order": 11 }, "policyLoadEvent": { "$ref": "#/components/schemas/AppPolicyLoadEvent", "description": "Present when `type` is `policyLoadEvent`.", "x-order": 13 }, "policyRemediateSummaryEvent": { "$ref": "#/components/schemas/AppPolicyRemediateSummaryEvent", "description": "Present when `type` is `policyRemediateSummaryEvent`.", "x-order": 15 }, "policyRemediationEvent": { "$ref": "#/components/schemas/AppPolicyRemediationEvent", "description": "Present when `type` is `policyRemediationEvent`.", "x-order": 12 }, "preludeEvent": { "$ref": "#/components/schemas/AppPreludeEvent", "description": "Present when `type` is `preludeEvent`.", "x-order": 6 }, "progressEvent": { "$ref": "#/components/schemas/AppProgressEvent", "description": "Present when `type` is `progressEvent`.", "x-order": 18 }, "resOpFailedEvent": { "$ref": "#/components/schemas/AppResOpFailedEvent", "description": "Present when `type` is `resOpFailedEvent`.", "x-order": 10 }, "resOutputsEvent": { "$ref": "#/components/schemas/AppResOutputsEvent", "description": "Present when `type` is `resOutputsEvent`.", "x-order": 9 }, "resourcePreEvent": { "$ref": "#/components/schemas/AppResourcePreEvent", "description": "Present when `type` is `resourcePreEvent`.", "x-order": 8 }, "startDebuggingEvent": { "$ref": "#/components/schemas/AppStartDebuggingEvent", "description": "Present when `type` is `startDebuggingEvent`.", "x-order": 17 }, "stdoutEvent": { "$ref": "#/components/schemas/AppStdoutEngineEvent", "description": "Present when `type` is `stdoutEvent`.", "x-order": 4 }, "summaryEvent": { "$ref": "#/components/schemas/AppSummaryEvent", "description": "Present when `type` is `summaryEvent`.", "x-order": 7 }, "timestamp": { "description": "Timestamp of the event (seconds).", "format": "int64", "type": "integer", "x-order": 1 }, "type": { "description": "Type describes which payload object is associated with the event, such that in JavaScript\n`event[event.type]` is never undefined/null.", "type": "string", "x-order": 2 } }, "required": [ "timestamp", "type" ], "type": "object" }, "EnvironmentDiagnostic": { "description": "EnvironmentDiagnostic represents a diagnostic message associated with an environment definition.", "properties": { "path": { "description": "The path within the environment definition where the diagnostic occurred.", "type": "string", "x-order": 3 }, "range": { "$ref": "#/components/schemas/EscRange", "description": "The source range where the diagnostic occurred.", "x-order": 1 }, "severity": { "description": "The severity of the diagnostic: \"error\" or \"warning\".", "type": "string", "x-order": 4 }, "summary": { "description": "A summary of the diagnostic message.", "type": "string", "x-order": 2 } }, "type": "object" }, "EnvironmentDiagnosticsResponse": { "description": "EnvironmentDiagnosticsResponse contains a list of diagnostics from an environment operation.", "properties": { "diagnostics": { "description": "The list of diagnostics produced by the environment operation.", "items": { "$ref": "#/components/schemas/EnvironmentDiagnostic" }, "type": "array", "x-order": 1 } }, "type": "object" }, "EnvironmentFunctionSummary": { "description": "EnvironmentFunctionSummary summarizes the functions used in an environment, including counts and rotation paths.", "properties": { "funcCounts": { "additionalProperties": { "format": "int64", "type": "integer" }, "description": "A map of function names to the number of times they are used.", "type": "object", "x-order": 1 }, "rotationPaths": { "description": "The list of paths that have rotation configured.", "items": { "type": "string" }, "type": "array", "x-order": 2 } }, "required": [ "funcCounts", "rotationPaths" ], "type": "object" }, "EnvironmentImportReferrer": { "description": "An EnvironmentImportReferrer represents an `import` reference from another environment.", "properties": { "name": { "description": "The name of the referring environment.", "type": "string", "x-order": 2 }, "project": { "description": "The project name of the referring environment.", "type": "string", "x-order": 1 }, "revision": { "description": "The revision number of the referring environment.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "name", "project", "revision" ], "type": "object" }, "EnvironmentInsightsAccountReferrer": { "description": "An EnvironmentInsightsAccountReferrer represents a reference from an Insights account.", "properties": { "accountName": { "description": "The name of the Insights account that references the environment.", "type": "string", "x-order": 1 } }, "required": [ "accountName" ], "type": "object" }, "EnvironmentLinks": { "description": "EnvironmentLinks contains hypermedia links related to an environment resource.", "properties": { "self": { "description": "The URL for this environment resource.", "type": "string", "x-order": 1 } }, "type": "object" }, "EnvironmentMetadata": { "description": "EnvironmentMetadata contains read-only metadata about a Pulumi environment.", "properties": { "activeChangeRequest": { "$ref": "#/components/schemas/ChangeRequestRef", "description": "ActiveChangeRequest contains information about any active change request for this environment.\nWill be nil if there is no active change request.", "x-order": 3 }, "gatedActions": { "description": "GatedActions indicates which actions on this environment require change request approval.", "items": { "type": "string" }, "type": "array", "x-order": 4 }, "id": { "description": "Environment metadata follows other Pulumi Cloud \"Metadata\" fields and contains read-only information about the environment", "type": "string", "x-order": 1 }, "openRequestNeeded": { "description": "OpenRequestNeeded indicates whether an open request is currently needed in order to open the environment.", "type": "boolean", "x-order": 5 }, "ownedBy": { "$ref": "#/components/schemas/UserInfo", "description": "The user with ownership of this environment", "x-order": 2 } }, "required": [ "id", "ownedBy" ], "type": "object" }, "EnvironmentReferrer": { "description": "An EnvironmentReferrer represents an entity that refers to an environment.", "properties": { "environment": { "$ref": "#/components/schemas/EnvironmentImportReferrer", "description": "The environment import referrer, if this referrer is an environment.", "x-order": 1 }, "insightsAccount": { "$ref": "#/components/schemas/EnvironmentInsightsAccountReferrer", "description": "The Insights account referrer, if this referrer is an Insights account.", "x-order": 3 }, "stack": { "$ref": "#/components/schemas/EnvironmentStackReferrer", "description": "The stack referrer, if this referrer is a stack.", "x-order": 2 } }, "type": "object" }, "EnvironmentReferrerMetadata": { "description": "EnvironmentReferrerMetadata contains counts of different types of entities that reference an environment.", "properties": { "environmentReferrerCount": { "description": "The number of environments that reference this environment.", "format": "int64", "type": "integer", "x-order": 1 }, "insightsAccountReferrerCount": { "description": "The number of Insights accounts that reference this environment.", "format": "int64", "type": "integer", "x-order": 3 }, "stackReferrerCount": { "description": "The number of stacks that reference this environment.", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "environmentReferrerCount", "insightsAccountReferrerCount", "stackReferrerCount" ], "type": "object" }, "EnvironmentResponse": { "allOf": [ { "$ref": "#/components/schemas/EscEnvironment" }, { "description": "EnvironmentResponse is the response returned when retrieving or evaluating an environment.", "properties": { "diagnostics": { "description": "The list of diagnostics produced during environment evaluation.", "items": { "$ref": "#/components/schemas/EnvironmentDiagnostic" }, "type": "array", "x-order": 1 }, "environmentFunctionSummary": { "$ref": "#/components/schemas/EnvironmentFunctionSummary", "description": "A summary of the functions used in the environment.", "x-order": 2 } }, "required": [ "environmentFunctionSummary" ], "type": "object" } ] }, "EnvironmentRevision": { "description": "EnvironmentRevision represents a specific revision of an environment definition.", "properties": { "created": { "description": "The timestamp when the revision was created.", "format": "date-time", "type": "string", "x-order": 2 }, "creatorLogin": { "description": "The login name of the user who created the revision.", "type": "string", "x-order": 3 }, "creatorName": { "description": "The display name of the user who created the revision.", "type": "string", "x-order": 4 }, "number": { "description": "A monotonically increasing integer identifying this revision.", "format": "int64", "type": "integer", "x-order": 1 }, "retracted": { "$ref": "#/components/schemas/EnvironmentRevisionRetracted", "description": "Information about the retraction, if this revision has been retracted.", "x-order": 6 }, "sourceChangeRequest": { "$ref": "#/components/schemas/EnvironmentRevisionChangeRequest", "description": "The change request that produced this revision, if any.", "x-order": 7 }, "tags": { "description": "The tags associated with this revision.", "items": { "type": "string" }, "type": "array", "x-order": 5 } }, "required": [ "created", "number" ], "type": "object" }, "EnvironmentRevisionChangeRequest": { "description": "EnvironmentRevisionChangeRequest represents a change request associated with an environment revision.", "properties": { "description": { "description": "A description of the change request.", "type": "string", "x-order": 2 }, "id": { "description": "The unique identifier of the change request.", "type": "string", "x-order": 1 } }, "required": [ "description", "id" ], "type": "object" }, "EnvironmentRevisionRetracted": { "description": "EnvironmentRevisionRetracted contains information about a retracted environment revision.", "properties": { "at": { "description": "The timestamp when the revision was retracted.", "format": "date-time", "type": "string", "x-order": 2 }, "byLogin": { "description": "The login name of the user who retracted the revision.", "type": "string", "x-order": 3 }, "byName": { "description": "The display name of the user who retracted the revision.", "type": "string", "x-order": 4 }, "reason": { "description": "The reason the revision was retracted.", "type": "string", "x-order": 5 }, "replacement": { "description": "The revision number that replaced this retracted revision.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "at", "replacement" ], "type": "object" }, "EnvironmentRevisionTag": { "description": "EnvironmentRevisionTag represents a named tag pointing to a specific environment revision.", "properties": { "created": { "description": "The timestamp when the tag was created.", "format": "date-time", "type": "string", "x-order": 3 }, "editorLogin": { "description": "The login name of the user who last edited the tag.", "type": "string", "x-order": 5 }, "editorName": { "description": "The display name of the user who last edited the tag.", "type": "string", "x-order": 6 }, "modified": { "description": "The timestamp when the tag was last modified.", "format": "date-time", "type": "string", "x-order": 4 }, "name": { "description": "The name of the tag.", "type": "string", "x-order": 1 }, "revision": { "description": "The revision number this tag points to.", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "created", "modified", "name", "revision" ], "type": "object" }, "EnvironmentSettings": { "description": "EnvironmentSettings contains settings that control the behavior of an environment.", "properties": { "deletionProtected": { "description": "Whether the environment is protected from deletion.", "type": "boolean", "x-order": 1 } }, "required": [ "deletionProtected" ], "type": "object" }, "EnvironmentStackReferrer": { "description": "An EnvironmentStackReferrer represents a reference from an IaC stack.", "properties": { "project": { "description": "The project name of the referring stack.", "type": "string", "x-order": 1 }, "stack": { "description": "The name of the referring stack.", "type": "string", "x-order": 2 }, "version": { "description": "The version of the stack update that references this environment.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "project", "stack", "version" ], "type": "object" }, "EnvironmentTag": { "description": "EnvironmentTag represents a key-value tag associated with an environment.", "properties": { "created": { "description": "The timestamp when the tag was created.", "format": "date-time", "type": "string", "x-order": 3 }, "editorLogin": { "description": "The login name of the user who last edited the tag.", "type": "string", "x-order": 5 }, "editorName": { "description": "The display name of the user who last edited the tag.", "type": "string", "x-order": 6 }, "modified": { "description": "The timestamp when the tag was last modified.", "format": "date-time", "type": "string", "x-order": 4 }, "name": { "description": "The name of the tag.", "type": "string", "x-order": 1 }, "value": { "description": "The value of the tag.", "type": "string", "x-order": 2 } }, "required": [ "created", "editorLogin", "editorName", "modified", "name", "value" ], "type": "object" }, "EnvironmentVariable": { "description": "EnvironmentVariable is a key-value pair; if the variable is secret, value will be empty/omitted.", "properties": { "name": { "description": "The name of the environment variable.", "type": "string", "x-order": 1 }, "secret": { "description": "Whether the environment variable contains a secret value.", "type": "boolean", "x-order": 3 }, "value": { "description": "The value of the environment variable. Empty or omitted if the variable is secret.", "type": "string", "x-order": 2 } }, "required": [ "name", "secret" ], "type": "object" }, "EscAccessExpr": { "description": "An AccessExpr represents a property access with a receiving value.", "properties": { "accessors": { "description": "The accessors to evaluate.", "items": { "$ref": "#/components/schemas/EscAccessor" }, "type": "array", "x-order": 2 }, "receiver": { "$ref": "#/components/schemas/EscRange", "description": "The receiver to access.", "x-order": 1 } }, "required": [ "accessors", "receiver" ], "type": "object" }, "EscAccessor": { "description": "An Accessor is an element index or property name.", "properties": { "index": { "description": "The integer index of the element to access. Mutually exclusive with Key.", "format": "int64", "type": "integer", "x-order": 1 }, "key": { "description": "The key of the property to access. Mutually exclusive with Index.", "type": "string", "x-order": 2 }, "range": { "$ref": "#/components/schemas/EscRange", "description": "The range of the accessor.", "x-order": 3 } }, "type": "object" }, "EscBuiltinExpr": { "description": "A BuiltinExpr is a call to a builtin function.", "properties": { "arg": { "$ref": "#/components/schemas/EscExpr", "description": "The argument expression passed to the builtin function.", "x-order": 4 }, "argSchema": { "$ref": "#/components/schemas/EscSchemaSchema", "description": "The schema for the function argument.", "x-order": 3 }, "name": { "description": "The name of the builtin function.", "type": "string", "x-order": 1 }, "nameRange": { "$ref": "#/components/schemas/EscRange", "description": "The source range of the function name.", "x-order": 2 } }, "required": [ "arg", "argSchema", "name", "nameRange" ], "type": "object" }, "EscEnvironment": { "description": "An Environment contains the result of evaluating an environment definition.", "properties": { "executionContext": { "$ref": "#/components/schemas/EscEvaluatedExecutionContext", "description": "ExecutionContext contains the values + schema for the execution context passed to the root environment.", "x-order": 4 }, "exprs": { "additionalProperties": { "$ref": "#/components/schemas/EscExpr" }, "description": "Exprs contains the AST for each expression in the environment definition.", "type": "object", "x-order": 1 }, "properties": { "additionalProperties": { "$ref": "#/components/schemas/EscValue" }, "description": "Properties contains the detailed values produced by the environment.", "type": "object", "x-order": 2 }, "schema": { "$ref": "#/components/schemas/EscSchemaSchema", "description": "Schema contains the schema for Properties.", "x-order": 3 } }, "type": "object" }, "EscEvaluatedExecutionContext": { "description": "An EvaluatedExecutionContext contains the result of evaluating an execution context passed to the root environment.", "properties": { "properties": { "additionalProperties": { "$ref": "#/components/schemas/EscValue" }, "description": "Properties contains the detailed values produced by the execution context.", "type": "object", "x-order": 1 }, "schema": { "$ref": "#/components/schemas/EscSchemaSchema", "description": "Schema contains the schema for Properties.", "x-order": 2 } }, "type": "object" }, "EscExpr": { "description": "An Expr holds information about an expression in an environment definition.", "properties": { "access": { "$ref": "#/components/schemas/EscAccessExpr", "description": "The access, if this is an access expression.", "x-order": 8 }, "base": { "$ref": "#/components/schemas/EscExpr", "description": "The expression that defined this expression's base value, if any.", "x-order": 3 }, "builtin": { "$ref": "#/components/schemas/EscBuiltinExpr", "description": "The builtin, if this is a call to a builtin function.", "x-order": 11 }, "interpolate": { "description": "The interpolations, if this is a string interpolation expression.", "items": { "$ref": "#/components/schemas/EscInterpolation" }, "type": "array", "x-order": 6 }, "keyRanges": { "additionalProperties": { "$ref": "#/components/schemas/EscRange" }, "description": "Ranges for the object's keys, if this is an object expression.", "type": "object", "x-order": 4 }, "list": { "description": "The list elements, if this is a list expression.", "items": { "$ref": "#/components/schemas/EscExpr" }, "type": "array", "x-order": 9 }, "literal": { "description": "The literal value, if this is a literal expression (nil, bool, json.Number, or string)", "type": "object", "x-order": 5 }, "object": { "additionalProperties": { "$ref": "#/components/schemas/EscExpr" }, "description": "The object properties, if this is an object expression.", "type": "object", "x-order": 10 }, "range": { "$ref": "#/components/schemas/EscRange", "description": "The range of the expression.", "x-order": 1 }, "schema": { "$ref": "#/components/schemas/EscSchemaSchema", "description": "The schema of the expression's result.", "x-order": 2 }, "symbol": { "description": "The property accessors, if this is a symbol expression.", "items": { "$ref": "#/components/schemas/EscPropertyAccessor" }, "type": "array", "x-order": 7 } }, "required": [ "range" ], "type": "object" }, "EscInterpolation": { "description": "An Interpolation holds information about a part of an interpolated string expression.", "properties": { "text": { "description": "The text of the expression. Precedes the stringified Value in the output.", "type": "string", "x-order": 1 }, "value": { "description": "The value to interpolate.", "items": { "$ref": "#/components/schemas/EscPropertyAccessor" }, "type": "array", "x-order": 2 } }, "type": "object" }, "EscPos": { "description": "A Pos defines a position within an environment definition.", "properties": { "byte": { "description": "Byte is the byte offset into the file where the indicated position begins.", "format": "int64", "type": "integer", "x-order": 3 }, "column": { "description": "Column is the source code column where this position points. Columns are counted in visual cells starting at 1,\nand are incremented roughly per grapheme cluster encountered.", "format": "int64", "type": "integer", "x-order": 2 }, "line": { "description": "Line is the source code line where this position points. Lines are counted starting at 1 and incremented for each\nnewline character encountered.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "byte", "column", "line" ], "type": "object" }, "EscPropertyAccessor": { "allOf": [ { "$ref": "#/components/schemas/EscAccessor" }, { "description": "A PropertyAccessor is a single accessor that is associated with a resolved value.", "properties": { "value": { "$ref": "#/components/schemas/EscRange", "description": "The range of the expression that defines the resolved value.", "x-order": 1 } }, "required": [ "value" ], "type": "object" } ] }, "EscRange": { "description": "A Range defines a range within an environment definition.", "properties": { "begin": { "$ref": "#/components/schemas/EscPos", "description": "The beginning of the range.", "x-order": 2 }, "end": { "$ref": "#/components/schemas/EscPos", "description": "The end of the range.", "x-order": 3 }, "environment": { "description": "The name of the environment.", "type": "string", "x-order": 1 } }, "required": [ "begin", "end" ], "type": "object" }, "EscSchemaSchema": { "description": "EscSchemaSchema represents a JSON Schema used to describe the shape of environment values.", "properties": { "_defs": { "additionalProperties": { "$ref": "#/components/schemas/EscSchemaSchema" }, "description": "Schema definitions that can be referenced by $ref.", "type": "object", "x-order": 1 }, "_ref": { "description": "A JSON reference to a schema definition.", "type": "string", "x-order": 2 }, "additionalProperties": { "$ref": "#/components/schemas/EscSchemaSchema", "description": "The schema for additional object properties.", "x-order": 7 }, "anyOf": { "description": "A list of schemas, any of which the value must match.", "items": { "$ref": "#/components/schemas/EscSchemaSchema" }, "type": "array", "x-order": 3 }, "const": { "description": "A constant value the instance must equal.", "type": "object", "x-order": 10 }, "default": { "description": "The default value for the schema.", "type": "object", "x-order": 29 }, "dependentRequired": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "description": "A map of property names to lists of properties they depend on.", "type": "object", "x-order": 26 }, "deprecated": { "description": "Whether the schema is deprecated.", "type": "boolean", "x-order": 30 }, "description": { "description": "A human-readable explanation of the schema's purpose (JSON Schema annotation).", "type": "string", "x-order": 28 }, "enum": { "description": "A list of allowed values.", "items": { "type": "object" }, "type": "array", "x-order": 11 }, "examples": { "description": "Example values for the schema.", "items": { "type": "object" }, "type": "array", "x-order": 31 }, "exclusiveMaximum": { "description": "The maximum allowed value (exclusive).", "type": "string", "x-order": 14 }, "exclusiveMinimum": { "description": "The minimum allowed value (exclusive).", "type": "string", "x-order": 16 }, "items": { "$ref": "#/components/schemas/EscSchemaSchema", "description": "The schema for array items.", "x-order": 6 }, "maxItems": { "description": "The maximum number of items in an array.", "type": "string", "x-order": 20 }, "maxLength": { "description": "The maximum allowed string length.", "type": "string", "x-order": 17 }, "maxProperties": { "description": "The maximum number of properties in an object.", "type": "string", "x-order": 23 }, "maximum": { "description": "The maximum allowed value (inclusive).", "type": "string", "x-order": 13 }, "minItems": { "description": "The minimum number of items in an array.", "type": "string", "x-order": 21 }, "minLength": { "description": "The minimum allowed string length.", "type": "string", "x-order": 18 }, "minProperties": { "description": "The minimum number of properties in an object.", "type": "string", "x-order": 24 }, "minimum": { "description": "The minimum allowed value (inclusive).", "type": "string", "x-order": 15 }, "multipleOf": { "description": "The value must be a multiple of this number.", "type": "string", "x-order": 12 }, "oneOf": { "description": "A list of schemas, exactly one of which the value must match.", "items": { "$ref": "#/components/schemas/EscSchemaSchema" }, "type": "array", "x-order": 4 }, "pattern": { "description": "A regular expression pattern the string must match.", "type": "string", "x-order": 19 }, "prefixItems": { "description": "Schemas for the leading items in an array.", "items": { "$ref": "#/components/schemas/EscSchemaSchema" }, "type": "array", "x-order": 5 }, "properties": { "additionalProperties": { "$ref": "#/components/schemas/EscSchemaSchema" }, "description": "Schemas for named object properties.", "type": "object", "x-order": 8 }, "required": { "description": "The list of required property names.", "items": { "type": "string" }, "type": "array", "x-order": 25 }, "rotateOnly": { "description": "Pulumi ESC extension: property paths within this schema that support rotation-only updates.", "items": { "type": "string" }, "type": "array", "x-order": 33 }, "secret": { "description": "Pulumi ESC extension: if true, the value should be treated as sensitive and masked in output.", "type": "boolean", "x-order": 32 }, "title": { "description": "A short human-readable label for the schema (JSON Schema annotation).", "type": "string", "x-order": 27 }, "type": { "description": "The type of the schema (e.g. string, number, object, array, boolean).", "type": "string", "x-order": 9 }, "uniqueItems": { "description": "Whether array items must be unique.", "type": "boolean", "x-order": 22 } }, "required": [ "type" ], "type": "object" }, "EscTrace": { "description": "Trace holds information about the expression and base of a value.", "properties": { "base": { "$ref": "#/components/schemas/EscValue", "description": "Base is the base value with which a value was merged.", "x-order": 2 }, "def": { "$ref": "#/components/schemas/EscRange", "description": "Def is the range of the expression that computed a value.", "x-order": 1 } }, "required": [ "def" ], "type": "object" }, "EscValue": { "description": "A Value is the result of evaluating an expression within an environment definition.", "properties": { "secret": { "description": "Secret is true if this value is secret.", "type": "boolean", "x-order": 2 }, "trace": { "$ref": "#/components/schemas/EscTrace", "description": "Trace holds information about the expression that computed this value and the value (if any) with which it was\nmerged.", "x-order": 4 }, "unknown": { "description": "Unknown is true if this value is unknown.", "type": "boolean", "x-order": 3 }, "value": { "description": "Value holds the concrete representation of the value. May be nil, bool, json.Number, string, []Value, or\nmap[string]Value.", "type": "object", "x-order": 1 } }, "required": [ "trace" ], "type": "object" }, "ExecutorContext": { "description": "ExecutorContext defines the execution environment for a deployment, including the Docker image to use.", "properties": { "executorImage": { "$ref": "#/components/schemas/DockerImage", "description": "Defines the image that the pulumi operations should run in.", "x-order": 1 }, "executorRootPath": { "description": "Defines the root path for the executor binary and working directory.", "type": "string", "x-order": 2 } }, "type": "object" }, "ExecutorSettingsRequest": { "description": "ExecutorSettingsRequest is the request body for configuring the execution environment settings.", "properties": { "executorImage": { "$ref": "#/components/schemas/DockerImageRequest", "description": "The Docker image to use for the execution environment.", "x-order": 1 }, "executorRootPath": { "description": "The root path for the executor binary and working directory.", "type": "string", "x-order": 2 } }, "type": "object" }, "FGARole": { "description": "A role assigned to an organization member, identified by ID and name. The role may be a built-in role or a custom role.", "properties": { "id": { "description": "The unique identifier of the role.", "type": "string", "x-order": 1 }, "modifiedAt": { "description": "The timestamp when the role was last modified.", "format": "date-time", "type": "string", "x-order": 3 }, "name": { "description": "The name of the role.", "type": "string", "x-order": 2 } }, "required": [ "id", "modifiedAt", "name" ], "type": "object" }, "FeedbackRequest": { "description": "FeedbackRequest is the request body for submitting user feedback.", "properties": { "comment": { "description": "A comment providing additional details about the feedback.", "type": "string", "x-order": 2 }, "feedbackKind": { "description": "The kind of feedback (thumbs up or thumbs down).", "enum": [ "thumbsup", "thumbsdown" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "FeedbackKind", "enumComments": "The type of user feedback. Valid values: 'thumbsup', 'thumbsdown'.", "enumFieldNames": [ "ThumbsUp", "ThumbsDown" ] } } }, "required": [ "comment", "feedbackKind" ], "type": "object" }, "GCPEnvironmentInfo": { "description": "GCP environment configuration information", "properties": { "environmentName": { "description": "ESC environment name", "type": "string", "x-order": 5 }, "gcpProjectID": { "description": "GCP project ID", "type": "string", "x-order": 1 }, "gcpRoleID": { "description": "GCP role ID", "type": "string", "x-order": 2 }, "gcpServiceAccountName": { "description": "GCP service account name", "type": "string", "x-order": 3 }, "projectName": { "description": "ESC project name", "type": "string", "x-order": 4 } }, "required": [ "environmentName", "gcpProjectID", "gcpRoleID", "gcpServiceAccountName", "projectName" ], "type": "object" }, "GCPSetupRequest": { "description": "Request to setup GCP OIDC infrastructure", "properties": { "gcpEnvironmentInfo": { "$ref": "#/components/schemas/GCPEnvironmentInfo", "description": "GCP environment configuration to create", "x-order": 2 }, "oauthSessionId": { "description": "GCP OAuth session ID", "type": "string", "x-order": 1 } }, "required": [ "gcpEnvironmentInfo", "oauthSessionId" ], "type": "object" }, "GetChangeRequestResponse": { "allOf": [ { "$ref": "#/components/schemas/ChangeRequest" }, { "description": "Response body for retrieving a change request with gate evaluation details.", "properties": { "gateEvaluation": { "$ref": "#/components/schemas/ChangeRequestGateEvaluation", "description": "The gate evaluation results for this change request", "x-order": 1 } }, "required": [ "gateEvaluation" ], "type": "object" } ] }, "GetConversationResponse": { "description": "Response body for retrieving a conversation and its messages.", "properties": { "conversation": { "$ref": "#/components/schemas/Conversation", "description": "The conversation details", "x-order": 1 }, "messages": { "description": "The messages in the conversation", "items": { "$ref": "#/components/schemas/Message" }, "type": "array", "x-order": 2 } }, "required": [ "conversation", "messages" ], "type": "object" }, "GetDeploymentResponse": { "description": "GetDeploymentResponse is the response from the API when getting a single Deployment.", "properties": { "configuration": { "$ref": "#/components/schemas/DeploymentConfiguration", "description": "Configuration contains the environment variables and source information for a deployment", "x-order": 9 }, "created": { "description": "Created defines when the Deployment was created.", "type": "string", "x-order": 2 }, "id": { "description": "Unique identifier for this deployment.", "type": "string", "x-order": 1 }, "initiator": { "description": "Initiator is the initiation source of the deployment.", "type": "string", "x-order": 10 }, "jobs": { "description": "Jobs make up all the Jobs of the Deployment.", "items": { "$ref": "#/components/schemas/DeploymentJob" }, "type": "array", "x-order": 7 }, "latestVersion": { "description": "LatestVersion is the most recent version number for deployments for the given programID", "format": "int64", "type": "integer", "x-order": 8 }, "modified": { "description": "Created defines when the corresponding WorkflowRun was modified.", "type": "string", "x-order": 3 }, "pulumiOperation": { "description": "PulumiOperation is the operation that was performed.", "enum": [ "update", "preview", "destroy", "refresh", "detect-drift", "remediate-drift" ], "type": "string", "x-order": 11, "x-pulumi-model-property": { "enumTypeName": "PulumiOperation", "enumComments": "PulumiOperation describes what operation to perform on the stack as defined in the Job spec.", "enumFieldNames": [ "Update", "Preview", "Destroy", "Refresh", "DetectDrift", "RemediateDrift" ] } }, "requestedBy": { "$ref": "#/components/schemas/UserInfo", "description": "RequestedBy contains the user information about the user who created the Deployment", "x-order": 6 }, "status": { "description": "Status is the current status of the workflow runID.", "enum": [ "not-started", "accepted", "running", "failed", "succeeded", "skipped" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "JobStatus", "enumComments": "JobStatus describes the status of a job run.", "enumFieldNames": [ "NotStarted", "Accepted", "Running", "Failed", "Succeeded", "Skipped" ], "enumFieldComments": [ "JobStatusNotStarted indicates that a job has not yet started.", "JobStatusAccepted indicates that a job has been accepted for execution, but is not yet running.", "JobStatusRunning indicates that a job is running.", "JobStatusFailed indicates that a job has failed.", "JobStatusSucceeded indicates that a job has succeeded.", "JobStatusSkipped indicates that a job has skipped as there are fresher deployments to execute in the queue." ] } }, "version": { "description": "Version is the ordinal ID for the stack", "format": "int64", "type": "integer", "x-order": 5 } }, "required": [ "created", "id", "jobs", "latestVersion", "modified", "pulumiOperation", "requestedBy", "status", "version" ], "type": "object" }, "GetDiscoveredProjectResponse": { "description": "Response for the discovered project detail endpoint, containing a single discovered project and its stacks.", "properties": { "continuationToken": { "description": "Opaque token for fetching the next page of stacks. Null when all stacks have been returned.", "type": "string", "x-order": 2 }, "project": { "$ref": "#/components/schemas/DiscoveredProject", "description": "The discovered project details.", "x-order": 1 } }, "required": [ "project" ], "type": "object" }, "GetDiscoveredStackResponse": { "description": "Response for the discovered stack detail endpoint.", "properties": { "id": { "description": "The Discovered Stack ID.", "type": "string", "x-order": 1 }, "lastScanTime": { "description": "Unix epoch timestamp (seconds) of the last scan. Omitted if never scanned.", "format": "int64", "type": "integer", "x-order": 8 }, "orgName": { "description": "The organization name.", "type": "string", "x-order": 2 }, "projectName": { "description": "The project name.", "type": "string", "x-order": 3 }, "provider": { "description": "The cloud provider package (e.g. 'aws-cloudformation', 'azure-arm').", "type": "string", "x-order": 6 }, "resourceCount": { "description": "Number of resources discovered in this stack.", "format": "int32", "type": "integer", "x-order": 5 }, "stackName": { "description": "The stack name.", "type": "string", "x-order": 4 }, "tags": { "additionalProperties": { "type": "string" }, "description": "User-defined tags associated with the discovered stack.", "type": "object", "x-order": 7 } }, "required": [ "id", "orgName", "projectName", "provider", "resourceCount", "stackName" ], "type": "object" }, "GetInsightAccountTagsResponse": { "description": "Response body for retrieving tags associated with an Insights account.", "properties": { "tags": { "additionalProperties": { "$ref": "#/components/schemas/InsightsAccountTag" }, "description": "Map of tag names to their tag details", "type": "object", "x-order": 1 } }, "required": [ "tags" ], "type": "object" }, "GetMessageCountResponse": { "description": "Response body for retrieving the count of messages sent.", "properties": { "messages_sent": { "description": "The number of messages sent", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "messages_sent" ], "type": "object" }, "GetNaturalLanguageQueryResponse": { "description": "Response body for a natural language query translation.", "properties": { "query": { "description": "The translated query string", "type": "string", "x-order": 1 } }, "required": [ "query" ], "type": "object" }, "GetOrgTemplateSourcesResponse": { "description": "Response body for retrieving template sources configured for an organization.", "properties": { "sources": { "description": "The list of template sources", "items": { "$ref": "#/components/schemas/TemplateSource" }, "type": "array", "x-order": 1 } }, "required": [ "sources" ], "type": "object" }, "GetOrgTemplatesResponse": { "description": "Response body for retrieving templates available to an organization.", "properties": { "diagnostics": { "description": "Diagnostic messages from template retrieval", "items": { "type": "string" }, "type": "array", "x-order": 5 }, "hasAccessError": { "description": "Whether there was an access error retrieving templates", "type": "boolean", "x-order": 3 }, "hasUpstreamError": { "description": "Whether there was an upstream error retrieving templates", "type": "boolean", "x-order": 4 }, "orgHasTemplates": { "description": "Whether the organization has any templates configured", "type": "boolean", "x-order": 2 }, "templates": { "additionalProperties": { "items": { "$ref": "#/components/schemas/PulumiTemplateRemote" }, "type": "array" }, "description": "Map of template source names to their available templates", "type": "object", "x-order": 1 } }, "required": [ "hasAccessError", "hasUpstreamError", "orgHasTemplates", "templates" ], "type": "object" }, "GetPendingEmailVerificationResponse": { "description": "GetPendingEmailVerificationResponse is the response when a client requests the pending email\nfor the currently authenticated user.", "properties": { "email": { "description": "The pending email address awaiting verification", "type": "string", "x-order": 1 } }, "required": [ "email" ], "type": "object" }, "GetPolicyComplianceResultsRequest": { "description": "Request for policy compliance results", "properties": { "continuationToken": { "description": "Continuation token for pagination", "type": "string", "x-order": 2 }, "entity": { "description": "Entity type to filter by", "enum": [ "stack", "account", "severity" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "PolicyComplianceEntityType", "enumComments": "PolicyComplianceEntityType defines the types of entities for policy compliance results.", "enumFieldComments": [ "Stack entity type for policy compliance results", "Account entity type for policy compliance results", "Severity heat map for policy compliance results" ] } }, "size": { "description": "Number of results to return", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "entity" ], "type": "object" }, "GetPolicyComplianceResultsResponse": { "description": "Response for policy compliance results", "properties": { "columns": { "description": "Column names (policy pack names) in order", "items": { "type": "string" }, "type": "array", "x-order": 1 }, "continuationToken": { "description": "Continuation token for next page", "type": "string", "x-order": 3 }, "rows": { "description": "List of policy compliance result rows", "items": { "$ref": "#/components/schemas/PolicyComplianceResult" }, "type": "array", "x-order": 2 } }, "required": [ "columns", "rows" ], "type": "object" }, "GetPolicyIssueResponse": { "description": "Response body for retrieving a policy issue and its associated policy details.", "properties": { "policy": { "$ref": "#/components/schemas/AppPolicy", "description": "The policy definition that caused this issue. May be null if the policy has been deleted or is unavailable.", "x-order": 2 }, "policyIssue": { "$ref": "#/components/schemas/PolicyIssue", "description": "The policy issue details", "x-order": 1 }, "policyPack": { "$ref": "#/components/schemas/RegistryPolicyPack", "description": "The registry policy pack metadata. May be null if the policy pack is unavailable.", "x-order": 3 } }, "required": [ "policyIssue" ], "type": "object" }, "GetRegistryPolicyPackVersionResponse": { "description": "GetRegistryPolicyPackVersionResponse contains detailed information about a specific\nversion of a policy pack, optionally including the actual policy definitions.", "properties": { "policies": { "description": "Policies contains the individual policy definitions in this version.\nEach policy includes its configuration schema and enforcement rules.\nThis field is optional and may be omitted for lightweight responses that only provide registry metadata.", "items": { "$ref": "#/components/schemas/AppPolicy" }, "type": "array", "x-order": 2 }, "policyPack": { "$ref": "#/components/schemas/RegistryPolicyPack", "description": "PolicyPack contains the metadata for this specific version.", "x-order": 1 } }, "required": [ "policyPack" ], "type": "object" }, "GetResourceCountSummaryResponse": { "description": "Response body for retrieving a summary of resource counts.", "properties": { "summary": { "description": "The list of resource count summaries", "items": { "$ref": "#/components/schemas/ResourceCountSummary" }, "type": "array", "x-order": 1 } }, "required": [ "summary" ], "type": "object" }, "GetServiceResponse": { "description": "Response when requesting a service.", "properties": { "continuationToken": { "description": "ContinuationToken is an opaque value the client can send to fetch additional\nitems. Will be nil once all items have been returned.", "type": "string", "x-order": 3 }, "items": { "description": "The list of service items", "items": { "$ref": "#/components/schemas/ServiceItem" }, "type": "array", "x-order": 2 }, "service": { "$ref": "#/components/schemas/Service", "description": "The service details", "x-order": 1 } }, "required": [ "items", "service" ], "type": "object" }, "GetStackActivityResponse": { "description": "GetStackActivityResponse is the Service-centric view of a Program's activity history (deployments and updates).", "properties": { "activity": { "description": "The list of activity records for the stack", "items": { "$ref": "#/components/schemas/Activity" }, "type": "array", "x-order": 1 }, "itemsPerPage": { "description": "The number of items per page", "format": "int64", "type": "integer", "x-order": 2 }, "total": { "description": "The total number of activity records", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "activity", "itemsPerPage", "total" ], "type": "object" }, "GetStackResourceCountResponse": { "description": "GetStackResourceCountResponse returns the number of resources at a particular update.", "properties": { "resourceCount": { "description": "The number of resources in the stack", "format": "int64", "type": "integer", "x-order": 1 }, "version": { "description": "The update version number", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "resourceCount", "version" ], "type": "object" }, "GetStackResourceResponse": { "description": "GetStackResourceResponse returns a single resource for a stack at a particular update.", "properties": { "region": { "description": "The cloud region where the resource is deployed", "type": "string", "x-order": 2 }, "resource": { "$ref": "#/components/schemas/ResourceInfo", "description": "The resource information", "x-order": 1 }, "version": { "description": "The update version number", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "region", "resource", "version" ], "type": "object" }, "GetStackResourcesResponse": { "description": "GetStackResourcesResponse returns the resources for a stack at a particular update.", "properties": { "region": { "description": "The cloud region where the resources are deployed", "type": "string", "x-order": 2 }, "resources": { "description": "The list of resources in the stack", "items": { "$ref": "#/components/schemas/ResourceInfo" }, "type": "array", "x-order": 1 }, "version": { "description": "The update version number", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "region", "resources", "version" ], "type": "object" }, "GetStackStarterWorkflowResponse": { "description": "Response body for retrieving a starter workflow for a stack.", "properties": { "content": { "description": "The starter workflow content", "type": "string", "x-order": 1 } }, "required": [ "content" ], "type": "object" }, "GetStackUpdatesResponse": { "description": "GetStackUpdatesResponse is the Service-centric view of a Program's update history.", "properties": { "itemsPerPage": { "description": "The number of items per page", "format": "int64", "type": "integer", "x-order": 2 }, "total": { "description": "The total number of updates", "format": "int64", "type": "integer", "x-order": 3 }, "updates": { "description": "The list of stack updates", "items": { "$ref": "#/components/schemas/UpdateInfo" }, "type": "array", "x-order": 1 } }, "required": [ "itemsPerPage", "total", "updates" ], "type": "object" }, "GetStarterWorkflowRequest": { "description": "Request body for generating a starter workflow configuration.", "properties": { "ciSystem": { "description": "The CI system to generate the workflow for", "type": "string", "x-order": 1 }, "enablePathFilters": { "description": "Whether to enable path filters in the workflow", "type": "boolean", "x-order": 3 }, "workingDirectory": { "description": "The working directory for the workflow", "type": "string", "x-order": 2 } }, "required": [ "ciSystem", "enablePathFilters", "workingDirectory" ], "type": "object" }, "GetTemplateConfigurationResponse": { "description": "Response body for retrieving template configuration details.", "properties": { "destination": { "$ref": "#/components/schemas/TemplateDestination", "description": "The template destination configuration", "x-order": 1 } }, "type": "object" }, "GetTemplateResponse": { "allOf": [ { "$ref": "#/components/schemas/Template" }, { "description": "Response body for retrieving a single template.", "type": "object" } ] }, "GetUpdateEventsResponse": { "description": "GetUpdateEventsResponse contains the engine events for am update.", "properties": { "continuationToken": { "description": "ContinuationToken is an opaque value the client can send to fetch more recent\nevents if the update is still in progress. Will be nil once all events have\nbeen returned and the update is complete.", "type": "string", "x-order": 2 }, "events": { "description": "Events are returned sorted by their internal sequence number (not exposed to the API).\nSo the last Event in the slice is the most recent event which was stored in the database.\n(Should sort identical to timestamp, but may not if we support parallel writes.)", "items": { "$ref": "#/components/schemas/EngineEvent" }, "type": "array", "x-order": 1 } }, "required": [ "continuationToken", "events" ], "type": "object" }, "GetUpdateTimelineResponse": { "description": "GetUpdateTimelineResponse is the response type returning the timeline for a given update.", "properties": { "collatedPullRequest": { "$ref": "#/components/schemas/GitHubPullRequest", "description": "CollatedPullRequest is the source pull request that was merged, which triggered the stack's update.", "x-order": 3 }, "collatedUpdateEvents": { "description": "CollatedUpdateEvents is the set of update events that are \"relevant\" to the update.\nIt will contain the sequences of previews that were performed in the same \"group\",\ne.g. a GitHub PR, that lead to the final update.\n\nIf the sequence of previews happened spanned when the stack was updated, e.g. the first\npreview was at version N - 1 and the last preview was at version N + 1, then the update\nto stack version N will be included.\n\nWill be empty if the update couldn't be associated with a particular sequence of previews.", "items": { "$ref": "#/components/schemas/UpdateInfo" }, "type": "array", "x-order": 2 }, "previews": { "description": "Previews contains all previews for the given stack update that weren't part of the collated\nset. For example, from other GitHub pull requests that haven't been merged, previews ran on\ndeveloper machines, etc.", "items": { "$ref": "#/components/schemas/UpdateInfo" }, "type": "array", "x-order": 4 }, "update": { "$ref": "#/components/schemas/UpdateInfo", "description": "Update is the information about the completed update for the stack.", "x-order": 1 } }, "required": [ "collatedUpdateEvents", "previews", "update" ], "type": "object" }, "GitAuthConfig": { "description": "GitAuthConfig specifies git authentication configuration options.\nThere are 3 different authentication options:\n- Personal access token\n- SSH private key (and its optional password)\n- Basic auth username and password\nOnly 1 authentication mode is valid.", "properties": { "accessToken": { "$ref": "#/components/schemas/SecretValue", "description": "Personal access token for git authentication", "x-order": 1 }, "basicAuth": { "$ref": "#/components/schemas/BasicAuth", "description": "Basic auth username and password configuration", "x-order": 3 }, "sshAuth": { "$ref": "#/components/schemas/SSHAuth", "description": "SSH private key authentication configuration", "x-order": 2 } }, "type": "object" }, "GitAuthConfigRequest": { "description": "Request body for configuring git authentication options.", "properties": { "accessToken": { "$ref": "#/components/schemas/SecretValue", "description": "Personal access token for git authentication", "x-order": 1 }, "basicAuth": { "$ref": "#/components/schemas/BasicAuthRequest", "description": "Basic authentication configuration", "x-order": 3 }, "sshAuth": { "$ref": "#/components/schemas/SSHAuthRequest", "description": "SSH authentication configuration", "x-order": 2 } }, "type": "object" }, "GitHubAppPermissionRequirement": { "description": "GitHubAppPermissionRequirement represents a single GitHub App permission requirement for Neo agents.", "properties": { "actual": { "description": "The actual permission level from the installation.", "enum": [ "NoAccess", "ReadOnly", "ReadWrite" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "GitHubAppPermissionLevel", "enumComments": "GitHubAppPermissionLevel represents the level of access for a GitHub App permission.", "enumFieldComments": [ "No access to the resource.", "Read-only access to the resource.", "Read and write access to the resource." ] } }, "isSufficient": { "description": "Whether the actual permission level satisfies the required level. This is always precomputed from checking that actual satisfies required.", "type": "boolean", "x-order": 5 }, "name": { "description": "The permission name (e.g., 'Checks', 'Contents').", "type": "string", "x-order": 1 }, "reason": { "description": "Explanation of why this permission is needed.", "type": "string", "x-order": 4 }, "required": { "description": "The required permission level.", "enum": [ "NoAccess", "ReadOnly", "ReadWrite" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "GitHubAppPermissionLevel", "enumComments": "GitHubAppPermissionLevel represents the level of access for a GitHub App permission.", "enumFieldComments": [ "No access to the resource.", "Read-only access to the resource.", "Read and write access to the resource." ] } } }, "required": [ "actual", "isSufficient", "name", "reason", "required" ], "type": "object" }, "GitHubAppURLs": { "description": "GitHubAppURLs contains links that should be used to properly account for\nthings like installation IDs, org names, etc. when installing and\nconfiguring the app.", "properties": { "configurationUrl": { "description": "URL to configure the GitHub App installation", "type": "string", "x-order": 2 }, "installationUrl": { "description": "URL to install the GitHub App", "type": "string", "x-order": 1 }, "permissionsUrl": { "description": "URL to manage the GitHub App permissions", "type": "string", "x-order": 3 }, "stateParam": { "description": "OAuth state parameter for CSRF protection", "type": "string", "x-order": 4 } }, "required": [ "configurationUrl", "installationUrl", "permissionsUrl", "stateParam" ], "type": "object" }, "GitHubCommitInfo": { "description": "GitHubCommitInfo contains summary information about a GitHub commit.\nWe try to provide as much information as possible, so in some situations only\na subset of the fields are present.\nhttps://developer.github.com/v3/git/commits/#get-a-commit", "properties": { "author": { "$ref": "#/components/schemas/UserInfo", "description": "The author of the commit", "x-order": 5 }, "committer": { "$ref": "#/components/schemas/UserInfo", "description": "The committer of the commit", "x-order": 6 }, "message": { "description": "The commit message", "type": "string", "x-order": 4 }, "sha": { "description": "The commit SHA hash", "type": "string", "x-order": 2 }, "slug": { "description": "\u003cuser\u003e/\u003crepo\u003e", "type": "string", "x-order": 1 }, "url": { "description": "The URL to the commit on GitHub", "type": "string", "x-order": 3 } }, "type": "object" }, "GitHubIntegrationDetails": { "description": "GitHubIntegrationDetails describes a single GitHub App installation.", "properties": { "accountID": { "description": "The GitHub account ID (user or org).", "format": "int64", "type": "integer", "x-order": 4 }, "accountName": { "description": "The GitHub account name (login).", "type": "string", "x-order": 5 }, "avatarUrl": { "description": "The avatar URL of the GitHub account.", "type": "string", "x-order": 1 }, "created": { "description": "When the installation was created.", "format": "date-time", "type": "string", "x-order": 8 }, "disableCodeAccessForReviews": { "description": "Whether code access for AI reviews is disabled for this installation.", "type": "boolean", "x-order": 12 }, "disableDetailedDiff": { "description": "Whether detailed property-level diffs are disabled for PR comments.", "type": "boolean", "x-order": 11 }, "disableNeoSummaries": { "description": "Whether Neo AI summaries are disabled for this installation.", "type": "boolean", "x-order": 10 }, "disablePRComments": { "description": "Whether PR comments are disabled for this installation.", "type": "boolean", "x-order": 9 }, "ghUrls": { "$ref": "#/components/schemas/GitHubAppURLs", "description": "URL to configure repository access for this GitHub App installation.", "x-order": 16 }, "hasContentsPermission": { "description": "Whether the installation has the 'contents' permission.", "type": "boolean", "x-order": 14 }, "hasMembersPermission": { "description": "Whether the installation has the 'members' permission (only relevant for organization accounts).", "type": "boolean", "x-order": 13 }, "id": { "description": "The Pulumi ID of the GitHub App installation.", "type": "string", "x-order": 2 }, "installationID": { "description": "The GitHub installation ID.", "format": "int64", "type": "integer", "x-order": 3 }, "isOrganization": { "description": "Whether the GitHub account is an organization (as opposed to a personal account).", "type": "boolean", "x-order": 6 }, "isSelfHosted": { "description": "Whether this is a self-hosted GitHub Enterprise installation.", "type": "boolean", "x-order": 7 }, "neoGitHubAppPermissionRequirements": { "description": "Neo GitHub App permission requirements for this installation.", "items": { "$ref": "#/components/schemas/GitHubAppPermissionRequirement" }, "type": "array", "x-order": 15 } }, "required": [ "disableCodeAccessForReviews", "disableDetailedDiff", "disableNeoSummaries", "disablePRComments", "hasContentsPermission", "hasMembersPermission", "id", "installationID", "isOrganization", "isSelfHosted" ], "type": "object" }, "GitHubIntegrationPermissions": { "description": "GitHubIntegrationPermissions describes per-integration permissions for the current user.", "properties": { "canCreateRepo": { "description": "Whether the user can create repos under this installation", "type": "boolean", "x-order": 2 }, "id": { "description": "Pulumi installation ID", "type": "string", "x-order": 1 } }, "required": [ "canCreateRepo", "id" ], "type": "object" }, "GitHubPullRequest": { "description": "GitHubPullRequest describes a GitHub pull request that a stack update was associated with.", "properties": { "closedAt": { "description": "Unix epoch timestamp (seconds) of when the PR was closed. Null if the PR is still open.", "format": "int64", "type": "integer", "x-order": 5 }, "createdAt": { "description": "Unix epoch timestamp (seconds) of when the PR was created.", "format": "int64", "type": "integer", "x-order": 4 }, "mergeCommitSHA": { "description": "The SHA of the merge commit, if the PR was merged", "type": "string", "x-order": 9 }, "number": { "description": "The pull request number", "format": "int64", "type": "integer", "x-order": 2 }, "repoSlug": { "description": "The repository slug in owner/repo format", "type": "string", "x-order": 3 }, "sourceRef": { "description": "The source branch reference", "type": "string", "x-order": 7 }, "targetRef": { "description": "The target branch reference", "type": "string", "x-order": 8 }, "title": { "description": "The title of the pull request", "type": "string", "x-order": 1 }, "wasMerged": { "description": "Whether the PR was merged", "type": "boolean", "x-order": 6 } }, "required": [ "createdAt", "number", "repoSlug", "sourceRef", "targetRef", "title", "wasMerged" ], "type": "object" }, "GitHubSettingsRequest": { "description": "GitHubSettingsRequest describes settings for a GitHub App installation.", "properties": { "disableCodeAccessForReviews": { "description": "Whether to disable code access for AI reviews", "type": "boolean", "x-order": 4 }, "disableDetailedDiff": { "description": "Whether to disable detailed property-level diffs in PR comments", "type": "boolean", "x-order": 3 }, "disableNeoSummaries": { "description": "Whether to disable Neo AI summaries on PRs", "type": "boolean", "x-order": 2 }, "disablePRComments": { "description": "Whether to disable PR comments from the Pulumi GitHub App", "type": "boolean", "x-order": 1 } }, "type": "object" }, "GitHubSetupResponse": { "description": "Response for GitHub setup initiation containing installation URL.", "properties": { "installationUrl": { "description": "URL to install the GitHub App", "type": "string", "x-order": 1 } }, "required": [ "installationUrl" ], "type": "object" }, "GitHubTeam": { "description": "GitHubTeam is the summary of a GitHub team.", "properties": { "description": { "description": "The team description", "type": "string", "x-order": 4 }, "id": { "description": "The GitHub team ID", "format": "int64", "type": "integer", "x-order": 1 }, "knownToPulumi": { "description": "Whether the team is known to Pulumi", "type": "boolean", "x-order": 5 }, "name": { "description": "The team name", "type": "string", "x-order": 2 }, "slug": { "description": "The team slug (URL-friendly name)", "type": "string", "x-order": 3 } }, "required": [ "description", "id", "knownToPulumi", "name", "slug" ], "type": "object" }, "GitLabAccessStatusResponse": { "description": "Response describing the user's GitLab access status for an organization, including whether they have a valid token and available GitLab groups.", "properties": { "availableGroups": { "description": "GitLab groups available for integration that the user has access to.", "items": { "$ref": "#/components/schemas/GitLabAppOrganization" }, "type": "array", "x-order": 2 }, "hasUserToken": { "description": "Whether the user has a valid GitLab OAuth token.", "type": "boolean", "x-order": 1 } }, "required": [ "hasUserToken" ], "type": "object" }, "GitLabAppOrganization": { "description": "Metadata about a GitLab organization linked to a Pulumi organization.", "properties": { "avatarURL": { "description": "The URL of the organization's avatar image", "type": "string", "x-order": 3 }, "hasRequiredPermissions": { "description": "Whether the integration has the required permissions", "type": "boolean", "x-order": 4 }, "id": { "description": "The GitLab group or organization ID", "format": "int64", "type": "integer", "x-order": 1 }, "name": { "description": "The name of the GitLab organization", "type": "string", "x-order": 2 } }, "required": [ "avatarURL", "hasRequiredPermissions", "id", "name" ], "type": "object" }, "GitLabIntegrationDetails": { "description": "Details of a GitLab integration installation, including linked GitLab group metadata and authentication details.", "properties": { "authUser": { "$ref": "#/components/schemas/User", "description": "The Pulumi user whose GitLab authentication token is being used, if applicable.", "x-order": 9 }, "avatarUrl": { "description": "The URL of the GitLab group's avatar image.", "type": "string", "x-order": 5 }, "disableDetailedDiff": { "description": "Whether detailed property-level diffs are disabled for PR comments.", "type": "boolean", "x-order": 13 }, "disableNeoSummaries": { "description": "Whether Neo AI summaries are disabled for this integration.", "type": "boolean", "x-order": 12 }, "disablePRComments": { "description": "Whether PR comments are disabled for this integration.", "type": "boolean", "x-order": 11 }, "gitLabGroupId": { "description": "The GitLab group ID linked to this integration.", "format": "int64", "type": "integer", "x-order": 2 }, "gitLabOrg": { "$ref": "#/components/schemas/GitLabAppOrganization", "description": "Metadata about the GitLab group linked to this integration.", "x-order": 8 }, "groupAccessTokenExpiration": { "description": "The expiration date of the group access token, if one is being used for authentication.", "format": "date-time", "type": "string", "x-order": 10 }, "groupName": { "description": "The display name of the GitLab group.", "type": "string", "x-order": 3 }, "groupPath": { "description": "The URL-safe path of the GitLab group (e.g. 'parent-group/child-group').", "type": "string", "x-order": 4 }, "id": { "description": "The unique identifier of the GitLab integration.", "type": "string", "x-order": 1 }, "installed": { "description": "Whether the integration has been fully installed.", "type": "boolean", "x-order": 6 }, "valid": { "description": "Whether the integration is currently valid (tokens, hooks, etc.).", "type": "boolean", "x-order": 7 } }, "required": [ "disableDetailedDiff", "disableNeoSummaries", "disablePRComments", "gitLabGroupId", "id", "installed", "valid" ], "type": "object" }, "GitLabSettingsRequest": { "description": "Request body for updating GitLab integration settings such as PR comment and AI summary preferences.", "properties": { "disableDetailedDiff": { "description": "Whether detailed property-level diffs are disabled for PR comments.", "type": "boolean", "x-order": 3 }, "disableNeoSummaries": { "description": "Whether Neo AI summaries are disabled for this integration.", "type": "boolean", "x-order": 2 }, "disablePRComments": { "description": "Whether PR comments are disabled for this integration.", "type": "boolean", "x-order": 1 } }, "type": "object" }, "GitLabSetupRequest": { "description": "Request body for creating a new GitLab integration. Specifies the GitLab group to integrate and the authentication method.", "properties": { "gitLabGroupId": { "description": "The GitLab group ID to integrate with the Pulumi organization.", "format": "int32", "type": "integer", "x-order": 1 }, "useUserGitLabAuth": { "description": "Whether to use the current user's GitLab OAuth token instead of a group access token for authentication.", "type": "boolean", "x-order": 2 } }, "required": [ "gitLabGroupId" ], "type": "object" }, "InitiateOAuthRequest": { "description": "Request to initiate OAuth flow for cloud provider authentication", "properties": { "provider": { "$ref": "#/components/schemas/CloudSetupProvider", "description": "CloudSetupProvider configuration for OAuth authentication", "x-order": 1 } }, "required": [ "provider" ], "type": "object" }, "InitiateOAuthResponse": { "description": "Response from OAuth initiation containing authorization URL and session details", "properties": { "sessionID": { "description": "Session identifier for tracking the OAuth flow", "type": "string", "x-order": 2 }, "url": { "description": "Authorization URL to redirect user to", "type": "string", "x-order": 1 } }, "required": [ "sessionID", "url" ], "type": "object" }, "InsightsAccount": { "description": "A cloud account configured for Pulumi Insights resource discovery.", "properties": { "agentPoolID": { "description": "The ID of the agent pool to run account discovery workflows.\nIf not specified, discovery will use the default agent pool.", "type": "string", "x-order": 8 }, "id": { "description": "ID of the account.", "type": "string", "x-order": 1 }, "name": { "description": "The name of the account.", "type": "string", "x-order": 2 }, "ownedBy": { "$ref": "#/components/schemas/UserInfo", "description": "The user with ownership of this Insights account", "x-order": 3 }, "provider": { "description": "The cloud provider for the account (e.g., aws, gcp, azure-native).", "type": "string", "x-order": 4 }, "providerConfig": { "description": "Provider-specific configuration for the account.", "type": "object", "x-order": 9 }, "providerEnvRef": { "description": "Reference to an ESC environment containing provider credentials,\nin the format 'project/environment' with an optional @version suffix.", "type": "string", "x-order": 6 }, "providerVersion": { "description": "The version of the Pulumi provider package used for discovery.", "type": "string", "x-order": 5 }, "scanStatus": { "$ref": "#/components/schemas/ScanStatus", "description": "Status of the last discovery scan for this account.", "x-order": 10 }, "scheduledScanEnabled": { "description": "If true, the account is scheduled for recurring discovery.", "type": "boolean", "x-order": 7 } }, "required": [ "id", "name", "ownedBy", "provider", "scheduledScanEnabled" ], "type": "object" }, "InsightsAccountTag": { "description": "A tag associated with an Insights account.", "properties": { "created": { "description": "When the tag was created", "format": "date-time", "type": "string", "x-order": 3 }, "modified": { "description": "When the tag was last modified", "format": "date-time", "type": "string", "x-order": 4 }, "name": { "description": "The tag name", "type": "string", "x-order": 1 }, "value": { "description": "The tag value", "type": "string", "x-order": 2 } }, "required": [ "created", "modified", "name", "value" ], "type": "object" }, "InsightsAccountTeam": { "description": "InsightsAccountTeam is a team that has access to a particular account.", "properties": { "description": { "description": "The team description", "type": "string", "x-order": 3 }, "displayName": { "description": "The display name of the team", "type": "string", "x-order": 2 }, "isMember": { "description": "IsMember is true if the requesting user is a member of the team.", "type": "boolean", "x-order": 5 }, "name": { "description": "The team name", "type": "string", "x-order": 1 }, "permission": { "description": "The team's permission level for this account", "enum": [ 0, 1, 2, 3 ], "format": "int64", "type": "integer", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "InsightsAccountPermission", "enumComments": "InsightsAccountPermission is a value describing the permission level a user has for a Pulumi Insights account.", "enumFieldNames": [ "None", "Read", "Write", "Admin" ], "enumFieldComments": [ "InsightsAccountPermissionNone provides no access.", "InsightsAccountPermissionRead provides read-only access.", "InsightsAccountPermissionWrite provides read/write access to an account.", "InsightsAccountPermissionAdmin provides admin-level access to the account." ] } } }, "required": [ "description", "displayName", "isMember", "name", "permission" ], "type": "object" }, "InsightsImportCodeRequest": { "description": "Request body for generating import code for Insights resources.", "properties": { "language": { "description": "The programming language for the generated import code", "type": "string", "x-order": 1 }, "urns": { "description": "The URNs of the resources to generate import code for", "items": { "type": "string" }, "type": "array", "x-order": 2 } }, "required": [ "language", "urns" ], "type": "object" }, "InsightsImportCodeResponse": { "description": "Response body containing generated import code for Insights resources.", "properties": { "code": { "description": "The generated import code", "type": "string", "x-order": 1 } }, "required": [ "code" ], "type": "object" }, "InsightsPolicyResults": { "description": "Results of policy evaluation for Insights resources.", "properties": { "succeeded": { "description": "Whether the policy evaluation succeeded without violations", "type": "boolean", "x-order": 1 }, "violations": { "description": "The list of policy violations found, if any", "items": { "$ref": "#/components/schemas/InsightsPolicyViolation" }, "type": "array", "x-order": 2 } }, "required": [ "succeeded" ], "type": "object" }, "InsightsPolicyViolation": { "description": "A policy violation detected during Insights policy evaluation.", "properties": { "enforcementLevel": { "description": "The enforcement level of the violated policy", "enum": [ "advisory", "mandatory", "remediate", "disabled" ], "type": "string", "x-order": 5, "x-pulumi-model-property": { "enumTypeName": "AppEnforcementLevel", "enumComments": "EnforcementLevel indicates how a policy should be enforced", "enumFieldComments": [ "Advisory is an enforcement level where the resource is still created, but a\nmessage is displayed to the user for informational / warning purposes.", "Mandatory is an enforcement level that prevents a resource from being created.", "Remediate is an enforcement level that fixes policy issues instead of issuing diagnostics.", "Disabled is an enforcement level that disables the policy from being enforced." ] } }, "kind": { "description": "The kind of policy issue", "enum": [ "audit", "preventative" ], "type": "string", "x-order": 6, "x-pulumi-model-property": { "enumTypeName": "PolicyIssueKind", "enumComments": "Whether a policy issue is audit-only or preventative. Audit issues are informational; preventative issues block operations." } }, "message": { "description": "The violation message", "type": "string", "x-order": 1 }, "policyName": { "description": "The name of the policy that was violated", "type": "string", "x-order": 2 }, "policyPackName": { "description": "The name of the policy pack containing the violated policy", "type": "string", "x-order": 3 }, "policyPackVersion": { "description": "The version of the policy pack", "type": "string", "x-order": 4 }, "resourceURN": { "description": "The URN of the resource that violated the policy", "type": "string", "x-order": 7 } }, "required": [ "enforcementLevel", "kind", "message", "policyName", "policyPackName", "policyPackVersion", "resourceURN" ], "type": "object" }, "InsightsResourceIdentifier": { "description": "Identifies an Insights resource by account, type, and ID.", "properties": { "account": { "description": "The account name containing the resource", "type": "string", "x-order": 1 }, "id": { "description": "The resource identifier", "type": "string", "x-order": 3 }, "type": { "description": "The resource type", "type": "string", "x-order": 2 }, "version": { "description": "If nil, the latest version is used", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "account", "id", "type" ], "type": "object" }, "InsightsResourceStackEdge": { "description": "An edge linking an Insights resource to a stack resource.", "properties": { "insightsResourceId": { "description": "The Insights resource identifier", "type": "string", "x-order": 1 }, "stackResourceUrn": { "description": "The stack resource URN", "type": "string", "x-order": 2 } }, "required": [ "insightsResourceId", "stackResourceUrn" ], "type": "object" }, "InsightsResourceVersionEdge": { "description": "An edge between two Insights resource versions.", "properties": { "destUrn": { "description": "The destination resource URN", "type": "string", "x-order": 3 }, "edgeType": { "description": "The type of edge relationship", "type": "string", "x-order": 4 }, "sourceUrn": { "description": "The source resource URN", "type": "string", "x-order": 1 }, "sourceVersion": { "description": "The source resource version", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "destUrn", "edgeType", "sourceUrn", "sourceVersion" ], "type": "object" }, "InsightsResourceWithReferences": { "description": "An Insights resource along with its inbound and outbound references.", "properties": { "from": { "description": "Resources that reference this resource", "items": { "$ref": "#/components/schemas/InsightsResourceWithReferences" }, "type": "array", "x-order": 4 }, "indexedResource": { "$ref": "#/components/schemas/ResourceResult", "description": "The indexed resource result", "x-order": 2 }, "resource": { "$ref": "#/components/schemas/InsightsResourceWithVersion", "description": "The Insights resource with version information", "x-order": 1 }, "to": { "description": "Resources that this resource references", "items": { "$ref": "#/components/schemas/InsightsResourceWithReferences" }, "type": "array", "x-order": 5 }, "urn": { "description": "The resource URN", "type": "string", "x-order": 3 } }, "required": [ "from", "indexedResource", "resource", "to", "urn" ], "type": "object" }, "InsightsResourceWithVersion": { "description": "An Insights resource with its version and state information.", "properties": { "account": { "description": "The account name containing the resource", "type": "string", "x-order": 1 }, "id": { "description": "The resource identifier", "type": "string", "x-order": 3 }, "modified": { "description": "When the resource was last modified", "format": "date-time", "type": "string", "x-order": 5 }, "policyState": { "description": "The policy evaluation state for the resource", "type": "string", "x-order": 7 }, "state": { "description": "The raw resource state", "type": "object", "x-order": 6 }, "type": { "description": "The resource type", "type": "string", "x-order": 2 }, "version": { "description": "The resource version number", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "account", "id", "modified", "type", "version" ], "type": "object" }, "JSONWebKey": { "description": "A JSON Web Key (JWK) as defined by RFC 7517.", "properties": { "Algorithm": { "description": "The 'alg' parameter: the algorithm intended for use with this key (e.g. RS256, ES256).", "type": "string", "x-order": 3 }, "CertificateThumbprintSHA1": { "description": "The SHA-1 thumbprint of the X.509 certificate", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 7 }, "CertificateThumbprintSHA256": { "description": "The SHA-256 thumbprint of the X.509 certificate", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 8 }, "Certificates": { "description": "The X.509 certificate chain", "items": { "$ref": "#/components/schemas/X509Certificate" }, "type": "array", "x-order": 5 }, "CertificatesURL": { "$ref": "#/components/schemas/NetURL", "description": "The URL for the X.509 certificate chain", "x-order": 6 }, "Key": { "description": "The cryptographic key material. Structure depends on the key type (RSA, EC, etc.).", "type": "object", "x-order": 1 }, "KeyID": { "description": "The 'kid' parameter: a unique identifier for the key.", "type": "string", "x-order": 2 }, "Use": { "description": "The 'use' parameter: 'sig' for signing or 'enc' for encryption.", "type": "string", "x-order": 4 } }, "required": [ "Algorithm", "CertificateThumbprintSHA1", "CertificateThumbprintSHA256", "Certificates", "CertificatesURL", "Key", "KeyID", "Use" ], "type": "object" }, "JSONWebKeySet": { "description": "A JSON Web Key Set (JWKS) as defined by RFC 7517.", "properties": { "keys": { "description": "The set of JSON Web Keys", "items": { "$ref": "#/components/schemas/JSONWebKey" }, "type": "array", "x-order": 1 } }, "required": [ "keys" ], "type": "object" }, "JobRun": { "description": "JobRun contains information about a job run.", "properties": { "lastUpdated": { "description": "When the job was last updated", "format": "date-time", "type": "string", "x-order": 3 }, "started": { "description": "When the job started running", "format": "date-time", "type": "string", "x-order": 2 }, "status": { "description": "The current status of the job run", "enum": [ "not-started", "accepted", "running", "failed", "succeeded", "skipped" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "JobStatus", "enumComments": "JobStatus describes the status of a job run.", "enumFieldNames": [ "NotStarted", "Accepted", "Running", "Failed", "Succeeded", "Skipped" ], "enumFieldComments": [ "JobStatusNotStarted indicates that a job has not yet started.", "JobStatusAccepted indicates that a job has been accepted for execution, but is not yet running.", "JobStatusRunning indicates that a job is running.", "JobStatusFailed indicates that a job has failed.", "JobStatusSucceeded indicates that a job has succeeded.", "JobStatusSkipped indicates that a job has skipped as there are fresher deployments to execute in the queue." ] } }, "steps": { "description": "The list of step runs within this job", "items": { "$ref": "#/components/schemas/StepRun" }, "type": "array", "x-order": 5 }, "timeout": { "description": "The timeout duration for the job in nanoseconds (Go time.Duration).", "format": "int64", "type": "integer", "x-order": 4 }, "worker": { "description": "Information about the worker executing this job", "type": "object", "x-order": 6 } }, "required": [ "status", "steps", "timeout" ], "type": "object" }, "KeyEncryptionKeyMigration": { "description": "Status of a key encryption key migration.", "properties": { "id": { "description": "The migration identifier", "type": "string", "x-order": 1 }, "state": { "description": "The current state of the migration", "type": "string", "x-order": 2 } }, "required": [ "id", "state" ], "type": "object" }, "ListAccessTokensResponse": { "description": "ListAccessTokensResponse is the shape of the response when listing access tokens for a user.", "properties": { "tokens": { "description": "The list of access tokens", "items": { "$ref": "#/components/schemas/AccessToken" }, "type": "array", "x-order": 1 } }, "required": [ "tokens" ], "type": "object" }, "ListAgentPoolsResponse": { "description": "Response containing a list of agent pools.", "properties": { "agentPools": { "description": "The list of agent pools", "items": { "$ref": "#/components/schemas/AgentPool" }, "type": "array", "x-order": 1 } }, "required": [ "agentPools" ], "type": "object" }, "ListAgentTaskEventsResponse": { "description": "TODO: add polling support (via lastSeen)", "properties": { "continuationToken": { "description": "ContinuationToken can be used to fetch the next page of results.\nIf null, there are no more results available.", "type": "string", "x-order": 2 }, "events": { "description": "Events contains the list of events for this page.", "items": { "$ref": "#/components/schemas/AgentConsoleEvent" }, "type": "array", "x-order": 1 } }, "required": [ "events" ], "type": "object" }, "ListAgentTasksResponse": { "description": "Response containing a paginated list of agent tasks.", "properties": { "continuationToken": { "description": "ContinuationToken can be used to fetch the next page of results.\nIf null, there are no more results available.", "type": "string", "x-order": 2 }, "tasks": { "description": "Tasks contains the list of tasks for this page.", "items": { "$ref": "#/components/schemas/AgentTask" }, "type": "array", "x-order": 1 } }, "required": [ "tasks" ], "type": "object" }, "ListAzureDevOpsIntegrationsResponse": { "description": "ListAzureDevOpsIntegrationsResponse contains the list of Azure DevOps integrations for an organization.", "properties": { "installationUrl": { "description": "URL to initiate the OAuth consent flow to install a new Azure DevOps integration", "type": "string", "x-order": 2 }, "integrations": { "description": "The list of Azure DevOps integrations.", "items": { "$ref": "#/components/schemas/AzureDevOpsIntegrationDetails" }, "type": "array", "x-order": 1 } }, "required": [ "integrations" ], "type": "object" }, "ListBitBucketIntegrationsResponse": { "description": "Response containing a list of BitBucket integrations for an organization.", "properties": { "integrations": { "description": "The list of BitBucket integrations.", "items": { "$ref": "#/components/schemas/BitBucketIntegrationDetails" }, "type": "array", "x-order": 1 } }, "required": [ "integrations" ], "type": "object" }, "ListChangeGatesResponse": { "description": "Response containing a paginated list of change gates.", "properties": { "continuationToken": { "description": "Continuation token for pagination. If null, there are no more results available.", "type": "string", "x-order": 2 }, "gates": { "description": "List of change gates", "items": { "$ref": "#/components/schemas/ChangeGate" }, "type": "array", "x-order": 1 } }, "required": [ "continuationToken", "gates" ], "type": "object" }, "ListChangeRequestEventsResponse": { "description": "Response containing a paginated list of change request events.", "properties": { "continuationToken": { "description": "Continuation token for pagination. If null, there are no more results available.", "type": "string", "x-order": 2 }, "events": { "description": "The list of events for this page.", "items": { "$ref": "#/components/schemas/ChangeRequestEvent" }, "type": "array", "x-order": 1 } }, "required": [ "continuationToken", "events" ], "type": "object" }, "ListChangeRequestsResponse": { "description": "Response containing a paginated list of change requests.", "properties": { "changeRequests": { "description": "The list of change requests", "items": { "$ref": "#/components/schemas/ChangeRequest" }, "type": "array", "x-order": 1 }, "continuationToken": { "description": "Continuation token for pagination. If null, there are no more results available.", "type": "string", "x-order": 2 } }, "required": [ "changeRequests", "continuationToken" ], "type": "object" }, "ListCloudAccountsResponse": { "description": "Response containing list of cloud accounts", "properties": { "accounts": { "description": "List of cloud accounts/subscriptions", "items": { "$ref": "#/components/schemas/CloudAccount" }, "type": "array", "x-order": 1 } }, "required": [ "accounts" ], "type": "object" }, "ListConversationsResponse": { "description": "Response containing a list of conversations.", "properties": { "conversations": { "description": "The list of conversations", "items": { "$ref": "#/components/schemas/Conversation" }, "type": "array", "x-order": 1 } }, "required": [ "conversations" ], "type": "object" }, "ListDeletedStacksResponse": { "description": "Response containing a list of deleted stacks.", "properties": { "deletedStacks": { "description": "The list of deleted stacks", "items": { "$ref": "#/components/schemas/DeletedStack" }, "type": "array", "x-order": 1 } }, "required": [ "deletedStacks" ], "type": "object" }, "ListDeploymentResponse": { "description": "ListDeploymentResponse is the response from the API when listing Deployments.", "properties": { "created": { "description": "Created defines when the Deployment was created.", "type": "string", "x-order": 2 }, "id": { "description": "Unique identifier for this deployment.", "type": "string", "x-order": 1 }, "modified": { "description": "Created defines when the corresponding WorkflowRun was modified.", "type": "string", "x-order": 3 }, "requestedBy": { "$ref": "#/components/schemas/UserInfo", "description": "RequestedBy contains the user information about the user who created the Deployment", "x-order": 6 }, "status": { "description": "Status is the current status of the workflow runID.", "enum": [ "not-started", "accepted", "running", "failed", "succeeded", "skipped" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "JobStatus", "enumComments": "JobStatus describes the status of a job run.", "enumFieldNames": [ "NotStarted", "Accepted", "Running", "Failed", "Succeeded", "Skipped" ], "enumFieldComments": [ "JobStatusNotStarted indicates that a job has not yet started.", "JobStatusAccepted indicates that a job has been accepted for execution, but is not yet running.", "JobStatusRunning indicates that a job is running.", "JobStatusFailed indicates that a job has failed.", "JobStatusSucceeded indicates that a job has succeeded.", "JobStatusSkipped indicates that a job has skipped as there are fresher deployments to execute in the queue." ] } }, "version": { "description": "Version is the ordinal ID for the stack", "format": "int64", "type": "integer", "x-order": 5 } }, "required": [ "created", "id", "modified", "requestedBy", "status", "version" ], "type": "object" }, "ListDeploymentResponseV2": { "description": "Response containing a paginated list of deployment snapshots (v2).", "properties": { "deployments": { "description": "The list of deployment snapshots", "items": { "$ref": "#/components/schemas/ListDeploymentSnapshot" }, "type": "array", "x-order": 1 }, "itemsPerPage": { "description": "The number of items per page", "format": "int64", "type": "integer", "x-order": 2 }, "total": { "description": "The total number of deployments", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "deployments", "itemsPerPage", "total" ], "type": "object" }, "ListDeploymentSnapshot": { "allOf": [ { "$ref": "#/components/schemas/ListDeploymentResponse" }, { "description": "Extended deployment listing with project, stack, and job details.", "properties": { "agentPool": { "$ref": "#/components/schemas/ListDeploymentSnapshotAgentPool", "description": "The agent pool used for this deployment, if any", "x-order": 8 }, "initiator": { "description": "Initiator is the initiation source of the deployment.", "type": "string", "x-order": 7 }, "jobs": { "description": "The list of jobs in this deployment", "items": { "$ref": "#/components/schemas/DeploymentJob" }, "type": "array", "x-order": 6 }, "paused": { "description": "Paused indicates whether or not deployments are paused for this program.", "type": "boolean", "x-order": 3 }, "projectName": { "description": "ProjectName is the name of the project.", "type": "string", "x-order": 1 }, "pulumiOperation": { "description": "PulumiOperation is the operation that was performed.", "enum": [ "update", "preview", "destroy", "refresh", "detect-drift", "remediate-drift" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "PulumiOperation", "enumComments": "PulumiOperation describes what operation to perform on the stack as defined in the Job spec.", "enumFieldNames": [ "Update", "Preview", "Destroy", "Refresh", "DetectDrift", "RemediateDrift" ] } }, "stackName": { "description": "StackName is the name of the stack.", "type": "string", "x-order": 2 }, "updates": { "description": "Updates", "items": { "$ref": "#/components/schemas/DeploymentNestedUpdate" }, "type": "array", "x-order": 5 } }, "required": [ "jobs", "pulumiOperation", "updates" ], "type": "object" } ] }, "ListDeploymentSnapshotAgentPool": { "description": "Agent pool information associated with a deployment snapshot.", "properties": { "id": { "description": "The agent pool identifier", "type": "string", "x-order": 1 }, "name": { "description": "The agent pool name", "type": "string", "x-order": 2 } }, "required": [ "id", "name" ], "type": "object" }, "ListDiscoveredStackResourcesResponse": { "description": "Response for listing resources in a discovered stack.", "properties": { "continuationToken": { "description": "Opaque token for fetching the next page of resources.", "type": "string", "x-order": 2 }, "resources": { "description": "The list of discovered resources in this page.", "items": { "$ref": "#/components/schemas/DiscoveredResourceInfo" }, "type": "array", "x-order": 1 } }, "required": [ "resources" ], "type": "object" }, "ListDownstreamStackReferencesResponse": { "description": "ListDownstreamStackReferencesResponse is the response to list downstream references of a particular stack.", "properties": { "referencedStacks": { "description": "The list of downstream stack references", "items": { "$ref": "#/components/schemas/StackReference" }, "type": "array", "x-order": 1 } }, "required": [ "referencedStacks" ], "type": "object" }, "ListDriftRunsResponse": { "description": "Response containing a paginated list of drift detection runs.", "properties": { "driftRuns": { "description": "The list of drift runs", "items": { "$ref": "#/components/schemas/DriftRun" }, "type": "array", "x-order": 1 }, "itemsPerPage": { "description": "The number of items per page", "format": "int64", "type": "integer", "x-order": 2 }, "total": { "description": "The total number of drift runs", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "driftRuns", "itemsPerPage", "total" ], "type": "object" }, "ListEnvironmentReferrersResponse": { "description": "Response containing a list of entities that reference an environment.", "properties": { "continuationToken": { "description": "Continuation token for pagination", "type": "string", "x-order": 2 }, "referrers": { "additionalProperties": { "items": { "$ref": "#/components/schemas/EnvironmentReferrer" }, "type": "array" }, "description": "Map of referrer types to their referrer details", "type": "object", "x-order": 1 } }, "required": [ "referrers" ], "type": "object" }, "ListEnvironmentRevisionTagsResponse": { "description": "Response containing a list of environment revision tags.", "properties": { "nextToken": { "description": "Token for fetching the next page of results", "type": "string", "x-order": 2 }, "tags": { "description": "The list of revision tags", "items": { "$ref": "#/components/schemas/EnvironmentRevisionTag" }, "type": "array", "x-order": 1 } }, "required": [ "nextToken", "tags" ], "type": "object" }, "ListEnvironmentSecretRotationHistoryResponse": { "description": "Response containing a list of secret rotation history events for an environment.", "properties": { "events": { "description": "The list of secret rotation events", "items": { "$ref": "#/components/schemas/SecretRotationEvent" }, "type": "array", "x-order": 1 } }, "required": [ "events" ], "type": "object" }, "ListEnvironmentTagsResponse": { "description": "Response containing a map of environment tags.", "properties": { "nextToken": { "description": "Token for fetching the next page of results", "type": "string", "x-order": 2 }, "tags": { "additionalProperties": { "$ref": "#/components/schemas/EnvironmentTag" }, "description": "Map of tag names to their tag details", "type": "object", "x-order": 1 } }, "required": [ "nextToken", "tags" ], "type": "object" }, "ListEnvironmentsResponse": { "description": "Response containing a list of environments for an organization.", "properties": { "environments": { "description": "The list of environments", "items": { "$ref": "#/components/schemas/OrgEnvironment" }, "type": "array", "x-order": 1 }, "nextToken": { "description": "Token for fetching the next page of results", "type": "string", "x-order": 2 } }, "required": [ "environments" ], "type": "object" }, "ListGitHubIntegrationsResponse": { "description": "ListGitHubIntegrationsResponse contains the list of GitHub App integrations for an organization.", "properties": { "installationUrl": { "description": "URL to install the Pulumi GitHub App for this organization.", "type": "string", "x-order": 2 }, "integrations": { "description": "The list of GitHub App integrations.", "items": { "$ref": "#/components/schemas/GitHubIntegrationDetails" }, "type": "array", "x-order": 1 } }, "required": [ "integrations" ], "type": "object" }, "ListGitHubOrganizationTeamsResponse": { "description": "ListGitHubOrganizationTeamsResponse is the response when the Pulumi Service\nproxies a request to GitHub to list all GitHub teams in a GitHub organization.", "properties": { "teams": { "description": "The list of GitHub teams in the organization", "items": { "$ref": "#/components/schemas/GitHubTeam" }, "type": "array", "x-order": 1 } }, "required": [ "teams" ], "type": "object" }, "ListGitHubOrganizationsResponse": { "description": "ListGitHubOrganizationsResponse is the list of GitHub organizations known to the Pulumi Service.", "properties": { "organizations": { "description": "The list of GitHub organizations", "items": { "$ref": "#/components/schemas/PulumiGitHubOrganization" }, "type": "array", "x-order": 1 } }, "required": [ "organizations" ], "type": "object" }, "ListGitLabIntegrationsResponse": { "description": "Response containing the list of GitLab integrations for an organization.", "properties": { "integrations": { "description": "The list of GitLab integrations.", "items": { "$ref": "#/components/schemas/GitLabIntegrationDetails" }, "type": "array", "x-order": 1 } }, "required": [ "integrations" ], "type": "object" }, "ListInsightsAccountsResponse": { "description": "Response containing a list of Insights accounts.", "properties": { "accounts": { "description": "The list of Insights accounts", "items": { "$ref": "#/components/schemas/InsightsAccount" }, "type": "array", "x-order": 1 }, "nextToken": { "description": "Token for fetching the next page of results", "type": "string", "x-order": 2 } }, "type": "object" }, "ListInsightsResourceStackEdgesResponse": { "description": "Response containing a list of Insights resource-to-stack edges.", "properties": { "edges": { "description": "The list of resource-to-stack edges", "items": { "$ref": "#/components/schemas/InsightsResourceStackEdge" }, "type": "array", "x-order": 1 } }, "required": [ "edges" ], "type": "object" }, "ListInsightsResourceVersion": { "description": "A version entry for an Insights resource.", "properties": { "created": { "description": "When the version was created", "format": "date-time", "type": "string", "x-order": 2 }, "version": { "description": "The version number", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "created", "version" ], "type": "object" }, "ListInsightsResourceVersionEdgesResponse": { "description": "Response containing a list of Insights resource version edges.", "properties": { "edges": { "description": "The list of resource version edges", "items": { "$ref": "#/components/schemas/InsightsResourceVersionEdge" }, "type": "array", "x-order": 1 }, "nextToken": { "description": "Token for fetching the next page of results", "type": "string", "x-order": 2 } }, "required": [ "edges" ], "type": "object" }, "ListInsightsResourceVersionsResponse": { "description": "Response containing a list of Insights resource versions.", "properties": { "nextToken": { "description": "Token for fetching the next page of results", "type": "string", "x-order": 2 }, "versions": { "description": "The list of resource versions", "items": { "$ref": "#/components/schemas/ListInsightsResourceVersion" }, "type": "array", "x-order": 1 } }, "type": "object" }, "ListMemberStackPermissionsResponse": { "description": "ListMemberStackPermissionsResponse describes all the permissions that have been set\nfor a user for a specific stack.", "properties": { "explicitPermission": { "description": "The explicitly assigned permission for this user on this stack", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 5, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } }, "organizationDefault": { "description": "The organization's default stack permission level", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } }, "organizationRole": { "description": "The user's role within the organization", "enum": [ "none", "member", "admin", "potential-member", "stack-collaborator", "billing-manager" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "OrganizationRole", "enumComments": "OrganizationRole is an enum defining a member's role within an organization.", "enumFieldNames": [ "None", "Member", "Admin", "PotentialMember", "StackCollaborator", "BillingManager" ], "enumFieldComments": [ "OrganizationRoleNone describes the role of non-members.", "OrganizationRoleMember is the role for regular members.", "OrganizationRoleAdmin is the role for admins.", "OrganizationRolePotentialMember is the role for users who are explicitly\nnot a member of the organization, but are a member of the backing org on\nthe 3rd party identity provider. (i.e. they could join the org.)", "OrganizationRoleStackCollaborator is the role for users who are not a member\nof an organization, but have been explicitly granted access to some of the\norganization's stacks. So they have limited permissions to access the org's\ndata.", "OrganizationRoleBillingManager is the role for billing admins." ] } }, "teamPermissions": { "description": "The list of team-based permissions for this stack", "items": { "$ref": "#/components/schemas/TeamPermission" }, "type": "array", "x-order": 4 }, "userInfo": { "$ref": "#/components/schemas/UserInfo", "description": "The user information", "x-order": 1 } }, "required": [ "explicitPermission", "organizationDefault", "organizationRole", "teamPermissions", "userInfo" ], "type": "object" }, "ListOidcIssuersResponse": { "description": "Response containing a list of registered OIDC issuers.", "properties": { "oidcIssuers": { "description": "The list of OIDC issuers", "items": { "$ref": "#/components/schemas/OidcIssuerRegistrationResponse" }, "type": "array", "x-order": 1 } }, "required": [ "oidcIssuers" ], "type": "object" }, "ListOrganizationInvitesResponse": { "description": "ListOrganizationInvitesResponse describes all pending invites for an organization.", "properties": { "invites": { "description": "The list of pending organization invites", "items": { "$ref": "#/components/schemas/PendingOrganizationInvite" }, "type": "array", "x-order": 1 } }, "required": [ "invites" ], "type": "object" }, "ListOrganizationMembersResponse": { "description": "ListOrganizationMembersResponse lists all members within an organization.", "properties": { "continuationToken": { "description": "An opaque token for fetching the next page of members", "type": "string", "x-order": 2 }, "members": { "description": "The list of organization members", "items": { "$ref": "#/components/schemas/OrganizationMember" }, "type": "array", "x-order": 1 } }, "required": [ "members" ], "type": "object" }, "ListOrganizationProjectsResponsev3": { "description": "Response containing organization projects data in row format (v3).", "properties": { "rowCount": { "description": "The total number of rows", "format": "int64", "type": "integer", "x-order": 2 }, "rowData": { "description": "The project data rows", "items": { "additionalProperties": { "type": "object" }, "type": "object" }, "type": "array", "x-order": 1 } }, "required": [ "rowData" ], "type": "object" }, "ListPackagesResponse": { "description": "Response containing a list of packages.", "properties": { "continuationToken": { "description": "Continuation token for pagination", "type": "string", "x-order": 2 }, "packages": { "description": "The list of packages", "items": { "$ref": "#/components/schemas/PackageMetadata" }, "type": "array", "x-order": 1 } }, "required": [ "packages" ], "type": "object" }, "ListPoliciesComplianceResponse": { "description": "Response containing a list of policy compliance results.", "properties": { "continuationToken": { "description": "Continuation token for pagination", "type": "string", "x-order": 3 }, "policies": { "description": "The list of policy compliance rows", "items": { "$ref": "#/components/schemas/PolicyComplianceRow" }, "type": "array", "x-order": 1 }, "totalCount": { "description": "The total number of policies", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "policies" ], "type": "object" }, "ListPolicyIssuesResponse": { "description": "Response containing a list of policy issues.", "properties": { "groupData": { "description": "Grouped data for policy issue aggregation", "items": { "additionalProperties": { "type": "object" }, "type": "object" }, "type": "array", "x-order": 2 }, "policyIssues": { "description": "The list of policy issues", "items": { "$ref": "#/components/schemas/PolicyIssue" }, "type": "array", "x-order": 1 }, "rowCount": { "description": "The total number of policy issue rows", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "groupData", "policyIssues" ], "type": "object" }, "ListPolicyPacksForInsightsAccountResponse": { "description": "Response containing a list of policy packs associated with an Insights account.", "properties": { "packs": { "description": "The list of required policy packs", "items": { "$ref": "#/components/schemas/AppRequiredPolicy" }, "type": "array", "x-order": 1 } }, "required": [ "packs" ], "type": "object" }, "ListPolicyPacksRequest": { "description": "ListPolicyPacksRequest is the request to list policy packs.", "properties": { "access": { "description": "The access of the policy packs to list. Default is `enabled`.", "enum": [ "added", "available", "enabled", "private" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "PolicyPackAccess", "enumComments": "PolicyPackAccess defines the access level of a policy pack relative to an organization.", "enumFieldComments": [ "Public, and added through org access", "Public, but not approved", "Created by the user, and added to the org.", "Created by the user" ] } }, "ids": { "description": "A list of policy pack IDs to list.\nIf specified, only the policy packs with the specified IDs will be listed.\nIf not specified, all policy packs will be listed.", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "orgLogin": { "description": "The canonical name of the organization to list policy packs for.", "type": "string", "x-order": 3 } }, "type": "object" }, "ListPolicyPacksResponse": { "description": "ListPolicyPacksResponse contains the results of listing policy packs.", "properties": { "continuationToken": { "description": "ContinuationToken can be used to fetch the next page of results.\nIf nil, there are no more results available.", "type": "string", "x-order": 1 }, "policyPacks": { "description": "PolicyPacks contains the policy pack metadata for the current page.", "items": { "$ref": "#/components/schemas/RegistryPolicyPack" }, "type": "array", "x-order": 2 } }, "required": [ "policyPacks" ], "type": "object" }, "ListPolicyViolationsV2Response": { "description": "Response containing a paginated list of policy violations (v2).", "properties": { "continuationToken": { "description": "Continuation token for pagination", "type": "string", "x-order": 2 }, "policyViolations": { "description": "The list of policy violations", "items": { "$ref": "#/components/schemas/PolicyViolationV2" }, "type": "array", "x-order": 1 } }, "required": [ "policyViolations" ], "type": "object" }, "ListProvidersResponse": { "description": "Response containing a list of available providers.", "properties": { "providers": { "description": "The list of provider names", "items": { "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "providers" ], "type": "object" }, "ListResourcesWithReferencesRequest": { "description": "Request body for listing Insights resources with their references.", "properties": { "depth": { "description": "The depth of references to traverse", "format": "int64", "type": "integer", "x-order": 2 }, "resourceIdentifiers": { "description": "The resource identifiers to look up", "items": { "$ref": "#/components/schemas/InsightsResourceIdentifier" }, "type": "array", "x-order": 1 } }, "required": [ "resourceIdentifiers" ], "type": "object" }, "ListRolesResponse": { "description": "Response containing a list of roles.", "properties": { "roles": { "description": "The list of roles", "items": { "$ref": "#/components/schemas/PermissionDescriptorRecord" }, "type": "array", "x-order": 1 } }, "required": [ "roles" ], "type": "object" }, "ListRotatorsResponse": { "description": "Response containing a list of available secret rotators.", "properties": { "rotators": { "description": "The list of rotator names", "items": { "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "rotators" ], "type": "object" }, "ListSAMLOrganizationAdminsResponse": { "description": "Response containing a list of SAML organization administrators.", "properties": { "samlAdmins": { "description": "The list of SAML administrators", "items": { "$ref": "#/components/schemas/UserInfo" }, "type": "array", "x-order": 1 } }, "required": [ "samlAdmins" ], "type": "object" }, "ListScanStatusResponse": { "description": "Response containing a paginated list of scan statuses.", "properties": { "continuationToken": { "description": "ContinuationToken is an opaque value the client can send to fetch additional scans. Will be nil once all scans have been returned.", "type": "string", "x-order": 2 }, "scanStatuses": { "description": "The list of scan statuses", "items": { "$ref": "#/components/schemas/ScanStatus" }, "type": "array", "x-order": 1 } }, "required": [ "scanStatuses" ], "type": "object" }, "ListScheduledActionHistoryResponse": { "description": "ListScheduledActionHistoryResponse is the API response when a scheduled action history is listed.", "properties": { "scheduleHistoryEvents": { "description": "The list of scheduled action history events", "items": { "$ref": "#/components/schemas/ScheduledActionHistoryEvent" }, "type": "array", "x-order": 1 } }, "required": [ "scheduleHistoryEvents" ], "type": "object" }, "ListScheduledActionsResponse": { "description": "ListScheduledActionsResponse is the API response when scheduled deployments are listed.", "properties": { "schedules": { "description": "The list of scheduled actions", "items": { "$ref": "#/components/schemas/ScheduledAction" }, "type": "array", "x-order": 1 } }, "required": [ "schedules" ], "type": "object" }, "ListServicesResponse": { "description": "Response when listing services for a user.", "properties": { "continuationToken": { "description": "ContinuationToken is an opaque value the client can send to fetch additional\nservices. Will be nil once all services have been returned.", "type": "string", "x-order": 2 }, "services": { "description": "The list of services", "items": { "$ref": "#/components/schemas/Service" }, "type": "array", "x-order": 1 } }, "required": [ "services" ], "type": "object" }, "ListStackCollaboratorsResponse": { "description": "ListStackCollaboratorsResponse is the response when querying a stack's collaborators.", "properties": { "stackCreatorUserName": { "description": "StackCreatorUserName is the user name of the stack creator. If stack creator's permissions\nhave been removed then this will be null and will be omitted from the json response.", "type": "string", "x-order": 2 }, "users": { "description": "Other users explicitly added as collaborators on this stack.\n(Those inheriting permissions from the org aren't included.)", "items": { "$ref": "#/components/schemas/UserPermission" }, "type": "array", "x-order": 1 } }, "required": [ "users" ], "type": "object" }, "ListTeamRolesResponse": { "description": "ListTeamRolesResponse is the response when listing the fine-grained assigned to a team.", "properties": { "roles": { "description": "The list of roles assigned to the team", "items": { "$ref": "#/components/schemas/PermissionDescriptorRecord" }, "type": "array", "x-order": 1 } }, "required": [ "roles" ], "type": "object" }, "ListTeamsByInsightsAccountResponse": { "description": "ListTeamsByInsightsAccountResponse lists all teams that have access to an account.", "properties": { "accountName": { "description": "The name of the Insights account", "type": "string", "x-order": 1 }, "teams": { "description": "The list of teams with access to the account", "items": { "$ref": "#/components/schemas/InsightsAccountTeam" }, "type": "array", "x-order": 2 } }, "required": [ "accountName", "teams" ], "type": "object" }, "ListTeamsByStackResponse": { "description": "ListTeamsByStackResponse lists all teams that have access to a stack.", "properties": { "projectName": { "description": "The project name for the stack", "type": "string", "x-order": 1 }, "teams": { "description": "The list of teams with access to the stack", "items": { "$ref": "#/components/schemas/StackTeam" }, "type": "array", "x-order": 2 } }, "required": [ "projectName", "teams" ], "type": "object" }, "ListTeamsResponse": { "description": "ListTeamsResponse lists all teams within an organization.", "properties": { "teams": { "description": "The list of teams", "items": { "$ref": "#/components/schemas/Team" }, "type": "array", "x-order": 1 } }, "required": [ "teams" ], "type": "object" }, "ListTeamsWithRoleResponse": { "description": "ListTeamsWithRoleResponse is the shape of the response when listing teams with a given role within an organization.", "properties": { "teams": { "description": "Teams that are backed by the given role.", "items": { "$ref": "#/components/schemas/Team" }, "type": "array", "x-order": 1 } }, "required": [ "teams" ], "type": "object" }, "ListTemplateVersionsResponse": { "description": "ListTemplateVersionsResponse contains all available versions for a template.", "properties": { "continuationToken": { "description": "Token to fetch the next page of results. If null or empty, there are no more results.", "type": "string", "x-order": 2 }, "templates": { "description": "Templates contains all versions of the specified template, sorted by version descending.", "items": { "$ref": "#/components/schemas/TemplateVersion" }, "type": "array", "x-order": 1 } }, "required": [ "templates" ], "type": "object" }, "ListTemplatesResponse": { "description": "Response containing a paginated list of templates.", "properties": { "continuationToken": { "description": "An opaque token for fetching the next page of results", "type": "string", "x-order": 2 }, "diagnostics": { "description": "Diagnostic messages encountered during template listing", "items": { "type": "string" }, "type": "array", "x-order": 3 }, "templates": { "description": "The list of templates", "items": { "$ref": "#/components/schemas/Template" }, "type": "array", "x-order": 1 } }, "required": [ "templates" ], "type": "object" }, "ListUsersWithRoleResponse": { "description": "ListUsersWithRoleResponse is the shape of the response when listing users with a given role within an organization.", "properties": { "users": { "description": "Users that have been explicitly configured to the given role (ie, not configured via default role).", "items": { "$ref": "#/components/schemas/UserInfo" }, "type": "array", "x-order": 1 } }, "required": [ "users" ], "type": "object" }, "ListVCSBranchesResponse": { "description": "Response containing list of branches.", "properties": { "branches": { "description": "List of branches", "items": { "$ref": "#/components/schemas/VCSBranch" }, "type": "array", "x-order": 1 } }, "required": [ "branches" ], "type": "object" }, "ListVCSIntegrationSummariesResponse": { "description": "Response containing a lightweight list of all VCS integrations across providers for an organization.", "properties": { "integrations": { "description": "The list of VCS integration summaries across all providers.", "items": { "$ref": "#/components/schemas/VCSIntegrationSummary" }, "type": "array", "x-order": 1 } }, "required": [ "integrations" ], "type": "object" }, "ListVCSReposResponse": { "description": "Response containing list of repositories.", "properties": { "nextPageToken": { "description": "Next page token for pagination", "type": "string", "x-order": 2 }, "repos": { "description": "List of repositories", "items": { "$ref": "#/components/schemas/VCSRepo" }, "type": "array", "x-order": 1 } }, "required": [ "repos" ], "type": "object" }, "MemberLinks": { "description": "MemberLinks contains hypermedia links related to an organization member.", "properties": { "self": { "description": "A self-referencing hypermedia link (URL) to this member resource.", "type": "string", "x-order": 1 } }, "type": "object" }, "Message": { "description": "Message represents a single message in a conversation.", "properties": { "created": { "description": "The timestamp when the message was created, in ISO 8601 format.", "type": "string", "x-order": 2 }, "id": { "description": "The unique identifier of the message.", "type": "string", "x-order": 1 }, "message": { "description": "The text body of the message.", "type": "string", "x-order": 5 }, "message_schema_version": { "description": "The schema version of the message format.", "type": "string", "x-order": 6 }, "model": { "description": "The AI model used to generate this message.", "type": "string", "x-order": 3 }, "parent_conversation_message_id": { "description": "The ID of the parent conversation message, if this is a reply.", "type": "string", "x-order": 8 }, "role": { "description": "The role of the message author (e.g. user, assistant).", "type": "string", "x-order": 4 }, "skills": { "description": "A JSON-encoded string of skill invocations associated with this message.", "type": "string", "x-order": 7 } }, "required": [ "created", "id", "message", "message_schema_version", "model", "parent_conversation_message_id", "role", "skills" ], "type": "object" }, "NetIPNet": { "description": "NetIPNet represents an IP network with an address and subnet mask.", "properties": { "IP": { "description": "The IP address of the network.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 1 }, "Mask": { "description": "The subnet mask of the network.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 2 } }, "required": [ "IP", "Mask" ], "type": "object" }, "NetURL": { "description": "NetURL represents a parsed URL (Uniform Resource Locator).", "properties": { "ForceQuery": { "description": "Whether to force a trailing question mark even if the query is empty.", "type": "boolean", "x-order": 8 }, "Fragment": { "description": "The URL fragment (without the leading hash).", "type": "string", "x-order": 10 }, "Host": { "description": "The host or host:port of the URL.", "type": "string", "x-order": 4 }, "OmitHost": { "description": "Whether to omit the host in the URL string.", "type": "boolean", "x-order": 7 }, "Opaque": { "description": "The opaque data of the URL.", "type": "string", "x-order": 2 }, "Path": { "description": "The path of the URL.", "type": "string", "x-order": 5 }, "RawFragment": { "description": "The encoded fragment hint.", "type": "string", "x-order": 11 }, "RawPath": { "description": "The encoded path hint, used when the path contains escaped characters.", "type": "string", "x-order": 6 }, "RawQuery": { "description": "The encoded query string, without the leading question mark.", "type": "string", "x-order": 9 }, "Scheme": { "description": "The URL scheme (e.g. https, http).", "type": "string", "x-order": 1 }, "User": { "description": "The user information associated with the URL.", "type": "string", "x-order": 3 } }, "required": [ "ForceQuery", "Fragment", "Host", "OmitHost", "Opaque", "Path", "RawFragment", "RawPath", "RawQuery", "Scheme", "User" ], "type": "object" }, "NewPolicyGroupRequest": { "description": "NewPolicyGroupRequest is the request struct to create a new Policy Group.", "properties": { "agentPoolId": { "description": "Agent pool ID for policy evaluation. Defaults to Pulumi hosted pool if not specified.", "type": "string", "x-order": 4 }, "entityType": { "description": "The type of entities this policy group applies to (stacks or accounts).", "enum": [ "stacks", "accounts" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "PolicyGroupEntityType", "enumComments": "PolicyGroupEntityType represents the type of entities a policy group applies to" } }, "mode": { "description": "The enforcement mode for the policy group (audit or preventative). Defaults to 'audit' for account policy groups, 'preventative' for stack policy groups.", "enum": [ "audit", "preventative" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "PolicyGroupMode", "enumComments": "PolicyGroupMode represents the enforcement mode for a policy group" } }, "name": { "description": "The name of the new policy group.", "type": "string", "x-order": 1 } }, "required": [ "entityType", "name" ], "type": "object" }, "OidcIssuerRegistrationRequest": { "description": "Request body for registering a new OIDC issuer.", "properties": { "jwks": { "$ref": "#/components/schemas/JSONWebKeySet", "description": "The JSON Web Key Set for the OIDC issuer.", "x-order": 5 }, "maxExpiration": { "description": "The maximum token expiration time in seconds.", "format": "int64", "type": "integer", "x-order": 4 }, "name": { "description": "The display name of the OIDC issuer.", "type": "string", "x-order": 1 }, "thumbprints": { "description": "SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.", "items": { "type": "string" }, "type": "array", "x-order": 3 }, "url": { "description": "The URL of the OIDC issuer.", "type": "string", "x-order": 2 } }, "required": [ "name", "url" ], "type": "object" }, "OidcIssuerRegistrationResponse": { "description": "Response body after registering an OIDC issuer.", "properties": { "created": { "description": "The ISO 8601 timestamp when the OIDC issuer was created.", "type": "string", "x-order": 8 }, "id": { "description": "The unique identifier of the registered OIDC issuer.", "type": "string", "x-order": 1 }, "issuer": { "description": "The OIDC issuer identifier, typically a URL that uniquely identifies the identity provider.", "type": "string", "x-order": 4 }, "jwks": { "$ref": "#/components/schemas/JSONWebKeySet", "description": "The JSON Web Key Set for the OIDC issuer.", "x-order": 6 }, "lastUsed": { "description": "The ISO 8601 timestamp when the OIDC issuer was last used for token exchange.", "type": "string", "x-order": 10 }, "maxExpiration": { "description": "The maximum token expiration time in seconds.", "format": "int64", "type": "integer", "x-order": 7 }, "modified": { "description": "The ISO 8601 timestamp when the OIDC issuer was last modified.", "type": "string", "x-order": 9 }, "name": { "description": "The display name of the OIDC issuer.", "type": "string", "x-order": 2 }, "thumbprints": { "description": "SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.", "items": { "type": "string" }, "type": "array", "x-order": 5 }, "url": { "description": "The URL of the OIDC issuer.", "type": "string", "x-order": 3 } }, "required": [ "id", "issuer", "name", "url" ], "type": "object" }, "OidcIssuerUpdateRequest": { "description": "Request body for updating an existing OIDC issuer.", "properties": { "jwks": { "$ref": "#/components/schemas/JSONWebKeySet", "description": "The updated JSON Web Key Set for the OIDC issuer.", "x-order": 4 }, "maxExpiration": { "description": "The updated maximum token expiration time in seconds.", "format": "int64", "type": "integer", "x-order": 3 }, "name": { "description": "The updated display name of the OIDC issuer.", "type": "string", "x-order": 1 }, "thumbprints": { "description": "Updated SHA-1 certificate thumbprints used to verify the OIDC issuer's TLS certificate.", "items": { "type": "string" }, "type": "array", "x-order": 2 } }, "type": "object" }, "OpenEnvironmentResponse": { "description": "Response body after opening an environment session.", "properties": { "diagnostics": { "description": "Any diagnostics generated when opening the environment.", "items": { "$ref": "#/components/schemas/EnvironmentDiagnostic" }, "type": "array", "x-order": 2 }, "id": { "description": "The unique identifier of the opened environment session.", "type": "string", "x-order": 1 } }, "required": [ "id" ], "type": "object" }, "OperationContext": { "description": "OperationContext describes what to do.", "properties": { "environmentVariables": { "additionalProperties": { "$ref": "#/components/schemas/SecretValue" }, "description": "EnvironmentVariables contains environment variables to be applied during the execution.", "type": "object", "x-order": 4 }, "oidc": { "$ref": "#/components/schemas/OperationContextOIDCConfiguration", "description": "OIDC contains the OIDC configuration for the operation.", "x-order": 1 }, "operation": { "description": "The Pulumi operation to perform (e.g. update, preview, refresh, destroy).", "enum": [ "update", "preview", "destroy", "refresh", "detect-drift", "remediate-drift" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "PulumiOperation", "enumComments": "PulumiOperation describes what operation to perform on the stack as defined in the Job spec.", "enumFieldNames": [ "Update", "Preview", "Destroy", "Refresh", "DetectDrift", "RemediateDrift" ] } }, "options": { "$ref": "#/components/schemas/OperationContextOptions", "description": "Options is a bag of settings to specify or override default behavior", "x-order": 5 }, "preRunCommands": { "description": "PreRunCommands is an optional list of arbitrary commands to run before Pulumi is invoked.\nref: https://github.com/pulumi/pulumi/issues/9397", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "role": { "$ref": "#/components/schemas/DeploymentRole", "description": "Role defines the deployment role to assume for the operation.", "x-order": 6 } }, "type": "object" }, "OperationContextAWSOIDCConfiguration": { "description": "OperationContextAWSOIDCConfiguration contains information about how to exchange an OIDC token for temporary AWS\ncredentials in the form of an assume-role session.\nSee https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html for details on creating an\nappropriately-configured IAM role.", "properties": { "duration": { "description": "Duration is the duration of the assume-role session.", "type": "string", "x-order": 1 }, "policyArns": { "description": "PolicyARNs is an optional set of IAM policy ARNs that further restrict the assume-role session.", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "roleArn": { "description": "The ARN of the role to assume using the OIDC token.", "type": "string", "x-order": 3 }, "sessionName": { "description": "The name of the assume-role session.", "type": "string", "x-order": 4 } }, "required": [ "roleArn", "sessionName" ], "type": "object" }, "OperationContextAWSOIDCConfigurationRequest": { "description": "Request body for updating the AWS OIDC configuration of an operation context.", "properties": { "duration": { "description": "Duration of the assume-role session.", "type": "string", "x-order": 1 }, "policyArns": { "description": "Optional set of IAM policy ARNs that further restrict the assume-role session.", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "roleArn": { "description": "The ARN of the role to assume using the OIDC token.", "type": "string", "x-order": 3 }, "sessionName": { "description": "The name of the assume-role session.", "type": "string", "x-order": 4 } }, "type": "object" }, "OperationContextAzureOIDCConfiguration": { "description": "OperationContextAzureOIDCConfiguration contains information about how to exchange an OIDC token for temporary Azure\ncredentials in the form of a federated workload identity.\nSee https://learn.microsoft.com/en-us/azure/active-directory/develop/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-azp\nfor details on how to create an appropriately-configured identity.", "properties": { "clientId": { "description": "ClientID is the client ID of the federated workload identity.", "type": "string", "x-order": 1 }, "subscriptionId": { "description": "SubscriptionID is the subscription ID of the federated workload identity.", "type": "string", "x-order": 3 }, "tenantId": { "description": "TenantID is the tenant ID of the federated workload identity.", "type": "string", "x-order": 2 } }, "type": "object" }, "OperationContextAzureOIDCConfigurationRequest": { "description": "Request body for updating the Azure OIDC configuration of an operation context.", "properties": { "clientId": { "description": "The client ID of the federated workload identity.", "type": "string", "x-order": 1 }, "subscriptionId": { "description": "The subscription ID of the federated workload identity.", "type": "string", "x-order": 3 }, "tenantId": { "description": "The tenant ID of the federated workload identity.", "type": "string", "x-order": 2 } }, "type": "object" }, "OperationContextGCPOIDCConfiguration": { "description": "OperationContextGCPOIDCConfiguration contains information about how to exchange an OIDC token for temporary GCP\ncredentials in the form of a service account connected to a workload identity pool.\nSee https://cloud.google.com/iam/docs/configuring-workload-identity-federation for details on how to create an\nappropriately-configured workload identity pool and service account.", "properties": { "projectId": { "description": "ProjectID is the numerical ID of the GCP project.", "type": "string", "x-order": 1 }, "providerId": { "description": "ProviderID is the ID of the identity provider associated with the workload pool.", "type": "string", "x-order": 4 }, "region": { "description": "Region is the region of the GCP project.", "type": "string", "x-order": 2 }, "serviceAccount": { "description": "ServiceAccount is the email address of the service account to use.", "type": "string", "x-order": 5 }, "tokenLifetime": { "description": "TokenLifetime is the lifetime of the temporary credentials.", "type": "string", "x-order": 6 }, "workloadPoolId": { "description": "WorkloadPoolID is the ID of the workload pool to use.", "type": "string", "x-order": 3 } }, "required": [ "projectId", "providerId", "serviceAccount", "workloadPoolId" ], "type": "object" }, "OperationContextGCPOIDCConfigurationRequest": { "description": "Request body for updating the GCP OIDC configuration of an operation context.", "properties": { "projectId": { "description": "The numerical ID of the GCP project.", "type": "string", "x-order": 1 }, "providerId": { "description": "The ID of the identity provider associated with the workload pool.", "type": "string", "x-order": 4 }, "region": { "description": "The region of the GCP project.", "type": "string", "x-order": 2 }, "serviceAccount": { "description": "The email address of the service account to use.", "type": "string", "x-order": 5 }, "tokenLifetime": { "description": "The lifetime of the temporary credentials.", "type": "string", "x-order": 6 }, "workloadPoolId": { "description": "The ID of the workload pool to use.", "type": "string", "x-order": 3 } }, "type": "object" }, "OperationContextOIDCConfiguration": { "description": "OperationContextOIDCConfiguration contains configuration for automatically fetching temporary credentials from cloud\nproviders using the OIDC token issued by the service.", "properties": { "aws": { "$ref": "#/components/schemas/OperationContextAWSOIDCConfiguration", "description": "AWS contains AWS-specific configuration.", "x-order": 1 }, "azure": { "$ref": "#/components/schemas/OperationContextAzureOIDCConfiguration", "description": "Azure contains Azure-specific configuration.", "x-order": 2 }, "gcp": { "$ref": "#/components/schemas/OperationContextGCPOIDCConfiguration", "description": "GCP contains GCP-specific configuration.", "x-order": 3 } }, "type": "object" }, "OperationContextOIDCConfigurationRequest": { "description": "Request body for updating the OIDC configuration of an operation context.", "properties": { "aws": { "$ref": "#/components/schemas/OperationContextAWSOIDCConfigurationRequest", "description": "AWS-specific OIDC configuration.", "x-order": 1 }, "azure": { "$ref": "#/components/schemas/OperationContextAzureOIDCConfigurationRequest", "description": "Azure-specific OIDC configuration.", "x-order": 2 }, "gcp": { "$ref": "#/components/schemas/OperationContextGCPOIDCConfigurationRequest", "description": "GCP-specific OIDC configuration.", "x-order": 3 } }, "type": "object" }, "OperationContextOptions": { "description": "OperationContextOptions is a bag of settings to specify or override default behavior in a deployment", "properties": { "deleteAfterDestroy": { "description": "DeleteAfterDestroy sets whether the stack should be deleted after it is destroyed.", "type": "boolean", "x-order": 4 }, "remediateIfDriftDetected": { "description": "RemediateIfDriftDetected sets whether a detect-drift operation should be followed by remediate-drift step\nif drift is detected.", "type": "boolean", "x-order": 5 }, "shell": { "description": "Shell indicates the shell to use when running commands.", "type": "string", "x-order": 3 }, "skipInstallDependencies": { "description": "SkipInstallDependencies sets whether to skip the default dependency installation step. Defaults to false.", "type": "boolean", "x-order": 1 }, "skipIntermediateDeployments": { "description": "SkipIntermediateDeployments sets whether to skip queued intermediate deployments. Defaults to false.", "type": "boolean", "x-order": 2 } }, "type": "object" }, "OperationContextOptionsRequest": { "description": "Request body for updating operation context options.", "properties": { "deleteAfterDestroy": { "description": "Whether the stack should be deleted after it is destroyed.", "type": "boolean", "x-order": 4 }, "remediateIfDriftDetected": { "description": "Whether a detect-drift operation should be followed by a remediate-drift step if drift is detected.", "type": "boolean", "x-order": 5 }, "shell": { "description": "The shell to use when running commands.", "type": "string", "x-order": 3 }, "skipInstallDependencies": { "description": "Whether to skip the default dependency installation step.", "type": "boolean", "x-order": 1 }, "skipIntermediateDeployments": { "description": "Whether to skip queued intermediate deployments.", "type": "boolean", "x-order": 2 } }, "type": "object" }, "OperationContextRequest": { "description": "Request body for updating an operation context.", "properties": { "environmentVariables": { "additionalProperties": { "$ref": "#/components/schemas/SecretValue" }, "description": "Environment variables to apply during execution.", "type": "object", "x-order": 4 }, "oidc": { "$ref": "#/components/schemas/OperationContextOIDCConfigurationRequest", "description": "The OIDC configuration for the operation.", "x-order": 1 }, "operation": { "description": "The Pulumi operation to perform (e.g. update, preview, destroy).", "enum": [ "update", "preview", "destroy", "refresh", "detect-drift", "remediate-drift" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "PulumiOperation", "enumComments": "PulumiOperation describes what operation to perform on the stack as defined in the Job spec.", "enumFieldNames": [ "Update", "Preview", "Destroy", "Refresh", "DetectDrift", "RemediateDrift" ] } }, "options": { "$ref": "#/components/schemas/OperationContextOptionsRequest", "description": "Options to specify or override default behavior.", "x-order": 5 }, "preRunCommands": { "description": "Optional list of commands to run before Pulumi is invoked.", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "role": { "$ref": "#/components/schemas/DeploymentRoleRequest", "description": "The deployment role to assume for the operation.", "x-order": 6 } }, "type": "object" }, "OrgDeploymentsMetadataResponse": { "description": "Response body containing deployment metadata for an organization.", "properties": { "concurrency": { "description": "Concurrency is the number of concurrent deployments allowed for this org.", "format": "int64", "type": "integer", "x-order": 2 }, "deploymentCounts": { "$ref": "#/components/schemas/DeploymentCounts", "description": "DeploymentCounts is the number of deployments with different statuses for this org.", "x-order": 3 }, "paused": { "description": "Paused is true if all new deployments for this org are paused right now.", "type": "boolean", "x-order": 1 } }, "required": [ "concurrency", "deploymentCounts", "paused" ], "type": "object" }, "OrgEnvironment": { "description": "OrgEnvironment represents an environment within an organization.", "properties": { "created": { "description": "The ISO 8601 timestamp when the environment was created.", "type": "string", "x-order": 5 }, "deletedAt": { "description": "The ISO 8601 timestamp when the environment was soft-deleted, or null if not deleted.", "type": "string", "x-order": 9 }, "id": { "description": "The unique identifier of the environment.", "type": "string", "x-order": 1 }, "links": { "$ref": "#/components/schemas/EnvironmentLinks", "description": "Hypermedia links related to the environment.", "x-order": 10 }, "modified": { "description": "The ISO 8601 timestamp when the environment was last modified.", "type": "string", "x-order": 6 }, "name": { "description": "The name of the environment.", "type": "string", "x-order": 4 }, "organization": { "description": "The login name of the organization that owns this environment.", "type": "string", "x-order": 2 }, "ownedBy": { "$ref": "#/components/schemas/UserInfo", "description": "The user with ownership of this environment", "x-order": 7 }, "project": { "description": "The project name that contains this environment, if project-scoped.", "type": "string", "x-order": 3 }, "referrerMetadata": { "$ref": "#/components/schemas/EnvironmentReferrerMetadata", "description": "Metadata about what refers to this environment.", "x-order": 11 }, "settings": { "$ref": "#/components/schemas/EnvironmentSettings", "description": "Configuration settings for the environment, such as deletion protection.", "x-order": 12 }, "tags": { "additionalProperties": { "type": "string" }, "description": "User-defined key-value tags associated with the environment for organization and filtering.", "type": "object", "x-order": 8 } }, "required": [ "created", "id", "modified", "name", "organization", "ownedBy", "referrerMetadata", "settings", "tags" ], "type": "object" }, "Organization": { "description": "Organization represents a Pulumi organization.", "properties": { "avatarUrl": { "description": "The URL of the organization's avatar image.", "type": "string", "x-order": 3 }, "githubLogin": { "description": "The GitHub login associated with the organization.", "type": "string", "x-order": 1 }, "name": { "description": "The name of the organization.", "type": "string", "x-order": 2 }, "repos": { "description": "The repositories belonging to the organization.", "items": { "$ref": "#/components/schemas/PulumiRepository" }, "type": "array", "x-order": 4 } }, "required": [ "avatarUrl", "githubLogin", "name", "repos" ], "type": "object" }, "OrganizationAuditLogExportSettings": { "description": "OrganizationAuditLogExportSettings is an organization's current audit log export configuration.", "properties": { "enabled": { "description": "Whether audit log export is currently active. May be paused automatically if the configured destination repeatedly fails to authenticate.", "type": "boolean", "x-order": 1 }, "lastResult": { "$ref": "#/components/schemas/AuditLogExportResult", "description": "The result of the last audit log export attempt.", "x-order": 3 }, "s3Config": { "$ref": "#/components/schemas/AuditLogsExportS3Config", "description": "The S3 configuration for exporting audit logs.", "x-order": 2 } }, "required": [ "enabled", "lastResult", "s3Config" ], "type": "object" }, "OrganizationFeatures": { "description": "OrganizationFeatures represents paid features for organizations.", "properties": { "agentIntegrationCatalogEnabled": { "description": "Whether the agent integration catalog is enabled.", "type": "boolean", "x-order": 50 }, "agentPoolRegistrationEnabled": { "description": "Whether agent pool registration is enabled for self-hosted deployments.", "type": "boolean", "x-order": 18 }, "aiAgentsEnabled": { "description": "Whether AI agents (Pulumi Copilot) are enabled.", "type": "boolean", "x-order": 40 }, "aiReviewCodeAccessEnabled": { "description": "Whether AI review code access is enabled.", "type": "boolean", "x-order": 51 }, "aleEnabled": { "description": "Whether audit log export (ALE) is enabled.", "type": "boolean", "x-order": 5 }, "approvalsEnabled": { "description": "Whether change request approvals are enabled.", "type": "boolean", "x-order": 32 }, "auditLogUIFilteringEnabled": { "description": "Whether audit log UI filtering is enabled.", "type": "boolean", "x-order": 22 }, "auditLogsEnabled": { "description": "Whether audit logs are enabled for the organization.", "type": "boolean", "x-order": 1 }, "bitbucketVCSEnabled": { "description": "Whether Bitbucket VCS integration is enabled.", "type": "boolean", "x-order": 53 }, "bringYourOwnKeyEnabled": { "description": "Whether bring-your-own-key encryption is enabled.", "type": "boolean", "x-order": 31 }, "crossGuardEnabled": { "description": "Whether CrossGuard policy enforcement is enabled.", "type": "boolean", "x-order": 2 }, "customRoleCondition": { "description": "Whether custom role conditions are enabled.", "type": "boolean", "x-order": 42 }, "customRolesEnabled": { "description": "Whether custom RBAC roles are enabled.", "type": "boolean", "x-order": 26 }, "customTemplatesEnabled": { "description": "Whether custom templates are enabled.", "type": "boolean", "x-order": 12 }, "dashboardOnboardingUIEnabled": { "description": "Whether the dashboard onboarding UI is enabled.", "type": "boolean", "x-order": 19 }, "dependencyCachingEnabled": { "description": "Whether dependency caching for deployments is enabled.", "type": "boolean", "x-order": 23 }, "deployEnabled": { "description": "Whether Pulumi Deployments is enabled.", "type": "boolean", "x-order": 6 }, "discoveredStacksEnabled": { "description": "Whether discovered stacks are enabled.", "type": "boolean", "x-order": 49 }, "driftDetectionEnabled": { "description": "Whether drift detection is enabled.", "type": "boolean", "x-order": 20 }, "environmentRevisionTagsEnabled": { "description": "Whether environment revision tags are enabled.", "type": "boolean", "x-order": 15 }, "environmentSecretRotationEnabled": { "description": "Whether environment secret rotation is enabled.", "type": "boolean", "x-order": 27 }, "environmentsEnabled": { "description": "Whether Pulumi ESC environments are enabled.", "type": "boolean", "x-order": 14 }, "environmentsRestoreEnabled": { "description": "Whether restoring deleted environments is enabled.", "type": "boolean", "x-order": 24 }, "escEditorRevampEnabled": { "description": "Whether the ESC editor revamp is enabled.", "type": "boolean", "x-order": 35 }, "escOnboardingAzureOAuthClientEnabled": { "description": "Whether the Azure OAuth client for ESC onboarding is enabled.", "type": "boolean", "x-order": 36 }, "escOnboardingEnabled": { "description": "Whether ESC onboarding is enabled.", "type": "boolean", "x-order": 33 }, "escOnboardingGcpOAuthClientEnabled": { "description": "Whether the GCP OAuth client for ESC onboarding is enabled.", "type": "boolean", "x-order": 37 }, "escOnboardingV2Enabled": { "description": "Whether ESC onboarding v2 is enabled.", "type": "boolean", "x-order": 34 }, "genericVCSEnabled": { "description": "Whether generic VCS integrations are enabled.", "type": "boolean", "x-order": 52 }, "getStartedOnboardEnabled": { "description": "Whether the getting started onboarding flow is enabled.", "type": "boolean", "x-order": 47 }, "ghAppDetailedDiffEnabled": { "description": "Whether the GitHub App detailed diff view is enabled.", "type": "boolean", "x-order": 44 }, "gitHubEnterpriseIntegrationEnabled": { "description": "Whether GitHub Enterprise integration is enabled.", "type": "boolean", "x-order": 17 }, "iacCloudImportEnabled": { "description": "Whether IaC cloud import is enabled.", "type": "boolean", "x-order": 30 }, "insightsMonetizationEnabled": { "description": "Whether Insights monetization features are enabled.", "type": "boolean", "x-order": 28 }, "integrationAssistantEnabled": { "description": "Whether the integration assistant is enabled.", "type": "boolean", "x-order": 4 }, "legacyDeploymentsOrgToken": { "description": "Whether the organization uses a legacy org token for deployments.", "type": "boolean", "x-order": 16 }, "neoPlanModeEnabled": { "description": "Whether Neo plan mode is enabled.", "type": "boolean", "x-order": 46 }, "neoReadOnlyEnabled": { "description": "Whether Neo read-only permission mode is enabled.", "type": "boolean", "x-order": 48 }, "neoServerSideApprovalsEnabled": { "description": "Whether Neo server side approvals is enabled.", "type": "boolean", "x-order": 45 }, "neoTaskSharingEnabled": { "description": "Whether Copilot task sharing is enabled.", "type": "boolean", "x-order": 43 }, "nlpSearchEnabled": { "description": "Whether natural language search is enabled.", "type": "boolean", "x-order": 11 }, "pangeaAccountsScanPageEnabled": { "description": "Whether the Pangea accounts scan page is enabled.", "type": "boolean", "x-order": 25 }, "policyIssueManagementEnabled": { "description": "Whether policy issue management is enabled.", "type": "boolean", "x-order": 39 }, "policyManagementV2Enabled": { "description": "Whether policy management v2 is enabled.", "type": "boolean", "x-order": 38 }, "propertySearchUIEnabled": { "description": "Whether the property search UI is enabled.", "type": "boolean", "x-order": 10 }, "resourceExportEnabled": { "description": "Whether resource export is enabled.", "type": "boolean", "x-order": 9 }, "resourceSearchEnabled": { "description": "Whether resource search is enabled.", "type": "boolean", "x-order": 8 }, "restoreStacksEnabled": { "description": "Whether restoring deleted stacks is enabled.", "type": "boolean", "x-order": 13 }, "scimEnabled": { "description": "Whether SCIM provisioning is enabled.", "type": "boolean", "x-order": 7 }, "selfHostedDeploymentsEnabled": { "description": "Whether self-hosted deployment agents are enabled.", "type": "boolean", "x-order": 21 }, "selfServeIDPRemoval": { "description": "Whether self-serve IDP removal is enabled.", "type": "boolean", "x-order": 29 }, "themingEnabled": { "description": "Whether UI theming is enabled.", "type": "boolean", "x-order": 41 }, "webhooksEnabled": { "description": "Whether webhooks are enabled for the organization.", "type": "boolean", "x-order": 3 } }, "required": [ "agentIntegrationCatalogEnabled", "agentPoolRegistrationEnabled", "aiAgentsEnabled", "aiReviewCodeAccessEnabled", "aleEnabled", "approvalsEnabled", "auditLogUIFilteringEnabled", "auditLogsEnabled", "bitbucketVCSEnabled", "bringYourOwnKeyEnabled", "crossGuardEnabled", "customRoleCondition", "customRolesEnabled", "customTemplatesEnabled", "dashboardOnboardingUIEnabled", "dependencyCachingEnabled", "deployEnabled", "discoveredStacksEnabled", "driftDetectionEnabled", "environmentRevisionTagsEnabled", "environmentSecretRotationEnabled", "environmentsEnabled", "environmentsRestoreEnabled", "escEditorRevampEnabled", "escOnboardingAzureOAuthClientEnabled", "escOnboardingEnabled", "escOnboardingGcpOAuthClientEnabled", "escOnboardingV2Enabled", "genericVCSEnabled", "getStartedOnboardEnabled", "ghAppDetailedDiffEnabled", "gitHubEnterpriseIntegrationEnabled", "iacCloudImportEnabled", "insightsMonetizationEnabled", "integrationAssistantEnabled", "legacyDeploymentsOrgToken", "neoPlanModeEnabled", "neoReadOnlyEnabled", "neoServerSideApprovalsEnabled", "neoTaskSharingEnabled", "nlpSearchEnabled", "pangeaAccountsScanPageEnabled", "policyIssueManagementEnabled", "policyManagementV2Enabled", "propertySearchUIEnabled", "resourceExportEnabled", "resourceSearchEnabled", "restoreStacksEnabled", "scimEnabled", "selfHostedDeploymentsEnabled", "selfServeIDPRemoval", "themingEnabled", "webhooksEnabled" ], "type": "object" }, "OrganizationMember": { "description": "OrganizationMember defines a member of an organization.", "properties": { "created": { "description": "When the member joined the organization.", "format": "date-time", "type": "string", "x-order": 3 }, "fgaRole": { "$ref": "#/components/schemas/FGARole", "description": "The role currently assigned to this member — either a built-in role (member, admin, billingManager) or a custom role. Falls back to the organization's default role if no role is assigned directly.", "x-order": 7 }, "knownToPulumi": { "description": "KnownToPulumi returns if the organization member has a Pulumi account.", "type": "boolean", "x-order": 4 }, "links": { "$ref": "#/components/schemas/MemberLinks", "description": "Links to the member in the Pulumi Console", "x-order": 6 }, "role": { "description": "**Deprecated:** Use `fgaRole` instead. The member's built-in role within the organization. For members assigned a custom role, this is the closest built-in projection (`member`, `admin`, or `billingManager`) and may lose detail; `fgaRole` is authoritative.", "enum": [ "none", "member", "admin", "potential-member", "stack-collaborator", "billing-manager" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "OrganizationRole", "enumComments": "OrganizationRole is an enum defining a member's role within an organization.", "enumFieldNames": [ "None", "Member", "Admin", "PotentialMember", "StackCollaborator", "BillingManager" ], "enumFieldComments": [ "OrganizationRoleNone describes the role of non-members.", "OrganizationRoleMember is the role for regular members.", "OrganizationRoleAdmin is the role for admins.", "OrganizationRolePotentialMember is the role for users who are explicitly\nnot a member of the organization, but are a member of the backing org on\nthe 3rd party identity provider. (i.e. they could join the org.)", "OrganizationRoleStackCollaborator is the role for users who are not a member\nof an organization, but have been explicitly granted access to some of the\norganization's stacks. So they have limited permissions to access the org's\ndata.", "OrganizationRoleBillingManager is the role for billing admins." ] } }, "user": { "$ref": "#/components/schemas/UserInfo", "description": "The user information for this organization member.", "x-order": 2 }, "virtualAdmin": { "description": "VirtualAdmin indicates that the member does not have admin access on the\nbacking identity provider, but does have admin access to the Pulumi organization.", "type": "boolean", "x-order": 5 } }, "required": [ "created", "fgaRole", "knownToPulumi", "role", "user", "virtualAdmin" ], "type": "object" }, "OrganizationMetadata": { "description": "OrganizationMetadata contains configuration, subscription, and feature information for an organization.", "properties": { "accountCount": { "description": "AccountCount is the current number of Insights Accounts in the organization.\n(May be more than the requesting user has permission to see.)", "format": "int64", "type": "integer", "x-order": 30 }, "aiEnablement": { "description": "The AI feature enablement status for the organization (e.g. enabled, disabled, opt-in).", "type": "string", "x-order": 25 }, "auditLogsEnabled": { "description": "Deprecated. Access the AuditLogsEnabled feature from the Features property.", "type": "boolean", "x-order": 27 }, "backingOrgLogin": { "description": "The login name of the backing organization on the identity provider.", "type": "string", "x-order": 4 }, "created": { "description": "The time the organization was created.", "format": "date-time", "type": "string", "x-order": 3 }, "defaultAccountPermission": { "description": "DefaultAccountPermission is the default permission every member\nhas for accessing the organization's insight accounts.", "enum": [ 0, 1, 2, 3 ], "format": "int64", "type": "integer", "x-order": 13, "x-pulumi-model-property": { "enumTypeName": "InsightsAccountPermission", "enumComments": "InsightsAccountPermission is a value describing the permission level a user has for a Pulumi Insights account.", "enumFieldNames": [ "None", "Read", "Write", "Admin" ], "enumFieldComments": [ "InsightsAccountPermissionNone provides no access.", "InsightsAccountPermissionRead provides read-only access.", "InsightsAccountPermissionWrite provides read/write access to an account.", "InsightsAccountPermissionAdmin provides admin-level access to the account." ] } }, "defaultDeploymentRoleId": { "description": "DefaultDeploymentRoleID is the ID of the default role used for deployments when no specific role is configured in the stack's deployment settings. If unset, deployments run using the triggering user's own permissions.", "type": "string", "x-order": 38 }, "defaultEnvironmentPermission": { "description": "DefaultEnvironmentPermission is the default permission every member\nhas for accessing the organization's environments.", "enum": [ "none", "read", "open", "write", "admin" ], "type": "string", "x-order": 12, "x-pulumi-model-property": { "enumTypeName": "EnvironmentPermission", "enumComments": "EnvironmentPermission is an enum describing the permission level to access an environment." } }, "defaultRoleId": { "description": "DefaultRoleID is the ID of the default role for new users added to the organization.\nIf unset, defaults to the \"Member\" role.", "type": "string", "x-order": 37 }, "defaultStackPermission": { "description": "DefaultStackPermission is the default permission every member\nhas for accessing the organization's stacks.", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 11, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } }, "environmentCount": { "description": "EnvironmentCount is the current number of environments in the organization.\n(May be more than the requesting user has permission to see.)", "format": "int64", "type": "integer", "x-order": 31 }, "features": { "$ref": "#/components/schemas/OrganizationFeatures", "description": "The feature flags enabled for this organization, controlling access to specific functionality.", "x-order": 29 }, "id": { "description": "The unique identifier of the organization.", "type": "string", "x-order": 1 }, "insightsBillingAccepted": { "description": "true if accepted, false if denied, nil if no action taken", "type": "boolean", "x-order": 23 }, "insightsTrialEnd": { "description": "The Unix timestamp when the Insights trial ends.", "format": "int64", "type": "integer", "x-order": 22 }, "insightsTrialUsingPolicy": { "description": "true if org needs to be upgraded to business critical", "type": "boolean", "x-order": 24 }, "kind": { "description": "The kind of backing identity provider for the organization.", "enum": [ "single-user", "bitbucket", "github", "gitlab", "pulumi", "saml" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "OrganizationKind", "enumComments": "OrganizationKind describes the backing data source for a Pulumi organization.", "enumFieldNames": [ "SingleUser", "Bitbucket", "GitHub", "GitLab", "Pulumi", "SAML" ], "enumFieldComments": [ "OrganizationKindSingleUser is a Pulumi organization based around a single user.", "OrganizationKindBitbucket is a Pulumi organization based on a proper Bitbucket team.", "OrganizationKindGitHub is a Pulumi organization based on a proper GitHub organization.", "OrganizationKindGitLab is a Pulumi organization based on a proper GitLab group.", "OrganizationKindPulumi is a Pulumi organization where membership is managed entirely by Pulumi.", "OrganizationKindSAML is a Pulumi organization based on a SAML SSO identity provider." ] } }, "locked": { "description": "Locked is non-nil if an organization is locked, indicating the specific\nreason why it was locked. (Which may determine which actions are available in the Console.)", "enum": [ "bad-subscription", "not-locked", "read-only", "rename-in-progress", "transfer-in-progress" ], "type": "string", "x-order": 36, "x-pulumi-model-property": { "enumTypeName": "OrganizationLockedStatus", "enumComments": "OrganizationLockedStatus describes why an organization may be locked or restricted.", "enumFieldNames": [ "BadSubscription", "NotLocked", "ReadOnly", "RenameInProgress", "TransferInProgress" ] } }, "maxMembers": { "description": "MaxMembers is the maximum number of members the organization can have\nbased on its subscription. (Only set for per-member billed orgs.)", "format": "int64", "type": "integer", "x-order": 35 }, "maxStacks": { "description": "MaxStacks is the maximum number of stacks the organization can have\nbased on its subscription. Will be nil/omitted if there is no limit.", "format": "int64", "type": "integer", "x-order": 33 }, "memberCount": { "description": "MemberCount is the number of members the organization has. Will be\nincorrect for organizations on the TeamPerStack subscription plan.", "format": "int64", "type": "integer", "x-order": 34 }, "membersCanCreateAccounts": { "description": "Whether organization members can create Insights accounts.", "type": "boolean", "x-order": 18 }, "membersCanCreateStacks": { "description": "Whether organization members can create stacks.", "type": "boolean", "x-order": 14 }, "membersCanCreateTeams": { "description": "Whether organization members can create teams.", "type": "boolean", "x-order": 17 }, "membersCanDeleteStacks": { "description": "Whether organization members can delete stacks.", "type": "boolean", "x-order": 15 }, "membersCanTransferStacks": { "description": "Whether organization members can transfer stacks.", "type": "boolean", "x-order": 16 }, "neoApprovalMode": { "description": "neoApprovalMode is the default approval mode for new Neo AI agent tasks.", "enum": [ "manual", "auto", "balanced" ], "type": "string", "x-order": 20, "x-pulumi-model-property": { "enumTypeName": "NeoApprovalMode", "enumComments": "NeoApprovalMode represents the default approval mode for Neo AI agent tasks in an organization" } }, "neoEnabled": { "description": "Whether Neo AI agent features are enabled for the organization.", "type": "boolean", "x-order": 19 }, "neoTaskSharingMode": { "description": "NeoTaskSharingMode is the task sharing mode for Neo AI agents in the organization.", "enum": [ "none", "org" ], "type": "string", "x-order": 21, "x-pulumi-model-property": { "enumTypeName": "NeoTaskSharingMode", "enumComments": "NeoTaskSharingMode represents the task sharing mode for Neo AI agents in an organization" } }, "preferredVCS": { "description": "The organization's preferred VCS vendor.", "enum": [ "none", "bitbucket", "github", "gitlab" ], "type": "string", "x-order": 26, "x-pulumi-model-property": { "enumTypeName": "PreferredVCS", "enumComments": "PreferredVCS represents an organization selected preferred VCS vendor", "enumFieldNames": [ "None", "Bitbucket", "GitHub", "GitLab" ] } }, "product": { "description": "Subscription-related information if the organization has a Pulumi subscription.\nOtherwise, assume it is a grandfathered TeamPerStack org or in the Community Edition.", "enum": [ "team-per-stack", "community", "individual", "team-starter", "team-pro", "enterprise", "team-growth", "enterprise-growth", "business-critical" ], "type": "string", "x-order": 5, "x-pulumi-model-property": { "enumTypeName": "SaasOffer", "enumComments": "SaasOffer is an enum describing the type of products offered from the Pulumi Service.", "enumFieldNames": [ "TeamPerStack", "Community", "Individual", "TeamStarter", "TeamPro", "Enterprise", "TeamGrowth", "EnterpriseGrowth", "BusinessCritical" ], "enumFieldComments": [ "SaasOfferTeamPerStack Team Edition, billed per-stack.", "SaasOfferCommunity Community Edition.", "SaasOfferIndividual TBD individual edition.", "SaasOfferTeamStarter Team Edition, billed per-member.", "SaasOfferTeamPro Team Edition, billed per-member.", "SaasOfferEnterprise Enterprise Edition, billed per-member.", "SaasOfferTeamGrowth acts like Team Starter, but is billed by consumption.", "SaasOfferEnterpriseGrowth acts like the Pulumi Enterprise edition,\nbut is billed by consumption.", "SaasOfferBusinessCritical is the business critical edition, billed by consumption." ] } }, "stackCount": { "description": "StackCount is the current number of stacks in the organization.\n(May be more than the requesting user has permission to see.)", "format": "int64", "type": "integer", "x-order": 32 }, "subscriptionCancelAtPeriodEnd": { "description": "Whether the subscription will be canceled at the end of the current billing period.", "type": "boolean", "x-order": 8 }, "subscriptionPeriodEnd": { "description": "The time when the current subscription or license period ends. For SaaS subscriptions this is the Stripe billing period end. For self-hosted installations this is the license expiry date.", "format": "date-time", "type": "string", "x-order": 9 }, "subscriptionStatus": { "description": "The Stripe subscription status (e.g. active, past_due, canceled), if applicable.", "type": "string", "x-order": 6 }, "subscriptionTrialEnd": { "description": "The Unix timestamp when the subscription trial ends.", "format": "int64", "type": "integer", "x-order": 7 }, "userRole": { "description": "UserRole is the requesting user's role in the organization.", "enum": [ "none", "member", "admin", "potential-member", "stack-collaborator", "billing-manager" ], "type": "string", "x-order": 10, "x-pulumi-model-property": { "enumTypeName": "OrganizationRole", "enumComments": "OrganizationRole is an enum defining a member's role within an organization.", "enumFieldNames": [ "None", "Member", "Admin", "PotentialMember", "StackCollaborator", "BillingManager" ], "enumFieldComments": [ "OrganizationRoleNone describes the role of non-members.", "OrganizationRoleMember is the role for regular members.", "OrganizationRoleAdmin is the role for admins.", "OrganizationRolePotentialMember is the role for users who are explicitly\nnot a member of the organization, but are a member of the backing org on\nthe 3rd party identity provider. (i.e. they could join the org.)", "OrganizationRoleStackCollaborator is the role for users who are not a member\nof an organization, but have been explicitly granted access to some of the\norganization's stacks. So they have limited permissions to access the org's\ndata.", "OrganizationRoleBillingManager is the role for billing admins." ] } }, "webhooksEnabled": { "description": "Deprecated. Access the WebhooksEnabled feature from the Features property.", "type": "boolean", "x-order": 28 } }, "required": [ "accountCount", "aiEnablement", "auditLogsEnabled", "created", "defaultAccountPermission", "defaultEnvironmentPermission", "defaultStackPermission", "environmentCount", "features", "id", "insightsTrialUsingPolicy", "kind", "memberCount", "membersCanCreateAccounts", "membersCanCreateStacks", "membersCanCreateTeams", "membersCanDeleteStacks", "membersCanTransferStacks", "neoApprovalMode", "neoEnabled", "neoTaskSharingMode", "preferredVCS", "stackCount", "userRole", "webhooksEnabled" ], "type": "object" }, "OrganizationSummary": { "description": "OrganizationSummary is just the display information for an organization.", "properties": { "avatarUrl": { "description": "The URL of the organization's avatar image.", "type": "string", "x-order": 3 }, "email": { "description": "IMPORTANT: The email address of the user is only included on a few admin-only APIs.\nFor nearly all APIs that return a UserInfo object, this will not be provided.\nconsidered sensitive information.", "type": "string", "x-order": 4 }, "githubLogin": { "description": "The GitHub login associated with the organization.", "type": "string", "x-order": 2 }, "name": { "description": "The name of the organization.", "type": "string", "x-order": 1 } }, "required": [ "avatarUrl", "githubLogin", "name" ], "type": "object" }, "OrganizationSummaryWithRole": { "allOf": [ { "$ref": "#/components/schemas/OrganizationSummary" }, { "description": "OrganizationSummaryWithRole is the display information for an organization, paired with the role of a given user into that.", "properties": { "role": { "description": "The role of the user within this organization.", "enum": [ "none", "member", "admin", "potential-member", "stack-collaborator", "billing-manager" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "OrganizationRole", "enumComments": "OrganizationRole is an enum defining a member's role within an organization.", "enumFieldNames": [ "None", "Member", "Admin", "PotentialMember", "StackCollaborator", "BillingManager" ], "enumFieldComments": [ "OrganizationRoleNone describes the role of non-members.", "OrganizationRoleMember is the role for regular members.", "OrganizationRoleAdmin is the role for admins.", "OrganizationRolePotentialMember is the role for users who are explicitly\nnot a member of the organization, but are a member of the backing org on\nthe 3rd party identity provider. (i.e. they could join the org.)", "OrganizationRoleStackCollaborator is the role for users who are not a member\nof an organization, but have been explicitly granted access to some of the\norganization's stacks. So they have limited permissions to access the org's\ndata.", "OrganizationRoleBillingManager is the role for billing admins." ] } } }, "type": "object" } ] }, "PackageMetadata": { "description": "PackageMetadata describes a Pulumi package and its associated metadata in the registry.", "properties": { "category": { "description": "The category of the package.", "type": "string", "x-order": 10 }, "createdAt": { "description": "The date and time the package version was created.", "format": "date-time", "type": "string", "x-order": 17 }, "description": { "description": "The description of the package.", "type": "string", "x-order": 7 }, "isFeatured": { "description": "Whether the package is featured.", "type": "boolean", "x-order": 11 }, "logoUrl": { "description": "The URL of the logo for the package.", "type": "string", "x-order": 8 }, "name": { "description": "The name of the package.", "type": "string", "x-order": 1 }, "packageStatus": { "description": "The maturity level of the package, e.g. \"ga\", \"public_preview\"", "enum": [ "ga", "public_preview" ], "type": "string", "x-order": 13, "x-pulumi-model-property": { "enumTypeName": "PackageStatus", "enumComments": "PackageStatus represents the maturity level of a registry package.", "enumFieldNames": [ "GA", "PublicPreview" ] } }, "packageTypes": { "description": "The package types, e.g. \"native\", \"component\", \"bridged\"", "items": { "enum": [ "native", "component", "bridged" ], "type": "string", "x-pulumi-model-property": { "enumTypeName": "PackageType", "enumComments": "PackageType represents the type of a registry package.", "enumFieldComments": [ "A package that offers native resources.", "A package that offers component resources.", "A package that is bridged from a different ecosystem (e.g. OpenTofu)." ] } }, "type": "array", "x-order": 12 }, "parameterization": { "$ref": "#/components/schemas/PackageParameterization", "description": "The parameterization of the provider, if any.", "x-order": 19 }, "pluginDownloadURL": { "description": "The URL to download the plugin at, as found in the schema.", "type": "string", "x-order": 16 }, "publisher": { "description": "The publisher of the package.", "type": "string", "x-order": 2 }, "publisherDisplayName": { "description": "The display name of the publisher.", "type": "string", "x-order": 3 }, "readmeURL": { "description": "The URL of the readme for the package.", "type": "string", "x-order": 14 }, "repoUrl": { "description": "The URL of the repository the package is hosted in.", "type": "string", "x-order": 9 }, "schemaURL": { "description": "The URL of the schema for the package.", "type": "string", "x-order": 15 }, "source": { "description": "The source of the package.", "type": "string", "x-order": 4 }, "title": { "description": "The title/display name of the package.", "type": "string", "x-order": 6 }, "usageStats": { "$ref": "#/components/schemas/PackageUsageStats", "description": "Usage statistics for this package within the requesting org. Only populated when the caller is authenticated.", "x-order": 20 }, "version": { "description": "The version of the package in semver format.", "type": "string", "x-order": 5 }, "visibility": { "description": "The visibility of the package.", "enum": [ "public", "private" ], "type": "string", "x-order": 18, "x-pulumi-model-property": { "enumTypeName": "Visibility", "enumComments": "Visibility indicates whether an entity is public or private." } } }, "required": [ "createdAt", "isFeatured", "name", "packageStatus", "publisher", "readmeURL", "schemaURL", "source", "version", "visibility" ], "type": "object" }, "PackageParameterization": { "description": "PackageParameterization describes the parameterization of a provider package.", "properties": { "baseProvider": { "$ref": "#/components/schemas/ArtifactVersionNameSpec", "description": "The base provider that this package is parameterized from.", "x-order": 1 }, "parameter": { "description": "The opaque parameterization data passed to the base provider, base64-encoded.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 2 } }, "required": [ "baseProvider", "parameter" ], "type": "object" }, "PackageUploadURLs": { "description": "PackageUploadURLs contains pre-signed URLs for uploading package artifacts.", "properties": { "index": { "description": "The pre-signed URL for uploading the package index.", "type": "string", "x-order": 2 }, "installationConfiguration": { "description": "The pre-signed URL for uploading the package installation configuration.", "type": "string", "x-order": 3 }, "schema": { "description": "The pre-signed URL for uploading the package schema.", "type": "string", "x-order": 1 } }, "required": [ "index", "installationConfiguration", "schema" ], "type": "object" }, "PackageUsageResponse": { "description": "PackageUsageResponse contains information about which stacks use a specific package.", "properties": { "continuationToken": { "description": "Token for fetching the next page of results. Null if there are no more results.", "type": "string", "x-order": 4 }, "packageName": { "description": "The package name that was queried.", "type": "string", "x-order": 1 }, "stacks": { "description": "The list of stacks using this package.", "items": { "$ref": "#/components/schemas/StackUsage" }, "type": "array", "x-order": 3 }, "totalStacks": { "description": "The total number of stacks using this package.", "format": "int32", "type": "integer", "x-order": 2 } }, "type": "object" }, "PackageUsageStats": { "description": "PackageUsageStats contains usage statistics for a package within an organization.", "properties": { "onLatest": { "description": "Number of stacks on the latest version of this package.", "format": "int32", "type": "integer", "x-order": 2 }, "onOlder": { "description": "Number of stacks on an older version of this package.", "format": "int32", "type": "integer", "x-order": 3 }, "totalStacks": { "description": "Total number of stacks using this package.", "format": "int32", "type": "integer", "x-order": 1 }, "versionUnresolved": { "description": "Number of stacks where the version could not be resolved.", "format": "int32", "type": "integer", "x-order": 4 } }, "type": "object" }, "PatchConversationRequest": { "description": "Request body for partially updating a conversation.", "properties": { "summary": { "description": "The updated summary of the conversation.", "type": "string", "x-order": 2 }, "title": { "description": "The updated title of the conversation.", "type": "string", "x-order": 1 } }, "required": [ "summary", "title" ], "type": "object" }, "PatchEnvironmentSettingsRequest": { "description": "Request body for partially updating environment settings.", "properties": { "deletionProtected": { "description": "DeletionProtected indicates whether deletion protection should be enabled for this environment. Null means no change.", "type": "boolean", "x-order": 1 } }, "type": "object" }, "PatchOrgAgentPoolResponse": { "description": "Response body after partially updating an organization's agent pool.", "properties": { "description": { "description": "The updated description of the agent pool after the patch operation.", "type": "string", "x-order": 2 }, "name": { "description": "The updated name of the agent pool after the patch operation.", "type": "string", "x-order": 1 } }, "required": [ "description", "name" ], "type": "object" }, "PendingOrganizationInvite": { "description": "PendingOrganizationInvite describes an invite that has been sent out for someone to\njoin a Pulumi organization.", "properties": { "acceptError": { "description": "AcceptError is the most recent error a user has hit while trying to accept\nan organization invite. By default it is null.", "type": "string", "x-order": 7 }, "acceptInviteUrl": { "description": "AcceptInviteURL is the url where a user would go to accept an invite to an organization.", "type": "string", "x-order": 6 }, "email": { "description": "The email address the invite was sent to.", "type": "string", "x-order": 2 }, "id": { "description": "ID is the internal ID of the invite. Used to refer to this invite later to accept/cancel.", "type": "string", "x-order": 1 }, "role": { "description": "Role is the new role to give the member. Must be one of MEMBER, ADMIN, or BILLING MANAGER.", "enum": [ "none", "member", "admin", "potential-member", "stack-collaborator", "billing-manager" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "OrganizationRole", "enumComments": "OrganizationRole is an enum defining a member's role within an organization.", "enumFieldNames": [ "None", "Member", "Admin", "PotentialMember", "StackCollaborator", "BillingManager" ], "enumFieldComments": [ "OrganizationRoleNone describes the role of non-members.", "OrganizationRoleMember is the role for regular members.", "OrganizationRoleAdmin is the role for admins.", "OrganizationRolePotentialMember is the role for users who are explicitly\nnot a member of the organization, but are a member of the backing org on\nthe 3rd party identity provider. (i.e. they could join the org.)", "OrganizationRoleStackCollaborator is the role for users who are not a member\nof an organization, but have been explicitly granted access to some of the\norganization's stacks. So they have limited permissions to access the org's\ndata.", "OrganizationRoleBillingManager is the role for billing admins." ] } }, "roleId": { "description": "RoleID is the optional UUID of a custom role assigned to this invite.", "type": "string", "x-order": 9 }, "sentAt": { "description": "SentAt is the timestamp when the invite was first sent.", "format": "int64", "type": "integer", "x-order": 5 }, "sentBy": { "$ref": "#/components/schemas/UserInfo", "description": "The user who sent the invite.", "x-order": 4 }, "status": { "description": "The friendly name of the invite status. Valid values are\n\"pending\", \"accepted\", \"expired\", and \"canceled\".", "type": "string", "x-order": 8 } }, "required": [ "acceptInviteUrl", "email", "id", "role", "sentAt", "sentBy", "status" ], "type": "object" }, "PermissionBooleanExpression": { "allOf": [ { "$ref": "#/components/schemas/PermissionExpression" }, { "description": "A boolean permission expression.", "type": "object" } ] }, "PermissionBooleanExpressionBinary": { "allOf": [ { "$ref": "#/components/schemas/PermissionBooleanExpression" }, { "description": "A boolean permission expression.", "properties": { "left": { "$ref": "#/components/schemas/PermissionBooleanExpression", "description": "The left operand of the binary boolean expression.", "x-order": 1 }, "right": { "$ref": "#/components/schemas/PermissionBooleanExpression", "description": "The right operand of the binary boolean expression.", "x-order": 2 } }, "type": "object" } ] }, "PermissionBooleanExpressionUnary": { "allOf": [ { "$ref": "#/components/schemas/PermissionBooleanExpression" }, { "description": "A boolean permission expression.", "properties": { "node": { "$ref": "#/components/schemas/PermissionBooleanExpression", "description": "The operand of the unary boolean expression.", "x-order": 1 } }, "type": "object" } ] }, "PermissionContextExpression": { "allOf": [ { "$ref": "#/components/schemas/PermissionExpression" }, { "description": "A permission expression scoped to a specific context.", "type": "object" } ] }, "PermissionDescriptor": { "description": "Base type for permission descriptors.", "discriminator": { "mapping": { "PermissionDescriptorAllow": "#/components/schemas/PermissionDescriptorAllow", "PermissionDescriptorCompose": "#/components/schemas/PermissionDescriptorCompose", "PermissionDescriptorCondition": "#/components/schemas/PermissionDescriptorCondition", "PermissionDescriptorGroup": "#/components/schemas/PermissionDescriptorGroup", "PermissionDescriptorIfThenElse": "#/components/schemas/PermissionDescriptorIfThenElse", "PermissionDescriptorSelect": "#/components/schemas/PermissionDescriptorSelect" }, "propertyName": "__type" }, "properties": { "__type": { "type": "string" } }, "required": [ "__type" ], "type": "object" }, "PermissionDescriptorAllow": { "allOf": [ { "$ref": "#/components/schemas/PermissionDescriptor" }, { "description": "Base type for permission descriptors.", "properties": { "constraints": { "$ref": "#/components/schemas/RbacPermissionConstraints", "description": "Optional contextual constraints for the permissions", "x-order": 2 }, "permissions": { "description": "List of permissions to allow", "items": { "enum": [ "", "stack:list", "project:encrypt", "project:decrypt", "project_annotations:read", "project_annotations:update", "stack:read", "stack:write", "stack:import", "stack:export", "stack:encrypt", "stack:decrypt", "stack:create", "stack:rename", "stack:delete", "stack:cancel_update", "stack:transfer", "stack:list_deleted", "stack:restore_deleted", "stack_deployment:create", "stack_deployment:read", "stack_deployment_settings:write", "stack_deployment_settings:read", "stack_deployment_settings:encrypt", "stack_deployment_cache:read", "stack_webhook:read", "stack_webhook:create", "stack_webhook:update", "stack_webhook:delete", "stack_access:read", "stack_access:update", "stack_tags:update", "stack_annotations:read", "stack_annotations:update", "stack_schedule:create", "stack_schedule:update", "stack_schedule:read", "stack_schedule:delete", "stack_schedule:pause", "stack_schedule:resume", "organization:read_usage", "organization:update", "organization:rename", "organization:delete", "organization:change_backend", "organization:billing", "organization:potential", "organization:transfer_stacks", "saml:read", "saml:update", "audit_logs:read", "audit_logs:export", "scim:read", "scim:update", "scim:delete", "tags:read", "org_integrations:read", "org_integrations:update", "integrations:update", "integrations:read", "invites:read", "invites:create", "org_requests:read", "org_requests:update", "org_member_access:read", "org_member:read", "org_member:delete", "org_member:add", "org_member:update", "org_member:set_admin", "org_token:read", "org_token:create", "org_token:delete", "auth_policies:read", "auth_policies:update", "oidc_issuers:read", "oidc_issuers:update", "oidc_issuers:regenerate_thumbprints", "oidc_issuers:create", "oidc_issuers:delete", "agent_pool:read", "agent_pool:create", "agent_pool:update", "agent_pool:delete", "organization_webhook:read", "organization_webhook:create", "organization_webhook:update", "organization_webhook:delete", "resources:index", "resources:search", "resources:dashboard", "templates:read", "templates_source:read", "templates_source:update", "templates_source:delete", "templates_source:create", "services:create", "services:read", "services:write", "services:admin", "deployments:read", "deployments:pause", "deployments:resume", "deployments:read_usage", "organization_annotations:read", "organization_annotations:update", "policy_groups:create", "policy_groups:read", "policy_groups:update", "policy_groups:delete", "policy_pack:create", "policy_pack:read", "policy_pack:update", "policy_pack:delete", "policy_results:read", "environment:create", "environment:list", "environment:read", "environment:open", "environment:write", "environment:delete", "environment_settings:read", "environment_settings:update", "environment:clone", "environment:rotate", "environment:rotate_history", "environment:list_deleted", "environment:restore_deleted", "environment_yaml:open", "environment_schedule:create", "environment_schedule:read", "environment_schedule:update", "environment_schedule:pause", "environment_schedule:resume", "environment_schedule:delete", "environment_tags:list", "environment_tag:read", "environment_tag:create", "environment_tag:update", "environment_tag:delete", "environment_version:create", "environment_version:read", "environment_version:update", "environment_version:delete", "environment_version:retract", "environment_version:open", "environment_webhook:read", "environment_webhook:create", "environment_webhook:update", "environment_webhook:delete", "environment_access:read", "environment_access:update", "team:list", "team:read", "team:create", "team:update", "team:delete", "team:create_token", "team:list_tokens", "team:delete_token", "github_team:create", "insights_account:list", "insights_account:read", "insights_account:create", "insights_account:update", "insights_account:delete", "insights_account:update_policy_results", "insights_account_access:read", "insights_account_access:update", "insights_account:scan", "insights_account_scan:read", "insights_account_scan:update", "insights_account_scan:cancel", "insights_account_scan:pause", "insights_account_scan:resume", "insights_policy_queue:read", "insights_policy_evaluator:read", "insights_policy_evaluator:delete", "insights_policy_evaluator:ensure", "insights_policy_evaluator:update", "ai_conversations:list_all", "ai_conversations:read", "ai_conversations:create", "ai_conversations:update", "role:create", "role:read", "role:update", "role:delete", "change_gate:create", "change_gate:update", "change_gate:delete" ], "type": "string", "x-pulumi-model-property": { "enumTypeName": "RbacPermission", "enumComments": "RbacPermission enumerates the permissions available in the RBAC system.", "enumFieldNames": [ "NoPermission", "StackList", "ProjectEncrypt", "ProjectDecrypt", "ProjectAnnotationRead", "ProjectAnnotationUpdate", "StackRead", "StackWrite", "StackImport", "StackExport", "StackEncrypt", "StackDecrypt", "StackCreate", "StackRename", "StackDelete", "StackCancelUpdate", "StackTransfer", "StackListDeleted", "StackRestoreDeleted", "StackDeploymentCreate", "StackDeploymentRead", "StackDeploymentSettingsWrite", "StackDeploymentSettingsRead", "StackDeploymentSettingsEncrypt", "StackDeploymentCacheRead", "StackWebhookRead", "StackWebhookCreate", "StackWebhookUpdate", "StackWebhookDelete", "StackAccessRead", "StackAccessUpdate", "StackTagsUpdate", "StackAnnotationRead", "StackAnnotationUpdate", "StackScheduleCreate", "StackScheduleUpdate", "StackScheduleRead", "StackScheduleDelete", "StackSchedulePause", "StackScheduleResume", "OrganizationReadUsage", "OrganizationUpdate", "OrganizationRename", "OrganizationDelete", "OrganizationChangeBackend", "OrganizationBilling", "OrganizationPotential", "OrganizationTransferStacks", "SAMLRead", "SAMLUpdate", "AuditLogsRead", "AuditLogsExport", "SCIMRead", "SCIMUpdate", "SCIMDelete", "TagsRead", "OrgIntegrationsRead", "OrgIntegrationsUpdate", "IntegrationsUpdate", "IntegrationsRead", "InvitesRead", "InvitesCreate", "OrgRequestsRead", "OrgRequestsUpdate", "OrgMemberAccessRead", "OrgMemberRead", "OrgMemberDelete", "OrgMemberAdd", "OrgMemberUpdate", "OrgMemberSetAdmin", "OrgTokenRead", "OrgTokenCreate", "OrgTokenDelete", "AuthPoliciesRead", "AuthPoliciesUpdate", "OidcIssuersRead", "OidcIssuersUpdate", "OidcIssuersRegenerateThumbprints", "OidcIssuersCreate", "OidcIssuersDelete", "AgentPoolRead", "AgentPoolCreate", "AgentPoolUpdate", "AgentPoolDelete", "OrganizationWebhookRead", "OrganizationWebhookCreate", "OrganizationWebhookUpdate", "OrganizationWebhookDelete", "ResourcesIndex", "ResourcesSearch", "ResourcesDashboard", "TemplatesRead", "TemplatesSourceRead", "TemplatesSourceUpdate", "TemplatesSourceDelete", "TemplatesSourceCreate", "ServicesCreate", "ServicesRead", "ServicesWrite", "ServicesAdmin", "DeploymentsRead", "DeploymentsPause", "DeploymentsResume", "DeploymentsReadUsage", "OrganizationAnnotationsRead", "OrganizationAnnotationsUpdate", "InsightsPolicyGroupsCreate", "InsightsPolicyGroupsRead", "InsightsPolicyGroupsUpdate", "InsightsPolicyGroupsDelete", "InsightsPolicyPackCreate", "InsightsPolicyPackRead", "InsightsPolicyPackUpdate", "InsightsPolicyPackDelete", "InsightsPolicyResultsRead", "EnvironmentCreate", "EnvironmentList", "EnvironmentRead", "EnvironmentOpen", "EnvironmentWrite", "EnvironmentDelete", "EnvironmentSettingsRead", "EnvironmentSettingsUpdate", "EnvironmentClone", "EnvironmentRotate", "EnvironmentRotateHistory", "EnvironmentListDeleted", "EnvironmentRestoreDeleted", "EnvironmentYamlOpen", "EnvironmentScheduleCreate", "EnvironmentScheduleRead", "EnvironmentScheduleUpdate", "EnvironmentSchedulePause", "EnvironmentScheduleResume", "EnvironmentScheduleDelete", "EnvironmentTagsList", "EnvironmentTagRead", "EnvironmentTagCreate", "EnvironmentTagUpdate", "EnvironmentTagDelete", "EnvironmentVersionCreate", "EnvironmentVersionRead", "EnvironmentVersionUpdate", "EnvironmentVersionDelete", "EnvironmentVersionRetract", "EnvironmentVersionOpen", "EnvironmentWebhookRead", "EnvironmentWebhookCreate", "EnvironmentWebhookUpdate", "EnvironmentWebhookDelete", "EnvironmentAccessRead", "EnvironmentAccessUpdate", "TeamList", "TeamRead", "TeamCreate", "TeamUpdate", "TeamDelete", "TeamCreateToken", "TeamListTokens", "TeamDeleteToken", "GithubTeamCreate", "InsightsAccountList", "InsightsAccountRead", "InsightsAccountCreate", "InsightsAccountUpdate", "InsightsAccountDelete", "InsightsAccountUpdatePolicyResults", "InsightsAccountAccessRead", "InsightsAccountAccessUpdate", "InsightsAccountScan", "InsightsAccountScanRead", "InsightsAccountScanUpdate", "InsightsAccountScanCancel", "InsightsAccountScanPause", "InsightsAccountScanResume", "InsightsPolicyQueueRead", "InsightsPolicyEvaluatorRead", "InsightsPolicyEvaluatorDelete", "InsightsPolicyEvaluatorEnsure", "InsightsPolicyEvaluatorUpdate", "AIConversationsListAll", "AIConversationsRead", "AIConversationsCreate", "AIConversationsUpdate", "RoleCreate", "RoleRead", "RoleUpdate", "RoleDelete", "ChangeGateCreate", "ChangeGateUpdate", "ChangeGateDelete" ], "enumFieldComments": [ "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "OrganizationTransferStacks differs from Stack Transfer as it enables transferring all stacks within the organization, rather than being tied to an individual stack.", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "" ] } }, "type": "array", "x-order": 1 } }, "type": "object" } ] }, "PermissionDescriptorBase": { "description": "PermissionDescriptorBase defines the base fields for a permission descriptor.", "properties": { "description": { "description": "A human-readable description of the permission descriptor.", "type": "string", "x-order": 2 }, "details": { "$ref": "#/components/schemas/PermissionDescriptor", "description": "The detailed permission descriptor tree.", "x-order": 5 }, "name": { "description": "The name of the permission descriptor.", "type": "string", "x-order": 1 }, "resourceType": { "description": "The resource type this permission descriptor applies to.", "type": "string", "x-order": 3 }, "uxPurpose": { "description": "The UX purpose of this permission descriptor (e.g. role, policy, set).", "enum": [ "role", "role_private", "role_temporary", "policy", "set" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "PermissionDescriptorUXPurpose", "enumComments": "Categorizes how a permission descriptor is presented in the UI. Valid values: role, role_private, policy, set.", "enumFieldNames": [ "Role", "RolePrivate", "RoleTemporary", "Policy", "Set" ] } } }, "type": "object" }, "PermissionDescriptorCompose": { "allOf": [ { "$ref": "#/components/schemas/PermissionDescriptor" }, { "description": "Base type for permission descriptors.", "properties": { "permissionDescriptors": { "description": "References to other descriptors to include in the tree", "items": { "type": "string" }, "type": "array", "x-order": 1 } }, "type": "object" } ] }, "PermissionDescriptorCondition": { "allOf": [ { "$ref": "#/components/schemas/PermissionDescriptor" }, { "description": "Base type for permission descriptors.", "properties": { "condition": { "$ref": "#/components/schemas/PermissionBooleanExpression", "description": "The boolean condition to evaluate.", "x-order": 1 }, "subNode": { "$ref": "#/components/schemas/PermissionDescriptor", "description": "The permission descriptor to apply when the condition is true.", "x-order": 2 } }, "type": "object" } ] }, "PermissionDescriptorGroup": { "allOf": [ { "$ref": "#/components/schemas/PermissionDescriptor" }, { "description": "Base type for permission descriptors.", "properties": { "entries": { "description": "The list of permission descriptor entries in this group.", "items": { "$ref": "#/components/schemas/PermissionDescriptor" }, "type": "array", "x-order": 1 } }, "type": "object" } ] }, "PermissionDescriptorIfThenElse": { "allOf": [ { "$ref": "#/components/schemas/PermissionDescriptor" }, { "description": "Base type for permission descriptors.", "properties": { "condition": { "$ref": "#/components/schemas/PermissionBooleanExpression", "description": "The boolean condition to evaluate.", "x-order": 1 }, "subNodeForFalse": { "$ref": "#/components/schemas/PermissionDescriptor", "description": "The permission descriptor to apply when the condition is false.", "x-order": 3 }, "subNodeForTrue": { "$ref": "#/components/schemas/PermissionDescriptor", "description": "The permission descriptor to apply when the condition is true.", "x-order": 2 } }, "type": "object" } ] }, "PermissionDescriptorRecord": { "allOf": [ { "$ref": "#/components/schemas/PermissionDescriptorBase" }, { "description": "PermissionDescriptorRecord is a persisted permission descriptor with identity and versioning information.", "properties": { "created": { "description": "When the role was created.", "format": "date-time", "type": "string", "x-order": 1 }, "defaultIdentifier": { "description": "The identifier for default roles. Empty for custom roles.", "type": "string", "x-order": 5 }, "id": { "description": "The unique identifier for this role.", "type": "string", "x-order": 3 }, "isOrgDefault": { "description": "Whether this role is the organization default.", "type": "boolean", "x-order": 7 }, "modified": { "description": "When the role was last modified.", "format": "date-time", "type": "string", "x-order": 2 }, "orgId": { "description": "The ID of the organization this role belongs to.", "type": "string", "x-order": 4 }, "version": { "description": "The version of this role.", "format": "int32", "type": "integer", "x-order": 6 } }, "required": [ "created", "id", "isOrgDefault", "modified", "orgId", "version" ], "type": "object" } ] }, "PermissionDescriptorSelect": { "allOf": [ { "$ref": "#/components/schemas/PermissionDescriptor" }, { "description": "Base type for permission descriptors.", "properties": { "options": { "description": "The available options to select from based on the selector expression.", "items": { "$ref": "#/components/schemas/PermissionSelectvalue" }, "type": "array", "x-order": 2 }, "selector": { "$ref": "#/components/schemas/PermissionExpression", "description": "The expression used to select which option to apply.", "x-order": 1 } }, "type": "object" } ] }, "PermissionExpression": { "description": "Base type for permission expressions.", "discriminator": { "mapping": { "PermissionExpressionAnd": "#/components/schemas/PermissionExpressionAnd", "PermissionExpressionEnvironment": "#/components/schemas/PermissionExpressionEnvironment", "PermissionExpressionEqual": "#/components/schemas/PermissionExpressionEqual", "PermissionExpressionHasTag": "#/components/schemas/PermissionExpressionHasTag", "PermissionExpressionInsightsAccount": "#/components/schemas/PermissionExpressionInsightsAccount", "PermissionExpressionNot": "#/components/schemas/PermissionExpressionNot", "PermissionExpressionOr": "#/components/schemas/PermissionExpressionOr", "PermissionExpressionStack": "#/components/schemas/PermissionExpressionStack", "PermissionExpressionTag": "#/components/schemas/PermissionExpressionTag", "PermissionExpressionTeam": "#/components/schemas/PermissionExpressionTeam", "PermissionLiteralExpressionBool": "#/components/schemas/PermissionLiteralExpressionBool", "PermissionLiteralExpressionEnvironment": "#/components/schemas/PermissionLiteralExpressionEnvironment", "PermissionLiteralExpressionInsightsAccount": "#/components/schemas/PermissionLiteralExpressionInsightsAccount", "PermissionLiteralExpressionNumber": "#/components/schemas/PermissionLiteralExpressionNumber", "PermissionLiteralExpressionStack": "#/components/schemas/PermissionLiteralExpressionStack", "PermissionLiteralExpressionString": "#/components/schemas/PermissionLiteralExpressionString", "PermissionLiteralExpressionTeam": "#/components/schemas/PermissionLiteralExpressionTeam" }, "propertyName": "__type" }, "properties": { "__type": { "type": "string" } }, "required": [ "__type" ], "type": "object" }, "PermissionExpressionAnd": { "allOf": [ { "$ref": "#/components/schemas/PermissionBooleanExpressionBinary" }, { "description": "A logical AND permission expression.", "type": "object" } ] }, "PermissionExpressionEnvironment": { "allOf": [ { "$ref": "#/components/schemas/PermissionContextExpression" }, { "description": "A permission expression scoped to an environment.", "type": "object" } ] }, "PermissionExpressionEqual": { "allOf": [ { "$ref": "#/components/schemas/PermissionBooleanExpression" }, { "description": "A boolean permission expression.", "properties": { "left": { "$ref": "#/components/schemas/PermissionExpression", "description": "The left operand of the equality comparison.", "x-order": 1 }, "right": { "$ref": "#/components/schemas/PermissionExpression", "description": "The right operand of the equality comparison.", "x-order": 2 } }, "type": "object" } ] }, "PermissionExpressionHasTag": { "allOf": [ { "$ref": "#/components/schemas/PermissionBooleanExpressionUnary" }, { "description": "A boolean permission expression.", "properties": { "context": { "$ref": "#/components/schemas/PermissionContextExpression", "description": "The context expression to check for the tag.", "x-order": 1 }, "key": { "description": "The tag key to check for.", "type": "string", "x-order": 2 } }, "type": "object" } ] }, "PermissionExpressionInsightsAccount": { "allOf": [ { "$ref": "#/components/schemas/PermissionContextExpression" }, { "description": "A permission expression scoped to an Insights account.", "type": "object" } ] }, "PermissionExpressionNot": { "allOf": [ { "$ref": "#/components/schemas/PermissionBooleanExpressionUnary" }, { "description": "A logical NOT permission expression.", "type": "object" } ] }, "PermissionExpressionOr": { "allOf": [ { "$ref": "#/components/schemas/PermissionBooleanExpressionBinary" }, { "description": "A logical OR permission expression.", "type": "object" } ] }, "PermissionExpressionStack": { "allOf": [ { "$ref": "#/components/schemas/PermissionContextExpression" }, { "description": "A permission expression scoped to a stack.", "type": "object" } ] }, "PermissionExpressionTag": { "allOf": [ { "$ref": "#/components/schemas/PermissionExpression" }, { "description": "Base type for permission expressions.", "properties": { "context": { "$ref": "#/components/schemas/PermissionContextExpression", "description": "The context expression identifying the resource to look up the tag on.", "x-order": 1 }, "key": { "description": "The tag key to retrieve.", "type": "string", "x-order": 2 } }, "type": "object" } ] }, "PermissionExpressionTeam": { "allOf": [ { "$ref": "#/components/schemas/PermissionContextExpression" }, { "description": "A permission expression scoped to a team.", "type": "object" } ] }, "PermissionLiteralExpression": { "allOf": [ { "$ref": "#/components/schemas/PermissionExpression" }, { "description": "A literal value permission expression.", "type": "object" } ] }, "PermissionLiteralExpressionBool": { "allOf": [ { "$ref": "#/components/schemas/PermissionLiteralExpression" }, { "description": "A literal value permission expression.", "properties": { "value": { "description": "The boolean literal value.", "type": "boolean", "x-order": 1 } }, "type": "object" } ] }, "PermissionLiteralExpressionEnvironment": { "allOf": [ { "$ref": "#/components/schemas/PermissionLiteralExpression" }, { "description": "A literal value permission expression.", "properties": { "identity": { "description": "The identity of the environment.", "type": "string", "x-order": 1 } }, "type": "object" } ] }, "PermissionLiteralExpressionInsightsAccount": { "allOf": [ { "$ref": "#/components/schemas/PermissionLiteralExpression" }, { "description": "A literal value permission expression.", "properties": { "identity": { "description": "The identity of the Insights account.", "type": "string", "x-order": 1 } }, "type": "object" } ] }, "PermissionLiteralExpressionNumber": { "allOf": [ { "$ref": "#/components/schemas/PermissionLiteralExpression" }, { "description": "A literal value permission expression.", "properties": { "value": { "description": "The numeric literal value.", "format": "double", "type": "number", "x-order": 1 } }, "type": "object" } ] }, "PermissionLiteralExpressionStack": { "allOf": [ { "$ref": "#/components/schemas/PermissionLiteralExpression" }, { "description": "A literal value permission expression.", "properties": { "identity": { "description": "The identity of the stack.", "type": "string", "x-order": 1 } }, "type": "object" } ] }, "PermissionLiteralExpressionString": { "allOf": [ { "$ref": "#/components/schemas/PermissionLiteralExpression" }, { "description": "A literal value permission expression.", "properties": { "value": { "description": "The string literal value.", "type": "string", "x-order": 1 } }, "type": "object" } ] }, "PermissionLiteralExpressionTeam": { "allOf": [ { "$ref": "#/components/schemas/PermissionLiteralExpression" }, { "description": "A literal value permission expression.", "properties": { "identity": { "description": "The identity of the team.", "type": "string", "x-order": 1 } }, "type": "object" } ] }, "PermissionSelectvalue": { "description": "PermissionSelectvalue pairs a value expression with its corresponding permission descriptor node.", "properties": { "node": { "$ref": "#/components/schemas/PermissionDescriptor", "description": "The permission descriptor to apply when this value matches.", "x-order": 2 }, "value": { "$ref": "#/components/schemas/PermissionExpression", "description": "The value expression to match against the selector.", "x-order": 1 } }, "type": "object" }, "PkixAttributeTypeAndValue": { "description": "PkixAttributeTypeAndValue represents an ASN.1 attribute type and value pair.", "properties": { "Type": { "description": "The ASN.1 object identifier of the attribute type.", "type": "string", "x-order": 1 }, "Value": { "description": "The value of the attribute.", "type": "object", "x-order": 2 } }, "required": [ "Type", "Value" ], "type": "object" }, "PkixExtension": { "description": "PkixExtension represents an X.509 certificate extension.", "properties": { "Critical": { "description": "Whether this extension is critical.", "type": "boolean", "x-order": 2 }, "Id": { "description": "The ASN.1 object identifier of the extension.", "type": "string", "x-order": 1 }, "Value": { "description": "The raw extension value.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 3 } }, "required": [ "Critical", "Id", "Value" ], "type": "object" }, "PkixName": { "description": "PkixName represents an X.509 distinguished name (DN).", "properties": { "CommonName": { "description": "The common name (CN) of the distinguished name.", "type": "string", "x-order": 9 }, "Country": { "description": "The country names in the distinguished name.", "items": { "type": "string" }, "type": "array", "x-order": 1 }, "ExtraNames": { "description": "Additional attribute type and value pairs to include in the distinguished name.", "items": { "$ref": "#/components/schemas/PkixAttributeTypeAndValue" }, "type": "array", "x-order": 11 }, "Locality": { "description": "The locality (city) names in the distinguished name.", "items": { "type": "string" }, "type": "array", "x-order": 4 }, "Names": { "description": "The parsed attribute type and value pairs of the distinguished name.", "items": { "$ref": "#/components/schemas/PkixAttributeTypeAndValue" }, "type": "array", "x-order": 10 }, "Organization": { "description": "The organization names in the distinguished name.", "items": { "type": "string" }, "type": "array", "x-order": 2 }, "OrganizationalUnit": { "description": "The organizational unit names in the distinguished name.", "items": { "type": "string" }, "type": "array", "x-order": 3 }, "PostalCode": { "description": "The postal codes in the distinguished name.", "items": { "type": "string" }, "type": "array", "x-order": 7 }, "Province": { "description": "The state or province names in the distinguished name.", "items": { "type": "string" }, "type": "array", "x-order": 5 }, "SerialNumber": { "description": "The serial number of the distinguished name.", "type": "string", "x-order": 8 }, "StreetAddress": { "description": "The street addresses in the distinguished name.", "items": { "type": "string" }, "type": "array", "x-order": 6 } }, "required": [ "CommonName", "Country", "ExtraNames", "Locality", "Names", "Organization", "OrganizationalUnit", "PostalCode", "Province", "SerialNumber", "StreetAddress" ], "type": "object" }, "PolicyComplianceResult": { "description": "Policy compliance result row for an entity", "properties": { "entityName": { "description": "Entity name (stack name or account name)", "type": "string", "x-order": 1 }, "scores": { "description": "Array of compliance scores correlating to columns array. -1 indicates N/A", "items": { "format": "int64", "type": "integer" }, "type": "array", "x-order": 2 } }, "required": [ "entityName", "scores" ], "type": "object" }, "PolicyComplianceRow": { "description": "PolicyComplianceRow represents a single row in a policy compliance report.", "properties": { "failingResources": { "description": "Number of resources failing this policy", "format": "int64", "type": "integer", "x-order": 3 }, "governedResources": { "description": "Total number of resources governed by this policy", "format": "int64", "type": "integer", "x-order": 4 }, "percentCompliant": { "description": "Percentage of resources that are compliant (0-100)", "format": "int64", "type": "integer", "x-order": 5 }, "policyGroupName": { "description": "The policy group this policy belongs to", "type": "string", "x-order": 7 }, "policyGroupType": { "description": "The type of the policy group this policy belongs to", "enum": [ "audit", "preventative" ], "type": "string", "x-order": 8, "x-pulumi-model-property": { "enumTypeName": "PolicyGroupMode", "enumComments": "PolicyGroupMode represents the enforcement mode for a policy group" } }, "policyName": { "description": "The name of the policy", "type": "string", "x-order": 1 }, "policyPack": { "description": "The policy pack this policy belongs to", "type": "string", "x-order": 6 }, "severity": { "description": "The severity level of the policy", "enum": [ "", "low", "medium", "high", "critical" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "AppPolicySeverity", "enumComments": "Indicates the severity of a policy.", "enumFieldNames": [ "Unspecified", "Low", "Medium", "High", "Critical" ] } } }, "required": [ "failingResources", "governedResources", "percentCompliant", "policyGroupName", "policyGroupType", "policyName", "policyPack", "severity" ], "type": "object" }, "PolicyGroup": { "description": "PolicyGroup details the name, applicable entities and the applied PolicyPacks.", "properties": { "accounts": { "description": "List of Insights account names that are members of this policy group.", "items": { "type": "string" }, "type": "array", "x-order": 7 }, "agentPoolId": { "description": "Agent pool ID for audit policy evaluation. Defaults to Pulumi hosted pool if not specified.", "type": "string", "x-order": 8 }, "appliedPolicyPacks": { "description": "List of policy packs that are applied to this policy group.", "items": { "$ref": "#/components/schemas/AppPolicyPackMetadata" }, "type": "array", "x-order": 6 }, "entityType": { "description": "The type of entities this policy group applies to (stacks or accounts).", "enum": [ "stacks", "accounts" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "PolicyGroupEntityType", "enumComments": "PolicyGroupEntityType represents the type of entities a policy group applies to" } }, "isOrgDefault": { "description": "True if this is either the default stacks or default accounts policy group for the organization.", "type": "boolean", "x-order": 2 }, "mode": { "description": "The enforcement mode for the policy group (audit or preventative).", "enum": [ "audit", "preventative" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "PolicyGroupMode", "enumComments": "PolicyGroupMode represents the enforcement mode for a policy group" } }, "name": { "description": "The name of the policy group.", "type": "string", "x-order": 1 }, "stacks": { "description": "List of stacks that are members of this policy group.", "items": { "$ref": "#/components/schemas/AppPulumiStackReference" }, "type": "array", "x-order": 5 } }, "required": [ "accounts", "appliedPolicyPacks", "entityType", "isOrgDefault", "mode", "name", "stacks" ], "type": "object" }, "PolicyGroupMetadata": { "description": "PolicyGroupMetadata returns policy protection metrics for an organization.", "properties": { "AuditStackResources": { "description": "Number of resources in stacks in audit policy groups", "format": "int32", "type": "integer", "x-order": 6 }, "AuditStacks": { "description": "Number of stacks in audit policy groups", "format": "int32", "type": "integer", "x-order": 5 }, "PreventativeStackResources": { "description": "Number of resources in stacks in preventative policy groups", "format": "int32", "type": "integer", "x-order": 4 }, "PreventativeStacks": { "description": "Number of stacks in preventative policy groups", "format": "int32", "type": "integer", "x-order": 3 }, "ProtectedAccountResources": { "description": "Number of resources in accounts in policy groups", "format": "int32", "type": "integer", "x-order": 10 }, "ProtectedAccounts": { "description": "Number of accounts in policy groups", "format": "int32", "type": "integer", "x-order": 9 }, "ProtectedStackResources": { "description": "Number of resources in unique stacks in any policy group (preventative or audit). Deprecated: Use PreventativeStackResources and AuditStackResources for breakdown by mode", "format": "int32", "type": "integer", "x-order": 2 }, "ProtectedStacks": { "description": "Number of unique stacks in any policy group (preventative or audit). Deprecated: Use PreventativeStacks and AuditStacks for breakdown by mode", "format": "int32", "type": "integer", "x-order": 1 }, "TotalAccountResources": { "description": "Total number of resources in all accounts", "format": "int32", "type": "integer", "x-order": 12 }, "TotalAccounts": { "description": "Total number of accounts in the organization", "format": "int32", "type": "integer", "x-order": 11 }, "TotalStackResources": { "description": "Total number of resources in all stacks", "format": "int32", "type": "integer", "x-order": 8 }, "TotalStacks": { "description": "Total number of stacks in the organization", "format": "int32", "type": "integer", "x-order": 7 } }, "required": [ "AuditStackResources", "AuditStacks", "PreventativeStackResources", "PreventativeStacks", "ProtectedAccountResources", "ProtectedAccounts", "ProtectedStackResources", "ProtectedStacks", "TotalAccountResources", "TotalAccounts", "TotalStackResources", "TotalStacks" ], "type": "object" }, "PolicyIssue": { "description": "PolicyIssue represents a policy violation or issue detected during policy evaluation.", "properties": { "assignedTo": { "$ref": "#/components/schemas/UserInfo", "description": "The user the policy issue is assigned to.", "x-order": 22 }, "entityId": { "description": "The identifier of the entity this issue applies to.", "type": "string", "x-order": 4 }, "entityProject": { "description": "The project name (for stack entities) or parent Insights account name (for resource entities).", "type": "string", "x-order": 3 }, "entityType": { "description": "The type of entity this issue applies to.", "enum": [ "stack", "insights-account" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "IssueEntityType", "enumComments": "The type of entity associated with a policy issue. Valid values: 'stack', 'insights-account'.", "enumFieldNames": [ "Stack", "InsightsAccount" ] } }, "id": { "description": "The unique identifier of the policy issue.", "type": "string", "x-order": 1 }, "kind": { "description": "The kind of policy issue (audit or preventative).", "enum": [ "audit", "preventative" ], "type": "string", "x-order": 20, "x-pulumi-model-property": { "enumTypeName": "PolicyIssueKind", "enumComments": "Whether a policy issue is audit-only or preventative. Audit issues are informational; preventative issues block operations." } }, "lastModified": { "description": "The timestamp when the issue was last modified.", "format": "date-time", "type": "string", "x-order": 16 }, "level": { "description": "The enforcement level of the policy (e.g. advisory, mandatory, disabled).", "type": "string", "x-order": 17 }, "message": { "description": "A human-readable message describing the policy violation.", "type": "string", "x-order": 14 }, "observedAt": { "description": "The timestamp when the issue was first observed.", "format": "date-time", "type": "string", "x-order": 15 }, "policyGroupName": { "description": "The name of the policy group this issue belongs to.", "type": "string", "x-order": 23 }, "policyGroupType": { "description": "The type of the policy group this issue belongs to.", "enum": [ "audit", "preventative" ], "type": "string", "x-order": 24, "x-pulumi-model-property": { "enumTypeName": "PolicyGroupMode", "enumComments": "PolicyGroupMode represents the enforcement mode for a policy group" } }, "policyName": { "description": "The name of the policy that was violated.", "type": "string", "x-order": 9 }, "policyPack": { "description": "The name of the policy pack that produced this issue.", "type": "string", "x-order": 7 }, "policyPackTag": { "description": "The tag of the policy pack version that produced this issue.", "type": "string", "x-order": 8 }, "priority": { "description": "The priority level of the policy issue.", "enum": [ "p0", "p1", "p2", "p3", "p4" ], "type": "string", "x-order": 21, "x-pulumi-model-property": { "enumTypeName": "PolicyIssuePriority", "enumComments": "Priority level of a policy issue, from P0 (most critical) to P4 (least critical)." } }, "resourceName": { "description": "The name of the resource that violated the policy.", "type": "string", "x-order": 13 }, "resourceProvider": { "description": "The provider of the resource that violated the policy.", "type": "string", "x-order": 11 }, "resourceType": { "description": "The type of the resource that violated the policy.", "type": "string", "x-order": 12 }, "resourceURN": { "description": "The URN of the resource that violated the policy.", "type": "string", "x-order": 10 }, "resourceVersion": { "description": "The resource version where the issue was detected.", "format": "int64", "type": "integer", "x-order": 6 }, "severity": { "description": "The severity of the policy violation.", "enum": [ "", "low", "medium", "high", "critical" ], "type": "string", "x-order": 18, "x-pulumi-model-property": { "enumTypeName": "AppPolicySeverity", "enumComments": "Indicates the severity of a policy.", "enumFieldNames": [ "Unspecified", "Low", "Medium", "High", "Critical" ] } }, "stackVersion": { "description": "The stack version where the issue was detected.", "format": "int64", "type": "integer", "x-order": 5 }, "status": { "description": "The current status of the policy issue.", "enum": [ "open", "in_progress", "by_design", "fixed", "ignored" ], "type": "string", "x-order": 19, "x-pulumi-model-property": { "enumTypeName": "PolicyIssueStatus", "enumComments": "Lifecycle status of a policy issue. Valid values: open, in_progress, by_design, fixed, ignored. Note: fixed is a read-only status set automatically when an issue is resolved; it cannot be manually set via the API.", "enumFieldNames": [ "Open", "InProgress", "ByDesign", "Fixed", "Ignored" ] } } }, "required": [ "entityId", "entityProject", "entityType", "id", "kind", "level", "observedAt", "policyName", "policyPack", "policyPackTag", "priority", "resourceName", "resourceProvider", "resourceType", "resourceURN", "severity", "status" ], "type": "object" }, "PolicyIssueFilterValue": { "description": "PolicyIssueFilterValue represents a filter option with its count of matching policy issues.", "properties": { "count": { "description": "The count of policy issues matching this filter value.", "format": "int64", "type": "integer", "x-order": 2 }, "name": { "description": "The name of the filter value.", "type": "string", "x-order": 1 } }, "required": [ "count", "name" ], "type": "object" }, "PolicyIssueFiltersRequest": { "description": "PolicyIssueFiltersRequest is a request to retrieve available filter values for policy issues.", "properties": { "field": { "description": "Field name", "type": "string", "x-order": 2 }, "filterModel": { "$ref": "#/components/schemas/AngularGridAdvancedFilterModel", "description": "Optional filter model to apply when getting available filter values. Same format as used in policy issues list.", "x-order": 1 } }, "required": [ "field" ], "type": "object" }, "PolicyIssueFiltersResponse": { "description": "PolicyIssueFiltersResponse contains the available filter values for a given field in policy issues.", "properties": { "field": { "description": "The field name for which filter values are provided.", "type": "string", "x-order": 1 }, "values": { "description": "The available filter values for the field.", "items": { "$ref": "#/components/schemas/PolicyIssueFilterValue" }, "type": "array", "x-order": 2 } }, "required": [ "field", "values" ], "type": "object" }, "PolicyResultsMetadata": { "description": "PolicyResultsMetadata returns high level policy compliance statistics for an organization.", "properties": { "policyTotalCount": { "description": "Total number of policies", "format": "int64", "type": "integer", "x-order": 1 }, "policyWithIssuesCount": { "description": "Number of policies with issues", "format": "int64", "type": "integer", "x-order": 2 }, "resourcesTotalCount": { "description": "Total number of resources covered by policies", "format": "int64", "type": "integer", "x-order": 3 }, "resourcesWithIssuesCount": { "description": "Number of resources with issues", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "policyTotalCount", "policyWithIssuesCount", "resourcesTotalCount", "resourcesWithIssuesCount" ], "type": "object" }, "PolicyViolationV2": { "description": "PolicyViolationV2 represents a policy violation detected during an update or resource scan.", "properties": { "accountName": { "description": "The Insights account name associated with the violation, for resource-scoped violations.", "type": "string", "x-order": 5 }, "id": { "description": "The unique identifier of the policy violation.", "type": "string", "x-order": 1 }, "kind": { "description": "The kind of policy violation (audit or preventative).", "enum": [ "audit", "preventative" ], "type": "string", "x-order": 16, "x-pulumi-model-property": { "enumTypeName": "PolicyIssueKind", "enumComments": "Whether a policy issue is audit-only or preventative. Audit issues are informational; preventative issues block operations." } }, "level": { "description": "The enforcement level of the violated policy (e.g. advisory, mandatory, disabled).", "type": "string", "x-order": 15 }, "message": { "description": "A human-readable message describing the policy violation.", "type": "string", "x-order": 13 }, "observedAt": { "description": "The timestamp when the violation was observed.", "format": "date-time", "type": "string", "x-order": 14 }, "policyName": { "description": "The name of the policy that was violated.", "type": "string", "x-order": 9 }, "policyPack": { "description": "The name of the policy pack that produced this violation.", "type": "string", "x-order": 7 }, "policyPackTag": { "description": "The tag of the policy pack version that produced this violation.", "type": "string", "x-order": 8 }, "projectName": { "description": "The name of the project containing the violating resource.", "type": "string", "x-order": 2 }, "resourceName": { "description": "The name of the resource that violated the policy.", "type": "string", "x-order": 12 }, "resourceType": { "description": "The type of the resource that violated the policy.", "type": "string", "x-order": 11 }, "resourceURN": { "description": "The URN of the resource that violated the policy.", "type": "string", "x-order": 10 }, "resourceVersion": { "description": "The resource version where the violation was detected.", "format": "int64", "type": "integer", "x-order": 6 }, "stackName": { "description": "The name of the stack containing the violating resource.", "type": "string", "x-order": 3 }, "stackVersion": { "description": "The stack version where the violation was detected.", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "id", "kind", "level", "message", "observedAt", "policyName", "policyPack", "policyPackTag", "projectName", "resourceName", "resourceType", "resourceURN" ], "type": "object" }, "ProviderSchema": { "description": "ProviderSchema describes the input and output schemas for a provider.", "properties": { "description": { "description": "A description of the provider.", "type": "string", "x-order": 2 }, "inputs": { "$ref": "#/components/schemas/EscSchemaSchema", "description": "The input schema for the provider.", "x-order": 3 }, "name": { "description": "The name of the provider.", "type": "string", "x-order": 1 }, "outputs": { "$ref": "#/components/schemas/EscSchemaSchema", "description": "The output schema for the provider.", "x-order": 4 } }, "required": [ "description", "inputs", "name", "outputs" ], "type": "object" }, "PublishPackageVersionCompleteRequest": { "description": "PublishPackageVersionCompleteRequest is a request to mark a package version publish operation as complete.", "properties": { "operationID": { "description": "The identifier of the publish operation to complete.", "type": "string", "x-order": 1 } }, "required": [ "operationID" ], "type": "object" }, "PublishPackageVersionCompleteResponse": { "description": "PublishPackageVersionCompleteResponse is the response after completing a package version publish operation.", "type": "object" }, "PublishTemplateVersionCompleteRequest": { "description": "PublishTemplateVersionCompleteRequest is a request to mark a template version publish operation as complete.", "properties": { "operationID": { "description": "The identifier of the publish operation to complete.", "type": "string", "x-order": 1 } }, "required": [ "operationID" ], "type": "object" }, "PublishTemplateVersionCompleteResponse": { "description": "PublishTemplateVersionCompleteResponse is the response after completing a template version publish operation.", "type": "object" }, "PulumiGitHubOrganization": { "description": "PulumiGitHubOrganization is a union of a GitHub organization with any Pulumi-specific data.", "properties": { "knownToPulumi": { "description": "KnownToPulumi is true if there is a Pulumi organization backed by the GitHub organization.", "type": "boolean", "x-order": 3 }, "organization": { "$ref": "#/components/schemas/UserInfo", "description": "Organization data from GitHub.", "x-order": 1 }, "vcsKind": { "description": "The identity provider associated with this GitHub organization.", "enum": [ "dev.azure.com", "bitbucket.org", "github.com", "gitlab.com", "google.com", "Pulumi", "SAML" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "IdentityProvider", "enumComments": "IdentityProvider describes an identity system used by the Pulumi Service. It generally maps 1:1\nto OrganizationKind, but we intentionally keep this separate (and with different values!) for\ncompatibility with older code that passes these values between the Node backend, Angular, and\nour API backend.", "enumFieldNames": [ "AzureDevOps", "Bitbucket", "GitHub", "GitLab", "Google", "Pulumi", "SAML" ] } } }, "required": [ "knownToPulumi", "organization", "vcsKind" ], "type": "object" }, "PulumiProject": { "description": "PulumiProject describes a grouping of Pulumi stacks. It is based on Pulumi.yaml,\nbut is specific to the Pulumi Service.", "properties": { "description": { "description": "The project description from Pulumi.yaml.", "type": "string", "x-order": 6 }, "name": { "description": "The name of the project.", "type": "string", "x-order": 3 }, "orgName": { "description": "The name of the organization that owns this project.", "type": "string", "x-order": 1 }, "repoName": { "description": "The repository name this project belongs to.", "type": "string", "x-order": 2 }, "runtime": { "description": "Optional tags from Pulumi.yaml.", "type": "string", "x-order": 5 }, "settings": { "$ref": "#/components/schemas/PulumiProjectSettings", "description": "Optional project-level settings.", "x-order": 4 }, "stacks": { "description": "The stacks belonging to this project.", "items": { "$ref": "#/components/schemas/PulumiStack" }, "type": "array", "x-order": 7 } }, "required": [ "name", "orgName", "repoName", "stacks" ], "type": "object" }, "PulumiProjectSettings": { "description": "PulumiProjectSettings contains the settings for a Pulumi project, including source and destination paths.", "properties": { "addStacksDisabledReason": { "description": "An optional reason for disabling new stacks.\nIf `CanAddStacks` is false there may be additional context provided\nvia this field such that the user can determine why they cannot add\nnew stacks. For example, the organization has hit their max stack quota\nor the project's source and/or destination no longer exist.", "type": "string", "x-order": 4 }, "canAddStacks": { "description": "A flag denoting if the user can add stacks to the project.\nThis flag might be false if the organization has hit their max stack quota\nor if the project's source and/or destination no longer exist.", "type": "boolean", "x-order": 3 }, "destination": { "description": "A path to the destination", "type": "string", "x-order": 2 }, "source": { "description": "A path to the source of a project", "type": "string", "x-order": 1 } }, "required": [ "canAddStacks", "destination", "source" ], "type": "object" }, "PulumiRepository": { "description": "PulumiRepository is a grouping of \"Projects\". We also return a subset of the organization's\nVCS repo with the same name, should it exist.", "properties": { "name": { "description": "The name of the repository.", "type": "string", "x-order": 2 }, "orgName": { "description": "The name of the organization that owns this repository.", "type": "string", "x-order": 1 }, "projects": { "description": "The projects within this repository.", "items": { "$ref": "#/components/schemas/PulumiProject" }, "type": "array", "x-order": 4 }, "vcsInfo": { "$ref": "#/components/schemas/VCSInfo", "description": "Version control system information for the repository.", "x-order": 3 } }, "required": [ "name", "orgName", "projects" ], "type": "object" }, "PulumiStack": { "description": "PulumiStack contains a name and some information for the frontend to construct a route to the details page. The\ncustom routing parameters are here to help land the new identity model in an iterative fashion and long term will\nbe removed.", "properties": { "driftDetected": { "description": "Whether the last drift detection run found differences between the desired and actual state.", "type": "boolean", "x-order": 9 }, "hasDeploymentSettings": { "description": "Whether the stack has Pulumi Deployments settings configured (source, OIDC, etc.).", "type": "boolean", "x-order": 8 }, "lastUpdate": { "$ref": "#/components/schemas/UpdateSummary", "description": "Summary of the last update to the stack. nil if never updated.", "x-order": 3 }, "name": { "description": "The name of the stack.", "type": "string", "x-order": 2 }, "programId": { "description": "Unique identifier for the stack.", "type": "string", "x-order": 1 }, "protectedByPolicy": { "description": "If true, the stack has at least one Policy Pack enforced.", "type": "boolean", "x-order": 7 }, "routingProject": { "description": "The project name used for routing to the stack details page.", "type": "string", "x-order": 5 }, "routingRepo": { "description": "The repository name used for routing to the stack details page.", "type": "string", "x-order": 4 }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags associated with the stack as key-value pairs.", "type": "object", "x-order": 6 } }, "required": [ "driftDetected", "hasDeploymentSettings", "name", "programId", "protectedByPolicy", "routingProject", "routingRepo" ], "type": "object" }, "PulumiTemplateRemote": { "allOf": [ { "$ref": "#/components/schemas/WorkspaceProjectTemplate" }, { "description": "A pulumi template remote where the source URL contains a valid Pulumi.yaml file.", "properties": { "name": { "description": "The name of the template", "type": "string", "x-order": 1 }, "repoSlug": { "description": "The template repository slug", "type": "string", "x-order": 6 }, "runtime": { "description": "The runtime of the template", "type": "string", "x-order": 4 }, "sourceName": { "description": "The name of the template source - for display purposes", "type": "string", "x-order": 2 }, "sourceURL": { "description": "The unique url that identifies the template to the service", "type": "string", "x-order": 3 }, "vendor": { "description": "The vendor hosting the templates", "type": "string", "x-order": 5 } }, "required": [ "name", "repoSlug", "runtime", "sourceName", "sourceURL", "vendor" ], "type": "object" } ] }, "RbacPermissionConstraints": { "description": "Constraints that can be applied to an RBAC permission.", "properties": { "MaxOpenDuration": { "description": "If not zero, the amount of time, in seconds, to keep an environment open", "format": "int64", "type": "integer", "x-order": 1 } }, "type": "object" }, "RbacScope": { "description": "RbacScope represents a permission and its metadata", "properties": { "metadata": { "$ref": "#/components/schemas/RbacScopeMetadata", "description": "Metadata associated with this scope.", "x-order": 2 }, "name": { "description": "The permission name for this scope.", "enum": [ "", "stack:list", "project:encrypt", "project:decrypt", "project_annotations:read", "project_annotations:update", "stack:read", "stack:write", "stack:import", "stack:export", "stack:encrypt", "stack:decrypt", "stack:create", "stack:rename", "stack:delete", "stack:cancel_update", "stack:transfer", "stack:list_deleted", "stack:restore_deleted", "stack_deployment:create", "stack_deployment:read", "stack_deployment_settings:write", "stack_deployment_settings:read", "stack_deployment_settings:encrypt", "stack_deployment_cache:read", "stack_webhook:read", "stack_webhook:create", "stack_webhook:update", "stack_webhook:delete", "stack_access:read", "stack_access:update", "stack_tags:update", "stack_annotations:read", "stack_annotations:update", "stack_schedule:create", "stack_schedule:update", "stack_schedule:read", "stack_schedule:delete", "stack_schedule:pause", "stack_schedule:resume", "organization:read_usage", "organization:update", "organization:rename", "organization:delete", "organization:change_backend", "organization:billing", "organization:potential", "organization:transfer_stacks", "saml:read", "saml:update", "audit_logs:read", "audit_logs:export", "scim:read", "scim:update", "scim:delete", "tags:read", "org_integrations:read", "org_integrations:update", "integrations:update", "integrations:read", "invites:read", "invites:create", "org_requests:read", "org_requests:update", "org_member_access:read", "org_member:read", "org_member:delete", "org_member:add", "org_member:update", "org_member:set_admin", "org_token:read", "org_token:create", "org_token:delete", "auth_policies:read", "auth_policies:update", "oidc_issuers:read", "oidc_issuers:update", "oidc_issuers:regenerate_thumbprints", "oidc_issuers:create", "oidc_issuers:delete", "agent_pool:read", "agent_pool:create", "agent_pool:update", "agent_pool:delete", "organization_webhook:read", "organization_webhook:create", "organization_webhook:update", "organization_webhook:delete", "resources:index", "resources:search", "resources:dashboard", "templates:read", "templates_source:read", "templates_source:update", "templates_source:delete", "templates_source:create", "services:create", "services:read", "services:write", "services:admin", "deployments:read", "deployments:pause", "deployments:resume", "deployments:read_usage", "organization_annotations:read", "organization_annotations:update", "policy_groups:create", "policy_groups:read", "policy_groups:update", "policy_groups:delete", "policy_pack:create", "policy_pack:read", "policy_pack:update", "policy_pack:delete", "policy_results:read", "environment:create", "environment:list", "environment:read", "environment:open", "environment:write", "environment:delete", "environment_settings:read", "environment_settings:update", "environment:clone", "environment:rotate", "environment:rotate_history", "environment:list_deleted", "environment:restore_deleted", "environment_yaml:open", "environment_schedule:create", "environment_schedule:read", "environment_schedule:update", "environment_schedule:pause", "environment_schedule:resume", "environment_schedule:delete", "environment_tags:list", "environment_tag:read", "environment_tag:create", "environment_tag:update", "environment_tag:delete", "environment_version:create", "environment_version:read", "environment_version:update", "environment_version:delete", "environment_version:retract", "environment_version:open", "environment_webhook:read", "environment_webhook:create", "environment_webhook:update", "environment_webhook:delete", "environment_access:read", "environment_access:update", "team:list", "team:read", "team:create", "team:update", "team:delete", "team:create_token", "team:list_tokens", "team:delete_token", "github_team:create", "insights_account:list", "insights_account:read", "insights_account:create", "insights_account:update", "insights_account:delete", "insights_account:update_policy_results", "insights_account_access:read", "insights_account_access:update", "insights_account:scan", "insights_account_scan:read", "insights_account_scan:update", "insights_account_scan:cancel", "insights_account_scan:pause", "insights_account_scan:resume", "insights_policy_queue:read", "insights_policy_evaluator:read", "insights_policy_evaluator:delete", "insights_policy_evaluator:ensure", "insights_policy_evaluator:update", "ai_conversations:list_all", "ai_conversations:read", "ai_conversations:create", "ai_conversations:update", "role:create", "role:read", "role:update", "role:delete", "change_gate:create", "change_gate:update", "change_gate:delete" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "RbacPermission", "enumComments": "RbacPermission enumerates the permissions available in the RBAC system.", "enumFieldNames": [ "NoPermission", "StackList", "ProjectEncrypt", "ProjectDecrypt", "ProjectAnnotationRead", "ProjectAnnotationUpdate", "StackRead", "StackWrite", "StackImport", "StackExport", "StackEncrypt", "StackDecrypt", "StackCreate", "StackRename", "StackDelete", "StackCancelUpdate", "StackTransfer", "StackListDeleted", "StackRestoreDeleted", "StackDeploymentCreate", "StackDeploymentRead", "StackDeploymentSettingsWrite", "StackDeploymentSettingsRead", "StackDeploymentSettingsEncrypt", "StackDeploymentCacheRead", "StackWebhookRead", "StackWebhookCreate", "StackWebhookUpdate", "StackWebhookDelete", "StackAccessRead", "StackAccessUpdate", "StackTagsUpdate", "StackAnnotationRead", "StackAnnotationUpdate", "StackScheduleCreate", "StackScheduleUpdate", "StackScheduleRead", "StackScheduleDelete", "StackSchedulePause", "StackScheduleResume", "OrganizationReadUsage", "OrganizationUpdate", "OrganizationRename", "OrganizationDelete", "OrganizationChangeBackend", "OrganizationBilling", "OrganizationPotential", "OrganizationTransferStacks", "SAMLRead", "SAMLUpdate", "AuditLogsRead", "AuditLogsExport", "SCIMRead", "SCIMUpdate", "SCIMDelete", "TagsRead", "OrgIntegrationsRead", "OrgIntegrationsUpdate", "IntegrationsUpdate", "IntegrationsRead", "InvitesRead", "InvitesCreate", "OrgRequestsRead", "OrgRequestsUpdate", "OrgMemberAccessRead", "OrgMemberRead", "OrgMemberDelete", "OrgMemberAdd", "OrgMemberUpdate", "OrgMemberSetAdmin", "OrgTokenRead", "OrgTokenCreate", "OrgTokenDelete", "AuthPoliciesRead", "AuthPoliciesUpdate", "OidcIssuersRead", "OidcIssuersUpdate", "OidcIssuersRegenerateThumbprints", "OidcIssuersCreate", "OidcIssuersDelete", "AgentPoolRead", "AgentPoolCreate", "AgentPoolUpdate", "AgentPoolDelete", "OrganizationWebhookRead", "OrganizationWebhookCreate", "OrganizationWebhookUpdate", "OrganizationWebhookDelete", "ResourcesIndex", "ResourcesSearch", "ResourcesDashboard", "TemplatesRead", "TemplatesSourceRead", "TemplatesSourceUpdate", "TemplatesSourceDelete", "TemplatesSourceCreate", "ServicesCreate", "ServicesRead", "ServicesWrite", "ServicesAdmin", "DeploymentsRead", "DeploymentsPause", "DeploymentsResume", "DeploymentsReadUsage", "OrganizationAnnotationsRead", "OrganizationAnnotationsUpdate", "InsightsPolicyGroupsCreate", "InsightsPolicyGroupsRead", "InsightsPolicyGroupsUpdate", "InsightsPolicyGroupsDelete", "InsightsPolicyPackCreate", "InsightsPolicyPackRead", "InsightsPolicyPackUpdate", "InsightsPolicyPackDelete", "InsightsPolicyResultsRead", "EnvironmentCreate", "EnvironmentList", "EnvironmentRead", "EnvironmentOpen", "EnvironmentWrite", "EnvironmentDelete", "EnvironmentSettingsRead", "EnvironmentSettingsUpdate", "EnvironmentClone", "EnvironmentRotate", "EnvironmentRotateHistory", "EnvironmentListDeleted", "EnvironmentRestoreDeleted", "EnvironmentYamlOpen", "EnvironmentScheduleCreate", "EnvironmentScheduleRead", "EnvironmentScheduleUpdate", "EnvironmentSchedulePause", "EnvironmentScheduleResume", "EnvironmentScheduleDelete", "EnvironmentTagsList", "EnvironmentTagRead", "EnvironmentTagCreate", "EnvironmentTagUpdate", "EnvironmentTagDelete", "EnvironmentVersionCreate", "EnvironmentVersionRead", "EnvironmentVersionUpdate", "EnvironmentVersionDelete", "EnvironmentVersionRetract", "EnvironmentVersionOpen", "EnvironmentWebhookRead", "EnvironmentWebhookCreate", "EnvironmentWebhookUpdate", "EnvironmentWebhookDelete", "EnvironmentAccessRead", "EnvironmentAccessUpdate", "TeamList", "TeamRead", "TeamCreate", "TeamUpdate", "TeamDelete", "TeamCreateToken", "TeamListTokens", "TeamDeleteToken", "GithubTeamCreate", "InsightsAccountList", "InsightsAccountRead", "InsightsAccountCreate", "InsightsAccountUpdate", "InsightsAccountDelete", "InsightsAccountUpdatePolicyResults", "InsightsAccountAccessRead", "InsightsAccountAccessUpdate", "InsightsAccountScan", "InsightsAccountScanRead", "InsightsAccountScanUpdate", "InsightsAccountScanCancel", "InsightsAccountScanPause", "InsightsAccountScanResume", "InsightsPolicyQueueRead", "InsightsPolicyEvaluatorRead", "InsightsPolicyEvaluatorDelete", "InsightsPolicyEvaluatorEnsure", "InsightsPolicyEvaluatorUpdate", "AIConversationsListAll", "AIConversationsRead", "AIConversationsCreate", "AIConversationsUpdate", "RoleCreate", "RoleRead", "RoleUpdate", "RoleDelete", "ChangeGateCreate", "ChangeGateUpdate", "ChangeGateDelete" ], "enumFieldComments": [ "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "OrganizationTransferStacks differs from Stack Transfer as it enables transferring all stacks within the organization, rather than being tied to an individual stack.", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "" ] } } }, "required": [ "metadata", "name" ], "type": "object" }, "RbacScopeGroup": { "description": "RbacScopeGroup represents a group of scopes for a resource group", "properties": { "name": { "description": "The name of this scope group.", "enum": [ "Stacks", "Stack deployments", "Stack webhooks", "Stack tags", "Stack deployment schedules", "Agent pools", "Environments", "Environment webhooks", "Environment tags", "Environment versions", "Environment schedules", "Environment secrets rotation", "Accounts", "Scans", "Policy queue", "Policy evaluator", "Stack management", "Environment management", "Insights account management", "Insights policy management", "Organization", "Membership", "Organization access tokens", "Teams", "SSO", "Audit logs", "Roles", "Search", "Copilot", "Organization annotations", "OIDC", "Templates", "Deployments", "Organization webhooks", "Approvals" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "RbacScopeGroupName", "enumComments": "RbacScopeGroupName enumerates the names of RBAC scope groups for organizing permissions by resource type.", "enumFieldNames": [ "Stacks", "StackDeployments", "StackWebhooks", "StackTags", "StackDeploySchedules", "AgentPools", "Environments", "EnvironmentWebhooks", "EnvironmentTags", "EnvironmentVersions", "EnvironmentSchedules", "EnvironmentSecretsRotation", "InsightsAccounts", "InsightsScan", "InsightsPolicyQueue", "InsightsPolicyEvaluator", "StackManagement", "EnvironmentManagement", "InsightsAccountManagement", "InsightsPolicyManagement", "Organization", "Membership", "OrganizationTokens", "Teams", "SSO", "AuditLogs", "Roles", "Search", "Copilot", "Annotations", "Oidc", "Templates", "OrgDeployments", "OrgWebhooks", "ChangeRequests" ] } }, "scopes": { "description": "The list of scopes in this group.", "items": { "$ref": "#/components/schemas/RbacScope" }, "type": "array", "x-order": 2 } }, "required": [ "name", "scopes" ], "type": "object" }, "RbacScopeMetadata": { "description": "Metadata associated with an RBAC scope.", "properties": { "description": { "description": "A human-readable description of this scope.", "type": "string", "x-order": 1 } }, "required": [ "description" ], "type": "object" }, "ReadInsightsAccountResponse": { "allOf": [ { "$ref": "#/components/schemas/InsightsAccount" }, { "description": "Response containing the details of an Insights account.", "type": "object" } ] }, "RegistryPolicyPack": { "description": "RegistryPolicyPack represents the core metadata for a policy pack in the registry.\nThis is the primary data structure returned by most registry API endpoints.", "properties": { "accessLevel": { "description": "AccessLevel is the client's level of access to this policy pack.", "enum": [ "full", "view-only", "deny" ], "type": "string", "x-order": 7, "x-pulumi-model-property": { "enumTypeName": "RegistryPolicyPackAccessLevel", "enumComments": "The level of access a client has to a registry policy pack.", "enumFieldNames": [ "Full", "ViewOnly", "Deny" ], "enumFieldComments": [ "Full access to a policy pack (view + use)", "Access to view a policy pack", "No access to a policy pack" ] } }, "displayName": { "description": "DisplayName is a human-readable name for this policy pack.\nThis is typically more descriptive than the technical name.", "type": "string", "x-order": 6 }, "enforcementLevels": { "description": "EnforcementLevels are the client's allowed enforcement levels for this policy pack.", "items": { "enum": [ "advisory", "mandatory", "remediate", "disabled" ], "type": "string", "x-pulumi-model-property": { "enumTypeName": "AppEnforcementLevel", "enumComments": "EnforcementLevel indicates how a policy should be enforced", "enumFieldComments": [ "Advisory is an enforcement level where the resource is still created, but a\nmessage is displayed to the user for informational / warning purposes.", "Mandatory is an enforcement level that prevents a resource from being created.", "Remediate is an enforcement level that fixes policy issues instead of issuing diagnostics.", "Disabled is an enforcement level that disables the policy from being enforced." ] } }, "type": "array", "x-order": 8 }, "id": { "description": "ID is the unique identifier for this policy pack in the registry.\nThis is a UUID that corresponds to the policy pack's database ID.", "type": "string", "x-order": 1 }, "name": { "description": "Name is the unique identifier for this policy pack within the publisher's namespace.\nPolicy pack names must be URL-safe and unique per publisher.", "type": "string", "x-order": 4 }, "publisher": { "description": "Publisher is the organization or user that published this policy pack.\nThis corresponds to the Pulumi organization name.", "type": "string", "x-order": 3 }, "source": { "description": "Source indicates where this policy pack is hosted (e.g., \"private\", \"pulumi\").\nCurrently, only \"private\" policy packs are supported.", "type": "string", "x-order": 2 }, "version": { "description": "Version is the semantic version of this policy pack.\nThis represents the latest or specific version being referenced.", "type": "string", "x-order": 5 } }, "required": [ "accessLevel", "displayName", "enforcementLevels", "id", "name", "publisher", "source", "version" ], "type": "object" }, "RemoveEnvironmentIdentifier": { "description": "Identifier used when removing an environment from a team.", "properties": { "envName": { "description": "The name of the environment to remove.", "type": "string", "x-order": 2 }, "projectName": { "description": "The name of the project containing the environment.", "type": "string", "x-order": 1 } }, "required": [ "envName", "projectName" ], "type": "object" }, "RemoveStackIdentifier": { "description": "RemoveStackIdentifier is the identifier used in the UpdateTeamRequest when removing a stack from a team.", "properties": { "projectName": { "description": "The name of the project containing the stack.", "type": "string", "x-order": 1 }, "stackName": { "description": "The name of the stack to remove.", "type": "string", "x-order": 2 } }, "required": [ "projectName", "stackName" ], "type": "object" }, "Resource": { "description": "Resource is the shape of a Pulumi-managed resource as exposed from the Pulumi Service.\nThis type wraps pulumi/pulumi's pkg/apitype ResourceV1 and ResourceV2 types, which are\nsent from the CLI to the Service as part of performing updates. Those types wrap\npulumi/pulumi's pkg/resource State type, which is the engine-internal representation.", "properties": { "additionalSecretOutputs": { "description": "AdditionalSecretOutputs is a list of outputs that were explicitly marked as secret when the resource was created.", "items": { "type": "string" }, "type": "array", "x-order": 11 }, "aliases": { "description": "Aliases is a list of previous URNs that this resource may have had in previous deployments.", "items": { "type": "string" }, "type": "array", "x-order": 12 }, "custom": { "description": "Custom is true when the resource is managed by a plugin.", "type": "boolean", "x-order": 4 }, "delete": { "description": "Delete is true when the resource should be deleted during the next update.", "type": "boolean", "x-order": 5 }, "deletedWith": { "description": "If set, the providers Delete method will not be called for this resource\nif specified resource is being deleted as well.", "type": "string", "x-order": 13 }, "dependencies": { "description": "Dependencies contains the URN dependency edges to other resources that this depends on.", "items": { "type": "string" }, "type": "array", "x-order": 6 }, "external": { "description": "External is set to true when the lifecycle of this resource is not managed by Pulumi.", "type": "boolean", "x-order": 9 }, "id": { "description": "ID is the provider-assigned resource ID, if any, for custom resources.", "type": "string", "x-order": 1 }, "initErrors": { "description": "InitErrors is the set of errors encountered in the process of initializing resource (i.e.,\nduring create or update).", "items": { "type": "string" }, "type": "array", "x-order": 14 }, "inputs": { "additionalProperties": { "type": "object" }, "description": "Inputs are the input properties supplied to the provider.", "type": "object", "x-order": 15 }, "outputs": { "additionalProperties": { "type": "object" }, "description": "Outputs are the output properties returned by the provider after provisioning.", "type": "object", "x-order": 16 }, "parent": { "description": "Parent is an optional parent URN if this resource is a child of it.", "type": "string", "x-order": 7 }, "protect": { "description": "Protect is set to true when this resource is \"protected\" and may not be deleted.", "type": "boolean", "x-order": 8 }, "providerInputs": { "additionalProperties": { "type": "object" }, "description": "The inputs to the provider which created this resource. This can be used when generating console links\n(e.g. the value of aws:region will be in this property bag with the key \"region\" and the value of whatever\nregion was set on the provider that created this resource).", "type": "object", "x-order": 17 }, "retainOnDelete": { "description": "If set to True, the providers Delete method will not be called for this resource.\nPulumi simply stops tracking the deleted resource.", "type": "boolean", "x-order": 10 }, "type": { "description": "Type is the resource's full type token.", "type": "string", "x-order": 2 }, "urn": { "description": "URN uniquely identifying this resource within a stack. (But not globally across all stacks.)", "type": "string", "x-order": 3 } }, "required": [ "custom", "delete", "dependencies", "type", "urn" ], "type": "object" }, "ResourceCountSummary": { "description": "ResourceCountSummary represents a single point of summary for resources\nunder management for an organization.", "properties": { "day": { "description": "The day of month. Ranges from 1 to 31.", "format": "int64", "type": "integer", "x-order": 3 }, "hour": { "description": "The hour of the day. Ranges from 0 to 23.", "format": "int64", "type": "integer", "x-order": 5 }, "month": { "description": "The month of the year. Ranges from 1 to 12.", "format": "int64", "type": "integer", "x-order": 2 }, "resourceHours": { "description": "The RHUM, which is the number of hours the resources under management have\nbeen running. Calculated by getting the sum of all the resources for the\ngiven time frame. 1 resource hour = 1 Pulumi credit.", "format": "int64", "type": "integer", "x-order": 7 }, "resources": { "description": "The RUM (total number of resources under management at a given time).\nCalculated by getting the average of the all the resources for the given\ntime frame.", "format": "int64", "type": "integer", "x-order": 6 }, "weekNumber": { "description": "The week number in the year with Sunday marking the start of the week. Ranges from 0-53.", "format": "int64", "type": "integer", "x-order": 4 }, "year": { "description": "The 4-digit year.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "resourceHours", "resources", "year" ], "type": "object" }, "ResourceDependency": { "description": "A single dependency in a chain of dependencies used to list a resource.", "properties": { "id": { "description": "The resource identifier.", "type": "string", "x-order": 2 }, "type": { "description": "The resource type token.", "type": "string", "x-order": 1 } }, "required": [ "id", "type" ], "type": "object" }, "ResourceInfo": { "description": "ResourceInfo wraps a basic resource and provides contextual information.", "properties": { "resource": { "$ref": "#/components/schemas/Resource", "description": "The underlying resource with its properties, URN, type, and provider state.", "x-order": 1 } }, "required": [ "resource" ], "type": "object" }, "ResourceMigrationAnnotation": { "description": "A user-created migration annotation on a discovered resource.", "properties": { "linkedResourceUrn": { "description": "URN of the resource this one was migrated as part of.", "type": "string", "x-order": 3 }, "note": { "description": "Free-text note about this resource's migration status. May be empty when only a status override is set.", "type": "string", "x-order": 1 }, "statusOverride": { "description": "User override of the computed migration status. Only Migrated and NotApplicable are valid overrides.", "enum": [ "Migrated", "PulumiOnly", "Ready", "Pending", "Unmapped", "NotApplicable" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "MigrationStatus", "enumComments": "Migration status of a discovered resource relative to a comparison Pulumi stack. Migrated and PulumiOnly are only possible when the compareTo parameter is provided.", "enumFieldComments": [ "Resource identity match found in the comparison stack.", "Resource exists only in the comparison Pulumi stack.", "Mapped to a Pulumi type with virtual state available.", "Mapped to a Pulumi type but no virtual state yet.", "No Pulumi type mapping exists for this resource.", "Migration status is not applicable (e.g. stack or deployment containers)." ] } } }, "type": "object" }, "ResourceResult": { "description": "ResourceResult is the user-facing type for our indexed resources.\nIf you add a property here, don't forget to update fieldMappings to make it\nqueryable!", "properties": { "account": { "description": "The Insights account name that discovered or manages this resource.", "type": "string", "x-order": 24 }, "category": { "description": "The category of the resource.", "type": "string", "x-order": 23 }, "created": { "description": "The ISO 8601 timestamp when the resource was first indexed.", "type": "string", "x-order": 1 }, "custom": { "description": "Whether this is a custom resource managed by a provider plugin.", "type": "boolean", "x-order": 2 }, "delete": { "description": "Whether this resource is pending deletion.", "type": "boolean", "x-order": 3 }, "dependencies": { "description": "URNs of resources that this resource depends on.", "items": { "type": "string" }, "type": "array", "x-order": 4 }, "dependents": { "description": "URNs of resources that depend on this resource.", "items": { "type": "string" }, "type": "array", "x-order": 25 }, "external": { "description": "Whether the lifecycle of this resource is not managed by Pulumi.", "type": "boolean", "x-order": 5 }, "fingerprint": { "description": "A fingerprint uniquely identifying this resource's state.", "type": "string", "x-order": 27 }, "id": { "description": "The provider-assigned resource ID.", "type": "string", "x-order": 6 }, "managed": { "description": "Whether this resource is managed by Pulumi IaC stacks or discovered by Insights scanning. One of 'managed' or 'discovered'.", "type": "string", "x-order": 26 }, "matches": { "additionalProperties": { "items": { "type": "object" }, "type": "array" }, "description": "Matched search terms mapped to their highlighted values.", "type": "object", "x-order": 7 }, "metadata": { "description": "Additional metadata associated with the resource.", "type": "object", "x-order": 22 }, "modified": { "description": "The ISO 8601 timestamp when the resource was last updated in the index.", "type": "string", "x-order": 8 }, "module": { "description": "The module that contains this resource.", "type": "string", "x-order": 9 }, "name": { "description": "The name of the resource.", "type": "string", "x-order": 10 }, "package": { "description": "The package that provides this resource.", "type": "string", "x-order": 11 }, "parent_urn": { "description": "The URN of the parent resource, if any.", "type": "string", "x-order": 12 }, "pending": { "description": "The pending operation on this resource, if any (e.g. creating, updating, deleting).", "type": "string", "x-order": 13 }, "project": { "description": "The project that contains this resource.", "type": "string", "x-order": 14 }, "properties": { "description": "The resource's input/output properties as a JSON object. Only populated when explicitly requested.", "type": "object", "x-order": 21 }, "protected": { "description": "Whether this resource is protected from deletion.", "type": "boolean", "x-order": 15 }, "provider_urn": { "description": "The URN of the provider for this resource.", "type": "string", "x-order": 16 }, "sourceCount": { "description": "The number of sources for this resource.", "format": "int64", "type": "integer", "x-order": 28 }, "stack": { "description": "The stack that contains this resource.", "type": "string", "x-order": 17 }, "teams": { "description": "The teams that have access to this resource.", "items": { "type": "string" }, "type": "array", "x-order": 20 }, "type": { "description": "The full type token of the resource (e.g. aws:s3/bucket:Bucket).", "type": "string", "x-order": 18 }, "urn": { "description": "The URN uniquely identifying this resource within a stack.", "type": "string", "x-order": 19 } }, "required": [ "module", "package" ], "type": "object" }, "ResourceSearchPagination": { "description": "ResourceSearchPagination provides links for paging through results.", "properties": { "cursor": { "description": "An opaque cursor for resuming pagination.", "type": "string", "x-order": 3 }, "next": { "description": "Link to the next page of results.", "type": "string", "x-order": 2 }, "previous": { "description": "Link to the previous page of results.", "type": "string", "x-order": 1 } }, "type": "object" }, "ResourceSearchResult": { "description": "ResourceSearchResult is a collected of resource search results.", "properties": { "aggregations": { "additionalProperties": { "$ref": "#/components/schemas/Aggregation" }, "description": "Aggregation buckets for faceted search.", "type": "object", "x-order": 3 }, "pagination": { "$ref": "#/components/schemas/ResourceSearchPagination", "description": "Pagination links for navigating through results.", "x-order": 4 }, "resources": { "description": "The list of matching resource results.", "items": { "$ref": "#/components/schemas/ResourceResult" }, "type": "array", "x-order": 2 }, "total": { "description": "The total number of matching resources.", "format": "int64", "type": "integer", "x-order": 1 } }, "type": "object" }, "ResponseAuditLogs": { "description": "ResponseAuditLogs represents the audit event logs response given\nwhen listing audit log events. Contains a continuation token for\npagination as well as a list of the AuditLogEvent objects.", "properties": { "auditLogEvents": { "description": "The list of audit log events.", "items": { "$ref": "#/components/schemas/AuditLogEvent" }, "type": "array", "x-order": 2 }, "continuationToken": { "description": "A continuation token for paginating through audit log results.", "type": "string", "x-order": 1 } }, "required": [ "auditLogEvents" ], "type": "object" }, "RestoreDeletedStackRequest": { "description": "Request to restore a previously deleted stack.", "properties": { "stackName": { "description": "The name of the stack to restore.", "type": "string", "x-order": 1 } }, "required": [ "stackName" ], "type": "object" }, "RestoreEnvironmentRequest": { "allOf": [ { "$ref": "#/components/schemas/CreateEnvironmentRequest" }, { "description": "Request to restore a previously deleted environment.", "properties": { "deletionTimestamp": { "description": "The ISO 8601 timestamp of the environment's deletion, used to identify which deleted version to restore.", "type": "string", "x-order": 1 } }, "required": [ "deletionTimestamp" ], "type": "object" } ] }, "RetractEnvironmentRevisionRequest": { "description": "Request to retract a specific revision of an environment.", "properties": { "reason": { "description": "The reason for retracting the revision.", "type": "string", "x-order": 2 }, "replacement": { "description": "The revision number to use as a replacement, if any.", "format": "int64", "type": "integer", "x-order": 1 } }, "type": "object" }, "RotateEnvironmentRequest": { "description": "Request to rotate secrets in an environment.", "properties": { "paths": { "description": "The paths of the secrets to rotate.", "items": { "type": "string" }, "type": "array", "x-order": 1 } }, "required": [ "paths" ], "type": "object" }, "RotateEnvironmentResponse": { "description": "Response from a secret rotation operation on an environment.", "properties": { "diagnostics": { "description": "Diagnostics generated during the rotation operation.", "items": { "$ref": "#/components/schemas/EnvironmentDiagnostic" }, "type": "array", "x-order": 2 }, "id": { "description": "The unique identifier for this rotation operation.", "type": "string", "x-order": 1 }, "secretRotationEvent": { "$ref": "#/components/schemas/SecretRotationEvent", "description": "Details of the secret rotation event.", "x-order": 3 } }, "required": [ "id", "secretRotationEvent" ], "type": "object" }, "SAMLOrganization": { "description": "SAMLOrganization is a Pulumi organization combined with its SAML-specific data.", "properties": { "entityId": { "description": "The following fields can be empty if the metadata (IDPSSODescriptor)\nitself is empty for the organization.", "type": "string", "x-order": 3 }, "idpSsoDescriptor": { "description": "The SAML Identity Provider SSO descriptor XML.", "type": "string", "x-order": 2 }, "nameIdFormat": { "description": "The SAML NameID format used by the identity provider.", "type": "string", "x-order": 6 }, "organization": { "$ref": "#/components/schemas/Organization", "description": "The Pulumi organization.", "x-order": 1 }, "ssoUrl": { "description": "The SSO URL for the identity provider.", "type": "string", "x-order": 4 }, "validUntil": { "description": "ValidUntil is the date until which the X.509 Certificate\nissued to the organization by the identity provider is valid.", "type": "string", "x-order": 5 }, "validationError": { "description": "ValidationError will be set only if there is an error validating the SAML org's metadata XML.", "type": "string", "x-order": 7 } }, "required": [ "idpSsoDescriptor", "organization" ], "type": "object" }, "SSHAuth": { "description": "SSHAuth configures ssh-based auth for git authentication.\nSSHPrivateKey is required but password is optional.", "properties": { "password": { "$ref": "#/components/schemas/SecretValue", "description": "An optional password or passphrase for the SSH private key.", "x-order": 2 }, "sshPrivateKey": { "$ref": "#/components/schemas/SecretValue", "description": "The SSH private key used for authentication.", "x-order": 1 } }, "required": [ "sshPrivateKey" ], "type": "object" }, "SSHAuthRequest": { "description": "Request to configure SSH-based authentication for git operations.", "properties": { "password": { "$ref": "#/components/schemas/SecretValue", "description": "An optional password for the SSH private key.", "x-order": 2 }, "sshPrivateKey": { "$ref": "#/components/schemas/SecretValue", "description": "The SSH private key for authentication.", "x-order": 1 } }, "type": "object" }, "ScanInsightsAccountRequest": { "allOf": [ { "$ref": "#/components/schemas/ScanOptions" }, { "description": "Request to initiate a scan of an Insights account.", "properties": { "agentPoolID": { "description": "The ID of the agent pool to use for scanning. If not specified, the default agent pool will be used.", "type": "string", "x-order": 1 } }, "type": "object" } ] }, "ScanOptions": { "description": "Configuration options for controlling scan behavior.", "properties": { "batchSize": { "description": "The batch size for processing resources during the scan.", "format": "int64", "type": "integer", "x-order": 3 }, "listConcurrency": { "description": "The concurrency level for list operations during the scan.", "format": "int64", "type": "integer", "x-order": 1 }, "readConcurrency": { "description": "The concurrency level for read operations during the scan.", "format": "int64", "type": "integer", "x-order": 2 }, "readTimeout": { "description": "The timeout duration for read operations, as a Go duration string (e.g., '30s', '5m').", "type": "string", "x-order": 4 } }, "type": "object" }, "ScanStatus": { "allOf": [ { "$ref": "#/components/schemas/WorkflowRun" }, { "description": "The status of an Insights account scan, including resource count.", "properties": { "accountName": { "description": "The name of the insights account associated with this scan.", "type": "string", "x-order": 1 }, "resourceCount": { "description": "The number of resources discovered by this scan.", "format": "int64", "type": "integer", "x-order": 2 } }, "type": "object" } ] }, "ScanStatusResponse": { "allOf": [ { "$ref": "#/components/schemas/WorkflowRun" }, { "description": "Response containing the scan status and the next scheduled scan time.", "properties": { "nextScan": { "description": "The timestamp of the next scheduled scan, if any.", "type": "string", "x-order": 1 } }, "type": "object" } ] }, "ScheduledAction": { "description": "ScheduledAction describes the state of a scheduled action.", "properties": { "created": { "description": "The timestamp when this scheduled action was created.", "type": "string", "x-order": 9 }, "definition": { "additionalProperties": { "type": "object" }, "description": "The action definition, which varies based on the action kind.", "type": "object", "x-order": 8 }, "id": { "description": "The unique identifier for this scheduled action.", "type": "string", "x-order": 1 }, "kind": { "description": "The kind of action to be executed.", "enum": [ "deployment", "environment_rotation", "scan" ], "type": "string", "x-order": 7, "x-pulumi-model-property": { "enumTypeName": "ScheduledActionKind", "enumComments": "The kind of scheduled action.", "enumFieldNames": [ "Deployment", "EnvironmentRotation", "Scan" ], "enumFieldComments": [ "A scheduled deployment action.", "A scheduled environment secret rotation action.", "A scheduled Insights scan action." ] } }, "lastExecuted": { "description": "The timestamp of the last execution, if any.", "type": "string", "x-order": 11 }, "modified": { "description": "The timestamp when this scheduled action was last modified.", "type": "string", "x-order": 10 }, "nextExecution": { "description": "The timestamp of the next scheduled execution.", "type": "string", "x-order": 5 }, "orgID": { "description": "The organization ID that owns this scheduled action.", "type": "string", "x-order": 2 }, "paused": { "description": "Whether the scheduled action is currently paused.", "type": "boolean", "x-order": 6 }, "scheduleCron": { "description": "A cron expression defining the recurring schedule.", "type": "string", "x-order": 3 }, "scheduleOnce": { "description": "A timestamp for a one-time scheduled execution.", "type": "string", "x-order": 4 } }, "required": [ "created", "definition", "id", "kind", "lastExecuted", "modified", "nextExecution", "orgID", "paused" ], "type": "object" }, "ScheduledActionHistoryEvent": { "description": "ScheduledActionHistoryEvent describes the state of a scheduled deployment history event.", "properties": { "executed": { "description": "The timestamp when the action was executed.", "type": "string", "x-order": 3 }, "id": { "description": "The unique identifier for this history event.", "type": "string", "x-order": 1 }, "result": { "description": "The result of the execution.", "type": "string", "x-order": 5 }, "scheduledActionID": { "description": "The ID of the scheduled action this event belongs to.", "type": "string", "x-order": 2 }, "version": { "description": "The version of the scheduled action at the time of execution.", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "executed", "id", "result", "scheduledActionID", "version" ], "type": "object" }, "ScheduledInsightsScanSettingsRequest": { "allOf": [ { "$ref": "#/components/schemas/ScanOptions" }, { "description": "Request to update the scheduled Insights scan settings.", "properties": { "paused": { "description": "Whether the scheduled scan is paused.", "type": "boolean", "x-order": 2 }, "scheduleCron": { "description": "The cron expression defining the scan schedule.", "type": "string", "x-order": 1 } }, "required": [ "paused" ], "type": "object" } ] }, "ScheduledInsightsScanSettingsResponse": { "allOf": [ { "$ref": "#/components/schemas/ScanOptions" }, { "description": "Response containing the current scheduled Insights scan settings.", "properties": { "paused": { "description": "Whether the scheduled scan is paused.", "type": "boolean", "x-order": 2 }, "scheduleCron": { "description": "The cron expression defining the scan schedule.", "type": "string", "x-order": 1 } }, "required": [ "paused", "scheduleCron" ], "type": "object" } ] }, "SecretRotation": { "description": "Represents the state of a single secret rotation within an environment.", "properties": { "environmentPath": { "description": "The path of the secret being rotated in the environment.", "type": "string", "x-order": 2 }, "errorMessage": { "description": "An error message if the rotation failed.", "type": "string", "x-order": 4 }, "id": { "description": "The unique identifier for this secret rotation.", "type": "string", "x-order": 1 }, "status": { "description": "The current status of the rotation.", "type": "string", "x-order": 3 } }, "required": [ "environmentPath", "id", "status" ], "type": "object" }, "SecretRotationEvent": { "description": "An event representing a secret rotation operation on an environment.", "properties": { "completed": { "description": "The timestamp when the rotation completed.", "format": "date-time", "type": "string", "x-order": 7 }, "created": { "description": "The timestamp when this rotation event was created.", "format": "date-time", "type": "string", "x-order": 3 }, "environmentId": { "description": "The ID of the environment being rotated.", "type": "string", "x-order": 2 }, "errorMessage": { "description": "An error message if the rotation failed.", "type": "string", "x-order": 10 }, "id": { "description": "The unique identifier for this rotation event.", "type": "string", "x-order": 1 }, "postRotationRevision": { "description": "The environment revision after the rotation, if completed.", "format": "int64", "type": "integer", "x-order": 5 }, "preRotationRevision": { "description": "The environment revision before the rotation.", "format": "int64", "type": "integer", "x-order": 4 }, "rotations": { "description": "The individual secret rotations within this event.", "items": { "$ref": "#/components/schemas/SecretRotation" }, "type": "array", "x-order": 11 }, "scheduledActionID": { "description": "The ID of the scheduled action that triggered this rotation, if any.", "type": "string", "x-order": 9 }, "status": { "description": "The current status of the rotation event.", "type": "string", "x-order": 8 }, "userID": { "description": "The ID of the user who initiated the rotation.", "type": "string", "x-order": 6 } }, "required": [ "created", "environmentId", "id", "preRotationRevision", "rotations", "status", "userID" ], "type": "object" }, "SecretValue": { "description": "A SecretValue describes a secret value on the wire. The JSON representation is an object with a required 'secret' field containing the plaintext and an optional 'ciphertext' field containing the encrypted representation.", "properties": { "ciphertext": { "description": "The encrypted representation of the secret value.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 2 }, "secret": { "description": "The secret value in plaintext.", "type": "string", "x-order": 1 } }, "required": [ "secret" ], "type": "object" }, "Service": { "description": "A service is a Pulumi construct that aggregates items and additional metadata\nthat can be accessed by the service's members.", "properties": { "created": { "description": "the time the service was create", "format": "date-time", "type": "string", "x-order": 5 }, "description": { "description": "an optional description of the service", "type": "string", "x-order": 4 }, "itemCountSummary": { "additionalProperties": { "format": "int64", "type": "integer" }, "description": "item types to their count within the service based on the current user's permissions", "type": "object", "x-order": 7 }, "members": { "description": "a list of members that have access to the service", "items": { "$ref": "#/components/schemas/ServiceMember" }, "type": "array", "x-order": 6 }, "name": { "description": "the name of the service", "type": "string", "x-order": 3 }, "organizationName": { "description": "the name of the organization this service belongs to", "type": "string", "x-order": 1 }, "owner": { "$ref": "#/components/schemas/ServiceMember", "description": "the owner of the service", "x-order": 2 }, "properties": { "description": "an optional list of properties set on the service", "items": { "$ref": "#/components/schemas/ServiceProperty" }, "type": "array", "x-order": 8 } }, "required": [ "description", "itemCountSummary", "members", "name", "organizationName", "owner", "properties" ], "type": "object" }, "ServiceItem": { "description": "An item within a service.", "properties": { "addedByUser": { "$ref": "#/components/schemas/ServiceMember", "description": "who added the item reference to the service - this will always be a user", "x-order": 7 }, "cloudCount": { "description": "how many Pulumi cloud measured primitives are within this item", "format": "int64", "type": "integer", "x-order": 8 }, "created": { "description": "timestamp of when the item was created", "format": "date-time", "type": "string", "x-order": 5 }, "lastUpdate": { "$ref": "#/components/schemas/ServiceItemUpdate", "description": "when did the last update occur to this item, if any", "x-order": 6 }, "name": { "description": "the name (including any namespacing) of the item", "type": "string", "x-order": 3 }, "organizationName": { "description": "the name of the organization this item belongs to", "type": "string", "x-order": 1 }, "type": { "description": "the type of the item", "type": "string", "x-order": 2 }, "version": { "description": "optional field if the item has versioning", "type": "string", "x-order": 4 } }, "required": [ "cloudCount", "created", "name", "organizationName", "type" ], "type": "object" }, "ServiceItemUpdate": { "description": "An update that the item may have in it's history.", "properties": { "message": { "description": "the message to show alongside the timestamp", "type": "string", "x-order": 2 }, "success": { "description": "used to toggle a status icon for the update", "type": "boolean", "x-order": 3 }, "timestamp": { "description": "the timestamp of the last update", "format": "date-time", "type": "string", "x-order": 1 } }, "required": [ "message", "timestamp" ], "type": "object" }, "ServiceMember": { "description": "A service member is either a direct user or a indirect user representation\nthat allows them to access and mutate a service.", "properties": { "avatarUrl": { "description": "an optional avatar URL for the member", "type": "string", "x-order": 3 }, "name": { "description": "the login name of the member within Pulumi", "type": "string", "x-order": 2 }, "type": { "description": "the type of the member (e.g. team / user)", "type": "string", "x-order": 1 } }, "required": [ "avatarUrl", "name", "type" ], "type": "object" }, "ServiceProperty": { "description": "A property that the service will show in it's metadata.", "properties": { "key": { "description": "the name of the property", "type": "string", "x-order": 1 }, "order": { "description": "the position of the property", "format": "int64", "type": "integer", "x-order": 4 }, "type": { "description": "the type of the property", "type": "string", "x-order": 3 }, "value": { "description": "the value of the property", "type": "string", "x-order": 2 } }, "required": [ "key", "order", "type", "value" ], "type": "object" }, "SetInsightAccountTagsRequest": { "description": "Request to set tags on an Insights account.", "properties": { "tags": { "additionalProperties": { "type": "string" }, "description": "The tags to set on the Insights account.", "type": "object", "x-order": 1 } }, "required": [ "tags" ], "type": "object" }, "SourceContext": { "description": "SourceContext describes some source code, and how to obtain it.", "properties": { "git": { "$ref": "#/components/schemas/SourceContextGit", "description": "Git-based source context for obtaining source code from a repository.", "x-order": 1 }, "hg": { "$ref": "#/components/schemas/SourceContextHg", "description": "Mercurial-based source context for obtaining source code from a repository.", "x-order": 2 }, "template": { "$ref": "#/components/schemas/SourceContextTemplate", "description": "Template-based source context for obtaining source code from a template URL.", "x-order": 3 } }, "type": "object" }, "SourceContextGit": { "description": "Git-based source context for obtaining source code from a repository.", "properties": { "branch": { "description": "The branch to use from the repository.", "type": "string", "x-order": 2 }, "commit": { "description": "(optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This\nis mutually exclusive with the Branch setting. Either value needs to be specified.", "type": "string", "x-order": 4 }, "gitAuth": { "$ref": "#/components/schemas/GitAuthConfig", "description": "(optional) GitAuth allows configuring git authentication options\nThere are 3 different authentication options:\n * SSH private key (and its optional password)\n * Personal access token\n * Basic auth username and password\nOnly one authentication mode will be considered if more than one option is specified,\nwith ssh private key/password preferred first, then personal access token, and finally\nbasic auth credentials.", "x-order": 5 }, "repoDir": { "description": "(optional) RepoDir is the directory to work from in the project's source repository\nwhere Pulumi.yaml is located. It is used in case Pulumi.yaml is not\nin the project source root.", "type": "string", "x-order": 3 }, "repoUrl": { "description": "The URL of the git repository.", "type": "string", "x-order": 1 } }, "type": "object" }, "SourceContextGitRequest": { "description": "Request to configure a git-based source context.", "properties": { "branch": { "description": "The branch to use from the repository.", "type": "string", "x-order": 2 }, "commit": { "description": "The commit hash to deploy. Mutually exclusive with `branch`.", "type": "string", "x-order": 4 }, "gitAuth": { "$ref": "#/components/schemas/GitAuthConfigRequest", "description": "Git authentication configuration.", "x-order": 5 }, "repoDir": { "description": "The subdirectory within the repository where Pulumi.yaml is located.", "type": "string", "x-order": 3 }, "repoUrl": { "description": "The URL of the git repository.", "type": "string", "x-order": 1 } }, "type": "object" }, "SourceContextHg": { "description": "Mercurial-based source context for obtaining source code from a repository.", "properties": { "branch": { "description": "The branch to use from the repository.", "type": "string", "x-order": 2 }, "hgAuth": { "$ref": "#/components/schemas/GitAuthConfig", "description": "(optional) HgAuth allows configuring Mercurial authentication options.\nThere are 3 different authentication options:\n * SSH private key (and its optional password)\n * Personal access token\n * Basic auth username and password\nOnly one authentication mode will be considered if more than one option is specified,\nwith ssh private key/password preferred first, then personal access token, and finally\nbasic auth credentials.", "x-order": 5 }, "repoDir": { "description": "(optional) RepoDir is the directory to work from in the project's source repository\nwhere Pulumi.yaml is located. It is used in case Pulumi.yaml is not\nin the project source root.", "type": "string", "x-order": 3 }, "repoUrl": { "description": "The URL of the Mercurial repository.", "type": "string", "x-order": 1 }, "revision": { "description": "(optional) Revision is the changeset hash to check out. If used, the working directory\nwill be updated to this specific revision. This is mutually exclusive with the Branch setting.\nEither value needs to be specified.", "type": "string", "x-order": 4 } }, "type": "object" }, "SourceContextHgRequest": { "description": "Request to configure a Mercurial-based source context.", "properties": { "branch": { "description": "The branch to use from the repository.", "type": "string", "x-order": 2 }, "hgAuth": { "$ref": "#/components/schemas/GitAuthConfigRequest", "description": "Mercurial authentication configuration.", "x-order": 5 }, "repoDir": { "description": "The subdirectory within the repository where Pulumi.yaml is located.", "type": "string", "x-order": 3 }, "repoUrl": { "description": "The URL of the Mercurial repository.", "type": "string", "x-order": 1 }, "revision": { "description": "The changeset hash to check out.", "type": "string", "x-order": 4 } }, "type": "object" }, "SourceContextRequest": { "description": "Request to configure a source context: git-based, Mercurial-based, or template-based. Only one may be specified.", "properties": { "git": { "$ref": "#/components/schemas/SourceContextGitRequest", "description": "Git-based source context configuration.", "x-order": 1 }, "hg": { "$ref": "#/components/schemas/SourceContextHgRequest", "description": "Mercurial-based source context configuration.", "x-order": 2 }, "template": { "$ref": "#/components/schemas/SourceContextTemplateRequest", "description": "Template-based source context configuration.", "x-order": 3 } }, "type": "object" }, "SourceContextTemplate": { "description": "Template-based source context for obtaining source code from a template URL.", "properties": { "gitAuth": { "$ref": "#/components/schemas/GitAuthConfig", "description": "GitAuth allows configuring git authentication options\nThe only authentication option is personal access token as of now.", "x-order": 2 }, "sourceUrl": { "description": "The URL of the template source. Supports two URL schemes:\n\n**Registry-backed templates** use the `registry://` scheme with the format:\n`registry://templates/source/publisher/name[@version]`\n\n- `source`: The template source identifier (e.g., the registry source name)\n- `publisher`: The organization or user that published the template\n- `name`: The template name\n- `version`: Optional semver version (e.g., `1.0.0`). If omitted, defaults to the latest version\n\nExample: `registry://templates/pulumi/acme-corp/aws-vpc@2.1.0`\n\n**VCS-backed templates** use standard VCS URLs (GitHub, GitLab, Azure DevOps, etc.):\n`https://github.com/org/repo`", "type": "string", "x-order": 1 } }, "type": "object" }, "SourceContextTemplateRequest": { "description": "Request to configure a template-based source context.", "properties": { "gitAuth": { "$ref": "#/components/schemas/GitAuthConfigRequest", "description": "Git authentication configuration for accessing the template source.", "x-order": 2 }, "sourceUrl": { "description": "The URL of the template source. Supports two URL schemes:\n\n**Registry-backed templates** use the `registry://` scheme with the format:\n`registry://templates/source/publisher/name[@version]`\n\n- `source`: The template source identifier (e.g., the registry source name)\n- `publisher`: The organization or user that published the template\n- `name`: The template name\n- `version`: Optional semver version (e.g., `1.0.0`). If omitted, defaults to the latest version\n\nExample: `registry://templates/pulumi/acme-corp/aws-vpc@2.1.0`\n\n**VCS-backed templates** use standard VCS URLs (GitHub, GitLab, Azure DevOps, etc.):\n`https://github.com/org/repo`", "type": "string", "x-order": 1 } }, "type": "object" }, "StackDeploymentsMetadataResponse": { "description": "Metadata related to all of a stack's deployments. This is different from settings in that\nit applies to all deployments with the same ProgramID; it's not configurable per deployment.", "properties": { "drift": { "$ref": "#/components/schemas/StackDriftStatus", "description": "Drift contains the drift status of the stack and associated metadata", "x-order": 5 }, "hasSchedules": { "description": "HasSchedules is true if the stack has at least one schedule.", "type": "boolean", "x-order": 4 }, "organizationPaused": { "description": "OrgPaused is true if all deployments are paused for the org.", "type": "boolean", "x-order": 3 }, "paused": { "description": "Paused is true if new deployments for this stack right now would be paused. This could\nbe due to a stack-level or org-level pause.", "type": "boolean", "x-order": 1 }, "stackPaused": { "description": "StackPaused is true if deployments for this stack specifically are paused.", "type": "boolean", "x-order": 2 } }, "required": [ "hasSchedules", "organizationPaused", "paused", "stackPaused" ], "type": "object" }, "StackDriftStatus": { "description": "The drift detection status for a stack.", "properties": { "driftDetected": { "description": "Whether drift was detected in the latest run.", "type": "boolean", "x-order": 1 }, "latestDriftRun": { "description": "The identifier of the latest drift detection run.", "type": "string", "x-order": 2 }, "runInProgress": { "description": "Whether a drift detection run is currently in progress.", "type": "boolean", "x-order": 3 } }, "required": [ "driftDetected", "latestDriftRun", "runInProgress" ], "type": "object" }, "StackMetadata": { "description": "StackMetadata returns metadata about a stack.", "properties": { "notificationSettings": { "$ref": "#/components/schemas/StackNotificationSettings", "description": "The notification settings for this stack.", "x-order": 5 }, "orgName": { "description": "The organization that owns the stack.", "type": "string", "x-order": 1 }, "ownedBy": { "$ref": "#/components/schemas/UserInfo", "description": "The user with ownership of this stack", "x-order": 4 }, "projectName": { "description": "The project that contains the stack.", "type": "string", "x-order": 2 }, "stackName": { "description": "The stack name within the project.", "type": "string", "x-order": 3 } }, "required": [ "notificationSettings", "orgName", "ownedBy", "projectName", "stackName" ], "type": "object" }, "StackNotificationSettings": { "description": "StackNotificationSettings is the object containing the notification settings for a stack.", "properties": { "notifyUpdateFailure": { "description": "Whether to send a notification when a stack update fails.", "type": "boolean", "x-order": 1 }, "notifyUpdateSuccess": { "description": "Whether to send a notification when a stack update succeeds.", "type": "boolean", "x-order": 2 } }, "required": [ "notifyUpdateFailure", "notifyUpdateSuccess" ], "type": "object" }, "StackOverviewResponse": { "description": "StackOverviewResponse contains data to be displayed for the stack overview.", "properties": { "referencedStacks": { "description": "The list of stacks referenced by this stack.", "items": { "$ref": "#/components/schemas/StackReference" }, "type": "array", "x-order": 2 }, "resources": { "$ref": "#/components/schemas/GetStackResourcesResponse", "description": "The resources belonging to this stack.", "x-order": 3 }, "tags": { "additionalProperties": { "type": "string" }, "description": "The tags associated with this stack.", "type": "object", "x-order": 1 } }, "required": [ "referencedStacks", "resources", "tags" ], "type": "object" }, "StackReference": { "description": "StackReference contains information about a stack reference.", "properties": { "name": { "description": "The name of the referenced stack.", "type": "string", "x-order": 3 }, "organization": { "description": "The organization that owns the referenced stack.", "type": "string", "x-order": 1 }, "routingProject": { "description": "The project used for routing to the referenced stack.", "type": "string", "x-order": 2 }, "version": { "description": "The version of the stack when it was referenced.", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "name", "organization", "routingProject", "version" ], "type": "object" }, "StackTag": { "description": "StackTag holds the name and value of a single stack tag.", "properties": { "name": { "description": "The tag key, which must conform to the stack tag naming rules.", "enum": [ "pulumi:project", "pulumi:runtime", "pulumi:description", "pulumi:template", "vcs:owner", "vcs:repo", "vcs:kind", "vcs:root" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppStackTagName", "enumComments": "StackTagName is the key for the tags bag in stack. This is just a string, but we use a type alias to provide a richer\ndescription of how the string is used in our apitype definitions.", "enumFieldNames": [ "ProjectNameTag", "ProjectRuntimeTag", "ProjectDescriptionTag", "ProjectTemplateTag", "VCSOwnerNameTag", "VCSRepositoryNameTag", "VCSRepositoryKindTag", "VCSRepositoryRootTag" ], "enumFieldComments": [ "ProjectNameTag is a tag that represents the name of a project (coresponds to the `name` property of Pulumi.yaml).", "ProjectRuntimeTag is a tag that represents the runtime of a project (the `runtime` property of Pulumi.yaml).", "ProjectDescriptionTag is a tag that represents the description of a project (Pulumi.yaml's `description`).", "ProjectTemplateTag is a tag that represents the template that was used to create a project.", "VCSOwnerNameTag is a tag that represents the name of the owner on the cloud VCS that this stack\nmay be associated with (inferred by the CLI based on git remote info).", "VCSRepositoryNameTag is a tag that represents the name of a repository on the cloud VCS that this stack\nmay be associated with (inferred by the CLI based on git remote info).", "VCSRepositoryKindTag is a tag that represents the kind of the cloud VCS that this stack\nmay be associated with (inferred by the CLI based on the git remote info).", "VCSRepositoryRootTag is a tag that represents the root directory of the repository on the cloud VCS that\nthis stack may be associated with (pulled from git by the CLI)" ] } }, "value": { "description": "The tag value associated with this key.", "type": "string", "x-order": 2 } }, "required": [ "name", "value" ], "type": "object" }, "StackTeam": { "description": "StackTeam is a team that has access to a particular stack.", "properties": { "description": { "description": "A description of the team.", "type": "string", "x-order": 3 }, "displayName": { "description": "The display name of the team.", "type": "string", "x-order": 2 }, "isMember": { "description": "IsMember is true if the requesting user is a member of the team.", "type": "boolean", "x-order": 5 }, "name": { "description": "The unique name of the team.", "type": "string", "x-order": 1 }, "permission": { "description": "The permission level this team has on the stack.", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } } }, "required": [ "description", "displayName", "isMember", "name", "permission" ], "type": "object" }, "StackUpdate": { "description": "StackUpdate contains information about a stack update.", "properties": { "time": { "description": "The timestamp when the update was created.", "type": "string", "x-order": 1 }, "version": { "description": "The version number of the update.", "format": "int32", "type": "integer", "x-order": 2 } }, "required": [ "time", "version" ], "type": "object" }, "StackUsage": { "description": "StackUsage contains information about a stack that uses a specific package.", "properties": { "lastUpdate": { "$ref": "#/components/schemas/StackUpdate", "description": "Information about the most recent stack update, if available.", "x-order": 6 }, "projectName": { "description": "The name of the project containing this stack.", "type": "string", "x-order": 3 }, "providerUrn": { "description": "The full provider URN for this stack.", "type": "string", "x-order": 5 }, "stackId": { "description": "The unique identifier of the stack.", "type": "string", "x-order": 2 }, "stackName": { "description": "The name of the stack.", "type": "string", "x-order": 1 }, "version": { "description": "The parsed semantic version of the package used, if available.", "type": "string", "x-order": 4 } }, "type": "object" }, "StartPackagePublishRequest": { "description": "Request to start publishing a package to the registry.", "properties": { "publishedAt": { "description": "Optional timestamp for when the package version was originally published. If not provided, defaults to current server time. Useful for backfilling historical versions with their original publish dates.", "format": "date-time", "type": "string", "x-order": 2 }, "version": { "description": "The semantic version of the package to publish.", "type": "string", "x-order": 1 } }, "required": [ "version" ], "type": "object" }, "StartPackagePublishResponse": { "description": "Response containing the operation ID and upload URLs for a package publish.", "properties": { "operationID": { "description": "The unique identifier for the publish operation.", "type": "string", "x-order": 1 }, "uploadURLs": { "$ref": "#/components/schemas/PackageUploadURLs", "description": "The URLs to upload package artifacts to.", "x-order": 2 } }, "required": [ "operationID", "uploadURLs" ], "type": "object" }, "StartTemplatePublishRequest": { "description": "Request to start publishing a template to the registry.", "properties": { "version": { "description": "The semantic version of the template to publish.", "type": "string", "x-order": 1 } }, "required": [ "version" ], "type": "object" }, "StartTemplatePublishResponse": { "description": "Response containing the operation ID and upload URLs for a template publish.", "properties": { "operationID": { "description": "The unique identifier for the publish operation.", "type": "string", "x-order": 1 }, "uploadURLs": { "$ref": "#/components/schemas/TemplateUploadURLs", "description": "The URLs to upload template artifacts to.", "x-order": 2 } }, "required": [ "operationID", "uploadURLs" ], "type": "object" }, "StepRun": { "description": "StepRun contains information about a step run.", "properties": { "lastUpdated": { "description": "The timestamp when the step was last updated.", "format": "date-time", "type": "string", "x-order": 4 }, "name": { "description": "The name of the step.", "type": "string", "x-order": 1 }, "started": { "description": "The timestamp when the step started.", "format": "date-time", "type": "string", "x-order": 3 }, "status": { "description": "The current status of the step.", "enum": [ "not-started", "running", "failed", "succeeded" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "StepStatus", "enumComments": "StepStatus describes the status of a step in a workflow job run.", "enumFieldNames": [ "NotStarted", "Running", "Failed", "Succeeded" ], "enumFieldComments": [ "StepStatusNotStarted indicates that a step has not yet started.", "StepStatusRunning indicates that a step is running.", "StepStatusFailed indicates that a step has failed.", "StepStatusSucceeded indicates that a step has succeeded." ] } } }, "required": [ "name", "status" ], "type": "object" }, "SubmitChangeRequestRequest": { "description": "SubmitChangeRequestRequest is used to submit a draft change request for approval", "properties": { "description": { "description": "Description/justification for the change request", "type": "string", "x-order": 1 } }, "type": "object" }, "TargetEntity": { "description": "TargetEntity contains populated details about the targeted entity for a change request or gate", "discriminator": { "mapping": { "environment": "#/components/schemas/TargetEntityEnvironment" }, "propertyName": "entityType" }, "properties": { "entityType": { "type": "string" } }, "required": [ "entityType" ], "type": "object" }, "TargetEntityEnvironment": { "allOf": [ { "$ref": "#/components/schemas/TargetEntity" }, { "description": "Environment entity information if the target is an environment", "properties": { "name": { "description": "The environment name", "example": "production", "type": "string", "x-order": 2 }, "project": { "description": "The project name", "example": "my-project", "type": "string", "x-order": 1 } }, "required": [ "name", "project" ], "type": "object" } ] }, "Team": { "description": "Team describes a Pulumi team. A Pulumi team may have its organization\nmanaged by another service, such as GitHub.", "properties": { "accounts": { "description": "The list of account permissions granted to the team.", "items": { "$ref": "#/components/schemas/TeamAccountPermission" }, "type": "array", "x-order": 8 }, "description": { "description": "A free-form text description of the team's purpose.", "type": "string", "x-order": 4 }, "displayName": { "description": "The human-readable display name shown in the UI.", "type": "string", "x-order": 3 }, "environments": { "description": "The list of environment settings for the team.", "items": { "$ref": "#/components/schemas/TeamEnvironmentSettings" }, "type": "array", "x-order": 7 }, "kind": { "description": "The kind of team (e.g., pulumi or GitHub-backed).", "enum": [ "github", "pulumi", "scim" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "TeamKind", "enumComments": "TeamKind is the kind of team.", "enumFieldNames": [ "GitHub", "Pulumi", "SCIM" ], "enumFieldComments": [ "TeamKindGitHub is for teams where membership is managed by GitHub.", "TeamKindPulumi is for teams where membership is managed by Pulumi.", "TeamKindSCIM is for SCIM provisioned teams. Membership is managed by its IdP." ] } }, "listMembersError": { "description": "ListMembersError is the error message if an error was encountered whilst trying to\ncontact the team's backend (eg. GitHub). The UI will only show this error if it is non-nil\nand if Members itself is an empty slice.", "type": "string", "x-order": 9 }, "members": { "description": "The list of team members.", "items": { "$ref": "#/components/schemas/TeamMemberInfo" }, "type": "array", "x-order": 5 }, "name": { "description": "The unique identifier name of the team within the organization.", "type": "string", "x-order": 2 }, "roleIds": { "description": "RoleIDs are the IDs of the FGA roles assigned to the team, if any.\nCurrently only one role per team is supported.", "items": { "type": "string" }, "type": "array", "x-order": 11 }, "stacks": { "description": "The list of stack permissions granted to the team.", "items": { "$ref": "#/components/schemas/TeamStackPermission" }, "type": "array", "x-order": 6 }, "userRole": { "description": "UserRole is the calling user's role on the given team.", "enum": [ "none", "member", "admin" ], "type": "string", "x-order": 10, "x-pulumi-model-property": { "enumTypeName": "TeamRole", "enumComments": "TeamRole is the kind of role a user has in a team." } } }, "required": [ "description", "displayName", "kind", "name" ], "type": "object" }, "TeamAccountPermission": { "description": "TeamAccountPermission is the permission team membership grants to an account.", "properties": { "accountName": { "description": "The Insights account name.", "type": "string", "x-order": 1 }, "permission": { "description": "The permission level the team has on this Insights account.", "enum": [ 0, 1, 2, 3 ], "format": "int64", "type": "integer", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "InsightsAccountPermission", "enumComments": "InsightsAccountPermission is a value describing the permission level a user has for a Pulumi Insights account.", "enumFieldNames": [ "None", "Read", "Write", "Admin" ], "enumFieldComments": [ "InsightsAccountPermissionNone provides no access.", "InsightsAccountPermissionRead provides read-only access.", "InsightsAccountPermissionWrite provides read/write access to an account.", "InsightsAccountPermissionAdmin provides admin-level access to the account." ] } }, "permissionSetName": { "description": "Display name of the permission set for this account, when available. Enables read-only entity access UI without requiring RoleRead.", "type": "string", "x-order": 3 } }, "required": [ "accountName", "permission" ], "type": "object" }, "TeamEnvironmentSettings": { "description": "TeamEnvironmentSettings contains additional settings a team applies to an environment.", "properties": { "envName": { "description": "The environment within the project.", "type": "string", "x-order": 2 }, "maxOpenDuration": { "description": "The maximum duration an environment session can remain open, as a Go duration string (e.g. \"1h30m\").", "type": "string", "x-order": 4 }, "permission": { "description": "The permission level the team has on this environment.", "enum": [ "none", "read", "open", "write", "admin" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "EnvironmentPermission", "enumComments": "EnvironmentPermission is an enum describing the permission level to access an environment." } }, "permissionSetName": { "description": "Display name of the permission set for this environment, when available. Enables read-only entity access UI without requiring RoleRead.", "type": "string", "x-order": 5 }, "projectName": { "description": "The project containing the environment.", "type": "string", "x-order": 1 } }, "required": [ "envName", "permission", "projectName" ], "type": "object" }, "TeamMemberInfo": { "allOf": [ { "$ref": "#/components/schemas/UserInfo" }, { "description": "TeamMemberInfo is a UserInfo extended to contain the TeamRole.", "properties": { "role": { "description": "The member's role within the team.", "enum": [ "none", "member", "admin" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "TeamRole", "enumComments": "TeamRole is the kind of role a user has in a team." } } }, "required": [ "role" ], "type": "object" } ] }, "TeamPermission": { "description": "TeamPermission describes the team and the stack permission that team has for a specific stack.", "properties": { "permission": { "description": "The permission level the team has on the stack (e.g., read, write, admin).", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } }, "team": { "$ref": "#/components/schemas/Team", "description": "The team that has been granted access to the stack.", "x-order": 1 } }, "required": [ "permission", "team" ], "type": "object" }, "TeamStackPermission": { "description": "TeamStackPermission is the permission team membership grants to a stack.", "properties": { "permission": { "description": "The permission level the team has on this stack (e.g., read, write, admin).", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } }, "permissionSetName": { "description": "Display name of the permission set for this stack, when available. Enables read-only entity access UI without requiring RoleRead.", "type": "string", "x-order": 4 }, "projectName": { "description": "The project containing the stack.", "type": "string", "x-order": 1 }, "stackName": { "description": "The stack within the project.", "type": "string", "x-order": 2 } }, "required": [ "permission", "projectName", "stackName" ], "type": "object" }, "Template": { "description": "Template describes a Pulumi project template.", "properties": { "config": { "additionalProperties": { "$ref": "#/components/schemas/AppProjectTemplateConfigValue" }, "description": "Configuration values for the template.", "type": "object", "x-order": 14 }, "description": { "description": "A free-form text description of the template's purpose.", "type": "string", "x-order": 5 }, "displayName": { "description": "The human-readable display name shown in the UI.", "type": "string", "x-order": 4 }, "downloadURL": { "description": "An URL, valid for at least 5 minutes that you can retrieve the full download\nbundle for your template.\n\nThe bundle will be a .tar.gz.", "type": "string", "x-order": 9 }, "language": { "description": "The language that the template is in, inferred from the runtime.\nThis may differ from the runtime (e.g., dotnet runtime with C# language,\nnodejs runtime with TypeScript language) or be the same (e.g., python).", "enum": [ "unknown", "python", "go", "dotnet", "java", "javascript", "typescript", "yaml" ], "type": "string", "x-order": 7, "x-pulumi-model-property": { "enumTypeName": "RuntimeLanguage", "enumComments": "The programming language runtime used by a Pulumi program.", "enumFieldNames": [ "Unknown", "Python", "Go", "DotNet", "Java", "JavaScript", "Typescript", "Yaml" ] } }, "metadata": { "additionalProperties": { "type": "string" }, "description": "Key-value metadata associated with the template.", "type": "object", "x-order": 13 }, "name": { "description": "The unique identifier name of the template.", "type": "string", "x-order": 1 }, "publisher": { "description": "The organization or user that published the template.", "type": "string", "x-order": 2 }, "readmeURL": { "description": "ReadmeURL is just a pre-signed URL, derived from the artifact key.", "type": "string", "x-order": 8 }, "repoSlug": { "description": "A link to the hosting repository. Non-VCS backed templates do not have a repo slug as of now.", "type": "string", "x-order": 10 }, "runtime": { "$ref": "#/components/schemas/TemplateRuntimeInfo", "description": "The runtime that the template uses with optional configuration.", "x-order": 6 }, "source": { "description": "The source identifier indicating where the template originates from.", "type": "string", "x-order": 3 }, "updatedAt": { "description": "The timestamp when the template was last updated.", "format": "date-time", "type": "string", "x-order": 12 }, "url": { "description": "For registry-backed templates, the URL will be a registry:// URL. For\nVCS-backed templates, this will be the VCS URL (e.g., GitHub, GitLab).", "type": "string", "x-order": 15 }, "visibility": { "description": "The visibility of the template (public or private).", "enum": [ "public", "private" ], "type": "string", "x-order": 11, "x-pulumi-model-property": { "enumTypeName": "Visibility", "enumComments": "Visibility indicates whether an entity is public or private." } } }, "required": [ "displayName", "downloadURL", "language", "name", "publisher", "source", "updatedAt", "url", "visibility" ], "type": "object" }, "TemplateDestination": { "description": "TemplateDestination describes the destination for a template.", "properties": { "url": { "description": "The destination URL.", "type": "string", "x-order": 1 } }, "required": [ "url" ], "type": "object" }, "TemplateRuntimeInfo": { "description": "TemplateRuntimeInfo describes the runtime used by a template.", "properties": { "name": { "description": "The runtime language or platform, e.g. 'nodejs', 'python', 'go', 'dotnet', 'java', 'yaml'.", "type": "string", "x-order": 1 }, "options": { "additionalProperties": { "type": "object" }, "description": "Optional configuration options for the runtime.", "type": "object", "x-order": 2 } }, "type": "object" }, "TemplateSource": { "description": "A source containing one or more Pulumi templates.", "properties": { "destination": { "$ref": "#/components/schemas/TemplateDestination", "description": "Deprecated - use destinationURL instead.", "x-order": 7 }, "destinationURL": { "description": "The destination URL for the template source.", "type": "string", "x-order": 6 }, "error": { "description": "An error message if the template source is invalid. Omitted or empty when the source is valid.", "type": "string", "x-order": 3 }, "id": { "description": "The unique identifier of the template source.", "type": "string", "x-order": 1 }, "isValid": { "description": "Whether the template source configuration is valid.", "type": "boolean", "x-order": 2 }, "name": { "description": "The human-readable name for this template source.", "type": "string", "x-order": 4 }, "sourceURL": { "description": "The source URL to fetch templates from.", "type": "string", "x-order": 5 } }, "required": [ "id", "isValid", "name", "sourceURL" ], "type": "object" }, "TemplateUploadURLs": { "description": "TemplateUploadURLs contains pre-signed URLs for uploading template artifacts.", "properties": { "archive": { "description": "The pre-signed URL for uploading the template archive.", "type": "string", "x-order": 1 } }, "required": [ "archive" ], "type": "object" }, "TemplateVersion": { "allOf": [ { "$ref": "#/components/schemas/Template" }, { "description": "TemplateVersion represents a specific version of a registry-backed template.\nThis extends the Template model with version information for listing template versions.", "properties": { "version": { "description": "Version is the semantic version of this template.", "type": "string", "x-order": 1 } }, "required": [ "version" ], "type": "object" } ] }, "TokenExchangeGrantResponse": { "description": "https://datatracker.ietf.org/doc/html/rfc8693#section-2.2.1", "properties": { "access_token": { "description": "The security token issued by the authorization server.", "type": "string", "x-order": 1 }, "expires_in": { "description": "The lifetime in seconds of the access token.", "format": "int64", "type": "integer", "x-order": 4 }, "issued_token_type": { "description": "The type of the issued token.", "type": "string", "x-order": 2 }, "refresh_token": { "description": "The refresh token, if issued.", "type": "string", "x-order": 6 }, "scope": { "description": "The scope of the access token.", "type": "string", "x-order": 5 }, "token_type": { "description": "The token type (e.g., Bearer).", "type": "string", "x-order": 3 } }, "required": [ "access_token", "expires_in", "issued_token_type", "scope", "token_type" ], "type": "object" }, "TokenInfo": { "description": "TokenInfo contains metadata about an access token.", "properties": { "name": { "description": "The name of the access token.", "type": "string", "x-order": 1 }, "organization": { "description": "The organization the token is scoped to, if any.", "type": "string", "x-order": 2 }, "team": { "description": "The team the token is scoped to, if any.", "type": "string", "x-order": 3 } }, "required": [ "name", "organization", "team" ], "type": "object" }, "TransferAllStacksRequest": { "description": "TransferAllStacksRequest request object for `transferring` ownership of all stacks\nfrom one organization to another.", "properties": { "fromOrg": { "description": "The source organization to transfer stacks from. Must match the organization in the URL route.", "type": "string", "x-order": 1 }, "toOrg": { "description": "The destination organization to transfer stacks to.", "type": "string", "x-order": 2 } }, "required": [ "fromOrg", "toOrg" ], "type": "object" }, "TransferStackRequest": { "description": "TransferStackRequest request object for `transferring` ownership of a stack between two organizations.", "properties": { "fromOrg": { "description": "The source organization to transfer the stack from. If unset, the organization from the URL route parameters is used.", "type": "string", "x-order": 3 }, "projectName": { "description": "The project name of the stack to transfer. If unset, the project from the URL route parameters is used.", "type": "string", "x-order": 1 }, "stackName": { "description": "The name of the stack to transfer. If unset, the stack from the URL route parameters is used.", "type": "string", "x-order": 2 }, "toOrg": { "description": "The organization to transfer the stack to.", "type": "string", "x-order": 4 } }, "required": [ "toOrg" ], "type": "object" }, "TrialUsageSummary": { "description": "Summary of trial usage for Pulumi Insights.", "properties": { "dhrum": { "$ref": "#/components/schemas/ConsumptionUsage", "description": "Discovered resources usage during the trial.", "x-order": 1 }, "insightsScans": { "$ref": "#/components/schemas/ConsumptionUsage", "description": "Insights scans usage during the trial.", "x-order": 2 } }, "type": "object" }, "UnapproveChangeRequestRequest": { "description": "UnapproveChangeRequestRequest is used to withdraw approval from a change request or specific revision", "properties": { "comment": { "description": "Optional note clarifying the reason for revoking approval", "type": "string", "x-order": 1 } }, "type": "object" }, "UnitRateGraduatedTier": { "description": "UnitRateGraduatedTier describes a single tier within a graduated pricing plan.", "properties": { "costPerResource": { "description": "CostPerResource is the amount per resource to be charted on top of the flat fee.", "type": "string", "x-order": 4 }, "flatFee": { "description": "FlatFee is the flat amount to be charged at this tier, if any.", "format": "int64", "type": "integer", "x-order": 2 }, "tier": { "description": "Tier is an ordered index of where this tier places amongst other tiers. Tiers are 0-indexed.", "format": "int64", "type": "integer", "x-order": 1 }, "upperBound": { "description": "UpperBound defines the upper limit, inclusive, that closes out the tier. The lower bound\nshould be inferred from the previous tier if it exists; otherwise zero.", "format": "int64", "type": "integer", "x-order": 3 } }, "required": [ "costPerResource", "flatFee", "tier", "upperBound" ], "type": "object" }, "UnitRateGraduatedV0": { "description": "UnitRateGraduatedV0 describes the rate for each unit of a Pulumi Subscription. The specific value is intended to\nbe opaque, and only obtained via parsing.\nThis rate was introduced as our first Growth pricing plans, representing a simplified version of a graduated\npricing plan that merges together two tiers. It can later be extended to handle other types of straightforward\npricing plans, e.g. tiered pricing or flat-rate plans. For now only supports our per-Pulumi credit plans\nthat have a single overage rate.", "properties": { "costPerResource": { "description": "PerUnitCost is a user-facing string describing the cost-per unit with the currency symbol.\ne.g. \"$0.0005\".\nKeep the JSON tag as \"costPerResource\" to maintain compatibility with the frontend\nuntil we consolidate product.UnitRateGraduatedV0 and apitype.UnitRateGraduatedV1.", "type": "string", "x-order": 3 }, "creditsIncluded": { "description": "IncludedCredits is the number of resource-hours included in the subscription, e.g. the\npre-paid credits or those in the \"free tier\".\nKeep the JSON tag as \"creditsIncluded\" to maintain compatibility with the frontend\nuntil we consolidate product.UnitRateGraduatedV0 and apitype.UnitRateGraduatedV1.", "format": "int64", "type": "integer", "x-order": 2 }, "upfrontCost": { "description": "UpfrontCost is the up-front charge the customer will have paid to have an active subscription.\nFor Team Growth this is $0, since there is no credit pre-payment and has free-tier. But for\nEnterprise Growth, it is usually (Rate * CreditsIncluded).\n\nValue is in USD cents.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "costPerResource", "creditsIncluded", "upfrontCost" ], "type": "object" }, "UnitRateGraduatedV1": { "description": "UnitRateGraduatedV1 captures the structure of a graduated pricing plan.", "properties": { "tiers": { "description": "The list of graduated pricing tiers.", "items": { "$ref": "#/components/schemas/UnitRateGraduatedTier" }, "type": "array", "x-order": 1 } }, "required": [ "tiers" ], "type": "object" }, "UnitRateGraduatedV2": { "description": "UnitRateGraduatedV2 captures the structure of a pricing plan where the free tier is handled via credit grants rather than being baked into the pricing tiers. Contains only paid (on-demand) tiers. For graduated prices, tiers contains multiple entries. For per-unit prices with a single rate, tiers contains a single entry.", "properties": { "tiers": { "description": "The list of on-demand pricing tiers. For graduated prices, contains multiple tiers. For per-unit prices, contains a single tier.", "items": { "$ref": "#/components/schemas/UnitRateGraduatedTier" }, "type": "array", "x-order": 1 } }, "required": [ "tiers" ], "type": "object" }, "UpdateAzureDevOpsAppIntegrationRequest": { "description": "Request body for creating or updating an Azure DevOps app integration for a Pulumi organization.", "properties": { "disableCodeAccessForReviews": { "description": "Whether to disable code access for AI reviews", "type": "boolean", "x-order": 6 }, "disableDetailedDiff": { "description": "Whether detailed property-level diffs are disabled for PR comments", "type": "boolean", "x-order": 5 }, "disableNeoSummaries": { "description": "Whether Neo AI summaries are disabled for this integration", "type": "boolean", "x-order": 4 }, "disablePRComments": { "description": "Whether PR comments are disabled for this integration", "type": "boolean", "x-order": 3 }, "organizationName": { "description": "The name of the Azure DevOps organization (e.g., 'mycompany' in dev.azure.com/mycompany)", "type": "string", "x-order": 1 }, "projectId": { "description": "The ID of the Azure DevOps project to integrate", "type": "string", "x-order": 2 } }, "type": "object" }, "UpdateChangeGateRequest": { "description": "UpdateChangeGateRequest represents the request to update an existing change gate", "properties": { "enabled": { "description": "Whether the change gate is enabled", "type": "boolean", "x-order": 2 }, "name": { "description": "Name of the change gate", "type": "string", "x-order": 1 }, "rule": { "$ref": "#/components/schemas/ChangeGateRuleInput", "description": "Rule configuration for the gate", "x-order": 4 }, "target": { "$ref": "#/components/schemas/ChangeGateTargetInput", "description": "Target configuration for the gate", "x-order": 3 } }, "required": [ "enabled", "name", "rule", "target" ], "type": "object" }, "UpdateChangeRequestRequest": { "description": "UpdateChangeRequestRequest is used to update change request metadata.", "properties": { "description": { "description": "Updated description/justification for the change request", "type": "string", "x-order": 1 } }, "required": [ "description" ], "type": "object" }, "UpdateEnvironmentResponse": { "allOf": [ { "$ref": "#/components/schemas/EnvironmentDiagnosticsResponse" }, { "description": "Response returned after updating an environment.", "type": "object" } ] }, "UpdateEnvironmentRevisionTagRequest": { "description": "Request to update an environment revision tag.", "properties": { "revision": { "description": "The revision number to associate with the tag.", "format": "int64", "type": "integer", "x-order": 1 } }, "type": "object" }, "UpdateEnvironmentTagRequest": { "description": "Request to update an environment tag.", "properties": { "currentTag": { "$ref": "#/components/schemas/UpdateEnvironmentTagRequestCurrentTag", "description": "The current tag value to match for optimistic concurrency control.", "x-order": 1 }, "newTag": { "$ref": "#/components/schemas/UpdateEnvironmentTagRequestNewTag", "description": "The new tag name and value to set.", "x-order": 2 } }, "required": [ "currentTag", "newTag" ], "type": "object" }, "UpdateEnvironmentTagRequestCurrentTag": { "description": "The current tag value to match when updating an environment tag.", "properties": { "value": { "description": "The current tag value.", "type": "string", "x-order": 1 } }, "required": [ "value" ], "type": "object" }, "UpdateEnvironmentTagRequestNewTag": { "description": "The new tag name and value to set when updating an environment tag.", "properties": { "name": { "description": "The new tag name.", "type": "string", "x-order": 1 }, "value": { "description": "The new tag value.", "type": "string", "x-order": 2 } }, "type": "object" }, "UpdateInfo": { "description": "UpdateInfo is an extension to the simpler pulumi CLI's UpdateInfo object.", "properties": { "githubCommitInfo": { "$ref": "#/components/schemas/GitHubCommitInfo", "description": "If the update's metadata indicates the update environment was from a GitHub based repo\nwe try to lookup the commit that was HEAD at the time of the update.\n\nMay not be set depending on which API is used to obtain the UpdateInfo object.", "x-order": 3 }, "info": { "$ref": "#/components/schemas/AppUpdateInfo", "description": "The underlying update information from the Pulumi CLI.", "x-order": 1 }, "latestVersion": { "description": "LatestVersion of the stack in general. i.e. the latest when Version == LatestVersion.", "format": "int64", "type": "integer", "x-order": 5 }, "policyPacks": { "description": "The Policy Packs that were required for this update.", "items": { "$ref": "#/components/schemas/AppPolicyPackMetadata" }, "type": "array", "x-order": 7 }, "requestedBy": { "$ref": "#/components/schemas/UserInfo", "description": "The user who requested the update.", "x-order": 6 }, "requestedByToken": { "description": "The access token used to request the update, if applicable.", "type": "string", "x-order": 8 }, "updateID": { "description": "UpdateID is the underlying Update's ID on the PPC.", "type": "string", "x-order": 2 }, "version": { "description": "Version of the stack that this UpdateInfo describe.", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "info", "latestVersion", "requestedBy", "updateID", "version" ], "type": "object" }, "UpdateInsightsAccountRequest": { "description": "Request to update an Insights account configuration.", "properties": { "agentPoolID": { "description": "The ID of the agent pool to run account discovery workflows.\nIf not specified, discovery will use the default agent pool.", "type": "string", "x-order": 4 }, "environment": { "description": "Reference to an ESC environment containing provider credentials,\nin the format 'project/environment' with an optional @version suffix.", "type": "string", "x-order": 1 }, "providerConfig": { "description": "Provider-specific configuration for the account.", "type": "object", "x-order": 3 }, "scanSchedule": { "description": "Schedule for automated discovery scans (e.g., 'none', 'daily').", "enum": [ "none", "12h", "daily" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "ScanSchedule", "enumComments": "ScanSchedule represents the schedule for automated scans.", "enumFieldNames": [ "None", "TwelveHours", "Daily" ], "enumFieldComments": [ "No automated scanning is configured.", "Scans run automatically every 12 hours.", "Scans run automatically on a daily schedule." ] } } }, "required": [ "environment" ], "type": "object" }, "UpdateInsightsResourceVersionPolicyResultsRequest": { "description": "Request to update policy results for an insights resource version.", "properties": { "claimId": { "description": "The claim ID for the policy evaluation.", "type": "string", "x-order": 1 }, "results": { "$ref": "#/components/schemas/InsightsPolicyResults", "description": "The policy evaluation results.", "x-order": 2 } }, "required": [ "claimId", "results" ], "type": "object" }, "UpdateOrganizationAuditLogExportSettingsRequest": { "description": "UpdateOrganizationAuditLogExportSettingsRequest is the request type when making\nchanges to an existing audit log export configuration.", "properties": { "newEnabled": { "description": "Whether the audit log export is enabled.", "type": "boolean", "x-order": 1 }, "newS3Configuration": { "$ref": "#/components/schemas/AuditLogsExportS3Config", "description": "The new S3 configuration for audit log export.", "x-order": 2 } }, "required": [ "newEnabled", "newS3Configuration" ], "type": "object" }, "UpdateOrganizationMemberRequest": { "description": "UpdateOrganizationMemberRequest is the request type for updating an organization member.", "properties": { "fgaRoleId": { "description": "The ID of a custom role to assign to the member. If both `role` and `fgaRoleId` are provided, `fgaRoleId` takes precedence.", "type": "string", "x-order": 2 }, "role": { "description": "The built-in role to assign to the member. Must be `member`, `admin`, or `billing-manager`. Ignored if `fgaRoleId` is also set.", "enum": [ "none", "member", "admin", "potential-member", "stack-collaborator", "billing-manager" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "OrganizationRole", "enumComments": "OrganizationRole is an enum defining a member's role within an organization.", "enumFieldNames": [ "None", "Member", "Admin", "PotentialMember", "StackCollaborator", "BillingManager" ], "enumFieldComments": [ "OrganizationRoleNone describes the role of non-members.", "OrganizationRoleMember is the role for regular members.", "OrganizationRoleAdmin is the role for admins.", "OrganizationRolePotentialMember is the role for users who are explicitly\nnot a member of the organization, but are a member of the backing org on\nthe 3rd party identity provider. (i.e. they could join the org.)", "OrganizationRoleStackCollaborator is the role for users who are not a member\nof an organization, but have been explicitly granted access to some of the\norganization's stacks. So they have limited permissions to access the org's\ndata.", "OrganizationRoleBillingManager is the role for billing admins." ] } } }, "type": "object" }, "UpdateOrganizationRequest": { "description": "UpdateOrganizationRequest is the request object to mutate an Organization's settings.\nNon nil-fields will overwrite the organization's settings, leaving existing values intact.", "properties": { "setAiEnablement": { "description": "The AI enablement setting for the organization.", "type": "string", "x-order": 10 }, "setDefaultAccountPermission": { "description": "The new default account permission for the organization.", "enum": [ 0, 1, 2, 3 ], "format": "int64", "type": "integer", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "InsightsAccountPermission", "enumComments": "InsightsAccountPermission is a value describing the permission level a user has for a Pulumi Insights account.", "enumFieldNames": [ "None", "Read", "Write", "Admin" ], "enumFieldComments": [ "InsightsAccountPermissionNone provides no access.", "InsightsAccountPermissionRead provides read-only access.", "InsightsAccountPermissionWrite provides read/write access to an account.", "InsightsAccountPermissionAdmin provides admin-level access to the account." ] } }, "setDefaultDeploymentRoleId": { "description": "The ID of the default deployment role. When set, this role is applied to all deployments that do not have a role explicitly configured in their stack deployment settings. Set to an empty string to clear the default.", "type": "string", "x-order": 15 }, "setDefaultEnvironmentPermission": { "description": "The new default environment permission for the organization.", "enum": [ "none", "read", "open", "write", "admin" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "EnvironmentPermission", "enumComments": "EnvironmentPermission is an enum describing the permission level to access an environment." } }, "setDefaultStackPermission": { "description": "The new default stack permission for the organization.", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } }, "setMembersCanCreateAccounts": { "description": "Whether members can create accounts.", "type": "boolean", "x-order": 8 }, "setMembersCanCreateStacks": { "description": "Whether members can create stacks.", "type": "boolean", "x-order": 4 }, "setMembersCanCreateTeams": { "description": "Whether members can create teams.", "type": "boolean", "x-order": 9 }, "setMembersCanDeleteStacks": { "description": "Whether members can delete stacks.", "type": "boolean", "x-order": 6 }, "setMembersCanInviteCollaborators": { "description": "Whether members can invite collaborators.", "type": "boolean", "x-order": 5 }, "setMembersCanTransferStacks": { "description": "Whether members can transfer stacks.", "type": "boolean", "x-order": 7 }, "setNeoApprovalMode": { "description": "The default approval mode for Neo tasks.", "enum": [ "manual", "auto", "balanced" ], "type": "string", "x-order": 12, "x-pulumi-model-property": { "enumTypeName": "NeoApprovalMode", "enumComments": "NeoApprovalMode represents the default approval mode for Neo AI agent tasks in an organization" } }, "setNeoEnabled": { "description": "Whether Neo is enabled for the organization.", "type": "boolean", "x-order": 11 }, "setNeoTaskSharingMode": { "description": "The task sharing mode for Neo.", "enum": [ "none", "org" ], "type": "string", "x-order": 13, "x-pulumi-model-property": { "enumTypeName": "NeoTaskSharingMode", "enumComments": "NeoTaskSharingMode represents the task sharing mode for Neo AI agents in an organization" } }, "setPreferredVCS": { "description": "The preferred VCS provider for the organization.", "enum": [ "none", "bitbucket", "github", "gitlab" ], "type": "string", "x-order": 14, "x-pulumi-model-property": { "enumTypeName": "PreferredVCS", "enumComments": "PreferredVCS represents an organization selected preferred VCS vendor", "enumFieldNames": [ "None", "Bitbucket", "GitHub", "GitLab" ] } } }, "type": "object" }, "UpdatePolicyGroupRequest": { "allOf": [ { "$ref": "#/components/schemas/AppUpdatePolicyGroupRequest" }, { "description": "UpdatePolicyGroupRequest modifies a Policy Group.", "properties": { "addInsightsAccount": { "$ref": "#/components/schemas/InsightsAccount", "description": "An Insights account to add to the policy group.", "x-order": 1 }, "agentPoolId": { "description": "Agent pool ID for audit policy evaluation. Set to empty string to clear, omit to leave unchanged.", "type": "string", "x-order": 3 }, "removeInsightsAccount": { "$ref": "#/components/schemas/InsightsAccount", "description": "An Insights account to remove from the policy group.", "x-order": 2 } }, "type": "object" } ] }, "UpdatePolicyIssueRequest": { "description": "Request to update a policy issue.", "properties": { "assignedTo": { "description": "The user to assign the policy issue to.", "type": "string", "x-order": 1 }, "priority": { "description": "The new priority for the policy issue.", "enum": [ "p0", "p1", "p2", "p3", "p4" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "PolicyIssuePriority", "enumComments": "Priority level of a policy issue, from P0 (most critical) to P4 (least critical)." } }, "status": { "description": "The new status for the policy issue. Valid values: open, in_progress, by_design, ignored. Note: fixed cannot be set manually.", "enum": [ "open", "in_progress", "by_design", "fixed", "ignored" ], "type": "string", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "PolicyIssueStatus", "enumComments": "Lifecycle status of a policy issue. Valid values: open, in_progress, by_design, fixed, ignored. Note: fixed is a read-only status set automatically when an issue is resolved; it cannot be manually set via the API.", "enumFieldNames": [ "Open", "InProgress", "ByDesign", "Fixed", "Ignored" ] } } }, "type": "object" }, "UpdateRoleRequest": { "description": "Request to update a custom role.", "properties": { "Description": { "description": "The new description for the role.", "type": "string", "x-order": 2 }, "Details": { "$ref": "#/components/schemas/PermissionDescriptor", "description": "The permission details for the role.", "x-order": 3 }, "Name": { "description": "The new name for the role.", "type": "string", "x-order": 1 } }, "required": [ "Description", "Details", "Name" ], "type": "object" }, "UpdateSAMLOrganizationRequest": { "description": "UpdateSAMLOrganizationRequest is the request type for an org admin to update a SAML-backed organization.\nNon-null fields will replace the corresponding fields of the organization.", "properties": { "newIdpSsoDescriptor": { "description": "The new IDP SSO descriptor XML for the SAML configuration.", "type": "string", "x-order": 1 } }, "type": "object" }, "UpdateServiceMetadataRequest": { "description": "Request for updating a services metadata.", "properties": { "description": { "description": "an optional description of the service", "type": "string", "x-order": 2 }, "name": { "description": "the name of the service", "type": "string", "x-order": 1 }, "properties": { "description": "an optional list of properties to set on the service", "items": { "$ref": "#/components/schemas/ServiceProperty" }, "type": "array", "x-order": 3 } }, "type": "object" }, "UpdateStackNotificationSettingsRequest": { "description": "UpdateStackNotificationsRequest is the request object to adjust a stack's notification settings.", "properties": { "notifyUpdateFailure": { "description": "Whether to send notifications on update failure.", "type": "boolean", "x-order": 1 }, "notifyUpdateSuccess": { "description": "Whether to send notifications on update success.", "type": "boolean", "x-order": 2 } }, "required": [ "notifyUpdateFailure", "notifyUpdateSuccess" ], "type": "object" }, "UpdateStackPolicyResultsRequest": { "description": "Request to update policy results for a stack.", "properties": { "claimId": { "description": "The claim ID for the policy evaluation.", "type": "string", "x-order": 1 }, "results": { "$ref": "#/components/schemas/InsightsPolicyResults", "description": "The policy evaluation results.", "x-order": 2 } }, "required": [ "claimId", "results" ], "type": "object" }, "UpdateSummary": { "description": "UpdateSummary contains a subset of the update data found in apitype.UpdateInfo.", "properties": { "endTime": { "description": "The end time of the update as a Unix timestamp.", "format": "int64", "type": "integer", "x-order": 3 }, "resourceCount": { "description": "ResourceCount is the current resource count for the update. Note that it\ndoesn't reflect the Stack's current resource count, only that particular\nupdate. (So the UpdateSummary for the same Stack will be different.)", "format": "int64", "type": "integer", "x-order": 4 }, "result": { "description": "The result of the update.", "enum": [ "not-started", "in-progress", "succeeded", "failed" ], "type": "string", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "AppUpdateResult", "enumComments": "UpdateResult is an enum for the result of the update.\nShould generally mirror backend.UpdateResult, but we clone it in this package to add\nflexibility in case there is a breaking change in the backend-type.", "enumFieldNames": [ "NotStarted", "InProgress", "Succeeded", "Failed" ], "enumFieldComments": [ "The update has not started.", "The update has not yet completed.", "The update completed successfully.", "The update has failed." ] } }, "startTime": { "description": "The start time of the update as a Unix timestamp.", "format": "int64", "type": "integer", "x-order": 2 } }, "required": [ "endTime", "resourceCount", "result", "startTime" ], "type": "object" }, "UpdateTaskRequest": { "description": "Request to update a task.", "properties": { "approvalMode": { "description": "Approval mode for this task. Null means no change. Valid values: 'manual', 'auto', 'balanced'.", "enum": [ "manual", "auto", "balanced" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "NeoApprovalMode", "enumComments": "NeoApprovalMode represents the default approval mode for Neo AI agent tasks in an organization" } }, "isShared": { "description": "Whether to share the task with other org members. Null means no change.", "type": "boolean", "x-order": 2 }, "name": { "description": "A new display name for the task. Null means no change. Must be between 1 and 255 characters after trimming whitespace.", "type": "string", "x-order": 1 }, "permissionMode": { "description": "The permission scope for the task. Null means no change.", "enum": [ "default", "read-only" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "NeoPermissionMode", "enumComments": "Permission scope for a Neo agent task. Controls the level of access the agent has when acting on behalf of the user.", "enumFieldNames": [ "Default", "ReadOnly" ] } } }, "type": "object" }, "UpdateTeamInsightsAccountPermissionsRequest": { "description": "Request to update the insights account permissions for a team.", "properties": { "permissions": { "description": "Permissions the permissions that team membership grants to the account.\nWill overwrite any existing permissions the team grants to the account.\nA nil value will remove the account from the team.", "enum": [ 0, 1, 2, 3 ], "format": "int64", "type": "integer", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "InsightsAccountPermission", "enumComments": "InsightsAccountPermission is a value describing the permission level a user has for a Pulumi Insights account.", "enumFieldNames": [ "None", "Read", "Write", "Admin" ], "enumFieldComments": [ "InsightsAccountPermissionNone provides no access.", "InsightsAccountPermissionRead provides read-only access.", "InsightsAccountPermissionWrite provides read/write access to an account.", "InsightsAccountPermissionAdmin provides admin-level access to the account." ] } } }, "type": "object" }, "UpdateTeamRequest": { "description": "UpdateTeamRequest modifies a team.", "properties": { "addEnvironmentPermission": { "$ref": "#/components/schemas/TeamEnvironmentSettings", "description": "An environment permission to add to the team.", "x-order": 8 }, "addStackPermission": { "$ref": "#/components/schemas/TeamStackPermission", "description": "A stack permission to add to the team.", "x-order": 5 }, "editEnvironmentPermission": { "$ref": "#/components/schemas/TeamEnvironmentSettings", "description": "An environment permission to edit on the team.", "x-order": 9 }, "editStackPermission": { "$ref": "#/components/schemas/TeamStackPermission", "description": "A stack permission to edit on the team.", "x-order": 6 }, "member": { "description": "Member to be added or removed based on MemberAction.", "type": "string", "x-order": 4 }, "memberAction": { "description": "MemberAction is the action to perform.", "enum": [ "add", "remove", "promote", "demote" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "MemberAction", "enumComments": "MemberAction is an action to be performed to a team member.", "enumFieldComments": [ "MemberActionAdd adds a team member.", "MemberActionRemove removes a team member.", "MemberActionPromote promotes a team member to the role of admin.", "MemberActionDemote demotes a team admin to the role of member." ] } }, "newDescription": { "description": "The new description for the team.", "type": "string", "x-order": 2 }, "newDisplayName": { "description": "The new display name for the team.", "type": "string", "x-order": 1 }, "removeEnvironment": { "$ref": "#/components/schemas/RemoveEnvironmentIdentifier", "description": "An environment to remove from the team.", "x-order": 10 }, "removeStack": { "$ref": "#/components/schemas/RemoveStackIdentifier", "description": "A stack to remove from the team.", "x-order": 7 } }, "type": "object" }, "UpdateTeamStackPermissionsRequest": { "description": "UpdateTeamStackPermissionsRequest modifies the relationship between a stack and a team.\n(The stack-centric version of UpdateTeamRequest.)", "properties": { "permissions": { "description": "Permissions the permissions that team membership grants to the stack.\nWill overwrite any existing permissions the team grants to the stack.\nA nil value will remove the stack from the team.", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 1, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } } }, "type": "object" }, "UpsertInsightsResource": { "description": "UpsertInsightsResource represents a resource to be upserted into Pulumi Insights.", "properties": { "dependencies": { "description": "The chain of dependencies used to list this resource.", "items": { "$ref": "#/components/schemas/ResourceDependency" }, "type": "array", "x-order": 5 }, "id": { "description": "The unique identifier of the resource.", "type": "string", "x-order": 2 }, "inputs": { "description": "The resource inputs as raw JSON.", "type": "object", "x-order": 3 }, "state": { "description": "The resource state as raw JSON.", "type": "object", "x-order": 4 }, "type": { "description": "The resource type.", "type": "string", "x-order": 1 } }, "required": [ "id", "inputs", "state", "type" ], "type": "object" }, "UpsertInsightsResourcesRequest": { "description": "Request to upsert one or more resources into Pulumi Insights.", "properties": { "resources": { "description": "The list of resources to upsert.", "items": { "$ref": "#/components/schemas/UpsertInsightsResource" }, "type": "array", "x-order": 1 } }, "required": [ "resources" ], "type": "object" }, "UpsertOrgTemplateSourceRequest": { "description": "Request to create or update an organization template source.", "properties": { "destination": { "$ref": "#/components/schemas/TemplateDestination", "description": "deprecated - use DestinationURL instead", "x-order": 4 }, "destinationURL": { "description": "The destination URL for the template source.", "type": "string", "x-order": 3 }, "name": { "description": "The name of the template source.", "type": "string", "x-order": 1 }, "sourceURL": { "description": "The source URL to fetch templates from.", "type": "string", "x-order": 2 } }, "required": [ "name", "sourceURL" ], "type": "object" }, "UpsertResourceMigrationAnnotationRequest": { "description": "Request to create or update a migration annotation on a discovered resource.", "properties": { "linkedResourceUrn": { "description": "URN of the resource this one was migrated as part of.", "type": "string", "x-order": 4 }, "note": { "description": "Free-text note about this resource. May be empty when only setting a status override.", "type": "string", "x-order": 2 }, "resourceUrn": { "description": "URN of the resource to annotate.", "type": "string", "x-order": 1 }, "statusOverride": { "description": "Override the computed migration status. Only Migrated and NotApplicable are valid values.", "enum": [ "Migrated", "PulumiOnly", "Ready", "Pending", "Unmapped", "NotApplicable" ], "type": "string", "x-order": 3, "x-pulumi-model-property": { "enumTypeName": "MigrationStatus", "enumComments": "Migration status of a discovered resource relative to a comparison Pulumi stack. Migrated and PulumiOnly are only possible when the compareTo parameter is provided.", "enumFieldComments": [ "Resource identity match found in the comparison stack.", "Resource exists only in the comparison Pulumi stack.", "Mapped to a Pulumi type with virtual state available.", "Mapped to a Pulumi type but no virtual state yet.", "No Pulumi type mapping exists for this resource.", "Migration status is not applicable (e.g. stack or deployment containers)." ] } } }, "required": [ "resourceUrn" ], "type": "object" }, "UsageRecord": { "allOf": [ { "$ref": "#/components/schemas/BaseUsageRecord" }, { "description": "UsageRecord represents a usage record with a count value.", "properties": { "Count": { "description": "The usage count.", "format": "int64", "type": "integer", "x-order": 1 } }, "required": [ "Count" ], "type": "object" } ] }, "User": { "description": "User represents a Pulumi user. This structure contains the full, private information that will be used only for\nan authenticated user. As a result, sensitive information (like email) is permitted.", "properties": { "avatarUrl": { "description": "The URL of the user's avatar image.", "type": "string", "x-order": 5 }, "email": { "description": "The user's email address.", "type": "string", "x-order": 4 }, "githubLogin": { "description": "The user's login name (originally from GitHub).", "type": "string", "x-order": 2 }, "hasMFA": { "description": "Whether the user has multi-factor authentication enabled.", "type": "boolean", "x-order": 12 }, "id": { "description": "The unique identifier of the user.", "type": "string", "x-order": 1 }, "identities": { "description": "Identities is the array of identities a Pulumi user's account is tied to.", "items": { "enum": [ "dev.azure.com", "bitbucket.org", "github.com", "gitlab.com", "google.com", "Pulumi", "SAML" ], "type": "string", "x-pulumi-model-property": { "enumTypeName": "IdentityProvider", "enumComments": "IdentityProvider describes an identity system used by the Pulumi Service. It generally maps 1:1\nto OrganizationKind, but we intentionally keep this separate (and with different values!) for\ncompatibility with older code that passes these values between the Node backend, Angular, and\nour API backend.", "enumFieldNames": [ "AzureDevOps", "Bitbucket", "GitHub", "GitLab", "Google", "Pulumi", "SAML" ] } }, "type": "array", "x-order": 8 }, "isManagedByMultiOrg": { "description": "Whether the user's account is managed by multiple organizations.", "type": "boolean", "x-order": 14 }, "isOrgManaged": { "description": "Whether the user's account is managed by an organization.", "type": "boolean", "x-order": 13 }, "name": { "description": "The user's display name.", "type": "string", "x-order": 3 }, "organizations": { "description": "Organizations is the list of Pulumi organizations the user is a member of.", "items": { "$ref": "#/components/schemas/OrganizationSummaryWithRole" }, "type": "array", "x-order": 6 }, "potentialOrganizations": { "description": "PotentialOrganizations is the list of Pulumi organizations the user is a potential member of.", "items": { "$ref": "#/components/schemas/OrganizationSummaryWithRole" }, "type": "array", "x-order": 7 }, "registryAdmin": { "description": "RegistryAdmin is whether or not the user is a registry administrator.", "type": "boolean", "x-order": 10 }, "siteAdmin": { "description": "SiteAdministrator is whether or not the user is a site administrator.", "type": "boolean", "x-order": 9 }, "tokenInfo": { "$ref": "#/components/schemas/TokenInfo", "description": "TokenInfo is contains metadata, set only for machine tokens \u0026 to be used only in the CLI", "x-order": 11 } }, "required": [ "avatarUrl", "email", "githubLogin", "hasMFA", "id", "identities", "isManagedByMultiOrg", "isOrgManaged", "name", "organizations" ], "type": "object" }, "UserInfo": { "description": "UserInfo contains just the display information for a user. This information may be returned from public APIs,\nand as such this structure must not contain sensitive information. Please refer to User for this sort of thing.", "properties": { "avatarUrl": { "description": "The URL of the user's avatar image.", "type": "string", "x-order": 3 }, "email": { "description": "IMPORTANT: The email address of the user is only included on a few admin-only APIs.\nFor nearly all APIs that return a UserInfo object, this will not be provided.\nconsidered sensitive information.", "type": "string", "x-order": 4 }, "githubLogin": { "description": "The user's login name.", "type": "string", "x-order": 2 }, "name": { "description": "The user's display name.", "type": "string", "x-order": 1 } }, "required": [ "avatarUrl", "githubLogin", "name" ], "type": "object" }, "UserPermission": { "description": "UserPermission describes a user's permission level for a stack.", "properties": { "permission": { "description": "The permission level the user has on the stack (e.g., read, write, admin).", "enum": [ 0, 101, 102, 103, 104 ], "format": "int64", "type": "integer", "x-order": 2, "x-pulumi-model-property": { "enumTypeName": "StackPermission", "enumComments": "StackPermission is a value describing the permission level a user has for a Pulumi stack.\nLike OrganizationRole, there is a total ordering of StackPermission values, where each value\ngrants an additional layer of permissions. IMPORTANT: Do not rely on the numeric values for\nauth checks, instead, just refer to these as opaque names. e.g. use explicit matching in a\ncase-statements instead of \"if perm \u003e= StackPermissionX\". This prevents errors if we later\nadd a new StackPermission \"in between\" two existing ones, but with a new, higher value.\nPreviously, the StackPermission value was a series of bit flags, with each bit controlling\na specific operation on the stack. However, that proved difficult to describe and maintain.\nSo the newer, \"fixed set\" approach is used instead.\nThe conversion from the legacy permission values and the new StackPermission values is done\ntransparently, whenever data is read/written to the database. (Converting to the newer\nvalues as needed.) We will only be able to remove these legacy values after we deploy the\ncode which can read both formats, and only writes the newer format.", "enumFieldNames": [ "None", "Read", "Write", "Admin", "Creator" ], "enumFieldComments": [ "StackPermissionNone provides no access.", "StackPermissionRead provides read-only access, including the ability to\ndecrypt encrypted configuration secrets stored in the service.", "StackPermissionWrite provides read/write access to a stack.", "StackPermissionAdmin provides admin-level access to the stack. For example,\nbeing able to run `pulumi destroy` or delete the stack.", "StackPermissionCreator is an implementation quirk of how we mark the user who created\na stack. The value is not exported from this module, and is converted to StackPermissionAdmin\nbefore being returned to callers. However, in a few places we want to handle the user who\ncreated a stack a little differently, and this allows us to do so without exporting a separate\n\"StackPermissionAdminWhoAlsoHappenedToCreateTheStackToo\" value." ] } }, "user": { "$ref": "#/components/schemas/UserInfo", "description": "The user who has been granted access to the stack.", "x-order": 1 } }, "required": [ "permission", "user" ], "type": "object" }, "VCSBranch": { "description": "VCSBranch describes a VCS branch.", "properties": { "isProtected": { "description": "Whether branch is protected", "type": "boolean", "x-order": 2 }, "name": { "description": "Branch name", "type": "string", "x-order": 1 } }, "required": [ "isProtected", "name" ], "type": "object" }, "VCSGitHubAccessResponse": { "description": "VCSGitHubAccessResponse describes a user's GitHub access status for VCS integrations.", "properties": { "availableOrgs": { "description": "The list of GitHub organizations available to the user.", "items": { "type": "string" }, "type": "array", "x-order": 3 }, "hasIntegration": { "description": "Whether the user has a GitHub app installed.", "type": "boolean", "x-order": 2 }, "hasUserToken": { "description": "Whether the user has a GitHub user token.", "type": "boolean", "x-order": 1 }, "integrations": { "description": "Per-integration permissions for the current user", "items": { "$ref": "#/components/schemas/GitHubIntegrationPermissions" }, "type": "array", "x-order": 4 } }, "required": [ "availableOrgs", "hasIntegration", "hasUserToken" ], "type": "object" }, "VCSInfo": { "description": "VCSInfo is the info of the VCS, with which a particular program is associated.", "properties": { "kind": { "description": "The kind of VCS provider.", "type": "string", "x-order": 3 }, "owner": { "description": "The owner of the repository.", "type": "string", "x-order": 1 }, "repoName": { "description": "The name of the repository.", "type": "string", "x-order": 2 } }, "required": [ "kind", "owner", "repoName" ], "type": "object" }, "VCSIntegrationSummary": { "description": "A lightweight summary of a VCS integration, containing only the fields needed for the overview page.", "properties": { "avatarUrl": { "description": "Avatar URL derived from the VCS provider account (read-only).", "type": "string", "x-order": 2 }, "hasIndividualAccess": { "description": "Whether the current user has an OAuth token for this integration's provider.", "type": "boolean", "x-order": 5 }, "host": { "description": "The hostname for self-hosted providers such as GitHub Enterprise. Empty for cloud-hosted providers.", "type": "string", "x-order": 6 }, "id": { "description": "The unique identifier of the integration.", "type": "string", "x-order": 3 }, "name": { "description": "Display name derived from the VCS provider account (read-only).", "type": "string", "x-order": 1 }, "vcsProvider": { "description": "The VCS provider type for this integration.", "enum": [ "github", "gitlab", "bitbucket", "azure_devops", "generic", "github_enterprise" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "VCSProvider", "enumComments": "VCSProvider describes an external version control system used by the Pulumi Service.", "enumFieldNames": [ "GitHub", "GitLab", "Bitbucket", "AzureDevOps", "Generic", "GitHubEnterprise" ], "enumFieldComments": [ "GitHub version control system", "GitLab version control system", "Bitbucket version control system", "Azure DevOps version control system", "Generic version control system", "GitHub Enterprise Server version control system" ] } } }, "required": [ "hasIndividualAccess", "id", "vcsProvider" ], "type": "object" }, "VCSRepo": { "description": "VCSRepo describes a VCS repository.", "properties": { "id": { "description": "Repository ID", "type": "string", "x-order": 1 }, "name": { "description": "Repository name", "type": "string", "x-order": 3 }, "owner": { "description": "Repository owner (organization or user)", "type": "string", "x-order": 2 } }, "required": [ "id", "name", "owner" ], "type": "object" }, "Webhook": { "description": "Webhook describes a webhook registered with the Pulumi Service. It may\nbe registered to either an Organization, Stack or Environment.", "properties": { "active": { "description": "Whether the webhook is active and will receive deliveries.", "type": "boolean", "x-order": 9 }, "displayName": { "description": "The human-readable display name shown in the UI.", "type": "string", "x-order": 6 }, "envName": { "description": "The environment name. Set when the webhook is scoped to a specific environment.", "type": "string", "x-order": 4 }, "filters": { "description": "Specific event types this webhook subscribes to. If empty, all events are delivered.", "items": { "type": "string" }, "type": "array", "x-order": 11 }, "format": { "description": "The format of the webhook payload (e.g., 'raw', 'slack', 'ms_teams').", "type": "string", "x-order": 10 }, "groups": { "description": "Event groups this webhook subscribes to (e.g., 'stacks', 'deployments').", "items": { "type": "string" }, "type": "array", "x-order": 12 }, "name": { "description": "The unique identifier name for the webhook within its scope.", "type": "string", "x-order": 5 }, "organizationName": { "description": "The organization that owns this webhook.", "type": "string", "x-order": 1 }, "payloadUrl": { "description": "The URL to which webhook payloads are delivered.", "type": "string", "x-order": 7 }, "projectName": { "description": "The project name. Set when the webhook is scoped to a specific stack.", "type": "string", "x-order": 2 }, "secret": { "description": "Secret will be omitted when returned from the service.", "type": "string", "x-order": 8 }, "stackName": { "description": "The stack name. Set when the webhook is scoped to a specific stack.", "type": "string", "x-order": 3 } }, "required": [ "active", "displayName", "name", "organizationName", "payloadUrl" ], "type": "object" }, "WebhookDelivery": { "description": "WebhookDelivery is a result of a webhook that was sent. i.e. the Pulumi-side logs\nfor the end-users webhook. It merges both model.WebhookEvent and model.WebhookDelivery.", "properties": { "duration": { "description": "The duration of the delivery request in milliseconds.", "format": "int64", "type": "integer", "x-order": 5 }, "id": { "description": "The unique identifier of the delivery.", "type": "string", "x-order": 1 }, "kind": { "description": "The kind of webhook event.", "type": "string", "x-order": 2 }, "payload": { "description": "The JSON payload that was sent.", "type": "string", "x-order": 3 }, "requestHeaders": { "description": "The HTTP headers sent with the request.", "type": "string", "x-order": 7 }, "requestUrl": { "description": "The URL the webhook was delivered to.", "type": "string", "x-order": 6 }, "responseBody": { "description": "The HTTP response body.", "type": "string", "x-order": 10 }, "responseCode": { "description": "The HTTP response status code.", "format": "int64", "type": "integer", "x-order": 8 }, "responseHeaders": { "description": "The HTTP response headers.", "type": "string", "x-order": 9 }, "timestamp": { "description": "The time the delivery was sent, as a Unix epoch timestamp.", "format": "int64", "type": "integer", "x-order": 4 } }, "required": [ "duration", "id", "kind", "payload", "requestHeaders", "requestUrl", "responseBody", "responseCode", "responseHeaders", "timestamp" ], "type": "object" }, "WebhookResponse": { "allOf": [ { "$ref": "#/components/schemas/Webhook" }, { "description": "WebhookResponse extends Webhook with additional response-only fields.", "properties": { "hasSecret": { "description": "HasSecret is true if the webhook has a secret. This is used to determine whether\nto show that there is a secret in the UI.", "type": "boolean", "x-order": 1 }, "secretCiphertext": { "description": "SecretCiphertext is the ciphertext value of the webhook's secret.\nIt's used to check whether the secret was changed by the PSP", "type": "string", "x-order": 2 } }, "required": [ "hasSecret", "secretCiphertext" ], "type": "object" } ] }, "WorkflowRun": { "description": "WorkflowRun contains information about a workflow run.", "properties": { "finishedAt": { "description": "The time the workflow run finished, if completed.", "format": "date-time", "type": "string", "x-order": 6 }, "id": { "description": "The unique identifier of the workflow run.", "type": "string", "x-order": 1 }, "jobTimeout": { "description": "The timeout for jobs in the workflow run.", "format": "date-time", "type": "string", "x-order": 8 }, "jobs": { "description": "The list of job runs within the workflow.", "items": { "$ref": "#/components/schemas/JobRun" }, "type": "array", "x-order": 9 }, "lastUpdatedAt": { "description": "The time the workflow run was last updated.", "format": "date-time", "type": "string", "x-order": 7 }, "orgId": { "description": "The organization ID.", "type": "string", "x-order": 2 }, "startedAt": { "description": "The time the workflow run started.", "format": "date-time", "type": "string", "x-order": 5 }, "status": { "description": "The current status of the workflow run.", "enum": [ "running", "failed", "succeeded" ], "type": "string", "x-order": 4, "x-pulumi-model-property": { "enumTypeName": "WorkflowRunStatus", "enumComments": "WorkflowRunStatus describes the status of a workflow run.", "enumFieldComments": [ "WorkflowRunStatusRunning indicates that a workflow run is running.", "WorkflowRunStatusFailed indicates that a workflow run has failed.", "WorkflowRunStatusSucceeded indicates that a workflow run has succeeded." ] } }, "userId": { "description": "The user ID who initiated the workflow run.", "type": "string", "x-order": 3 } }, "required": [ "finishedAt", "id", "jobTimeout", "lastUpdatedAt", "orgId", "startedAt", "status", "userId" ], "type": "object" }, "WorkspaceProjectTemplate": { "description": "WorkspaceProjectTemplate describes a Pulumi project template from the workspace.", "properties": { "config": { "additionalProperties": { "$ref": "#/components/schemas/AppProjectTemplateConfigValue" }, "description": "Config is an optional template config.", "type": "object", "x-order": 4 }, "description": { "description": "Description is an optional description of the template.", "type": "string", "x-order": 2 }, "displayName": { "description": "DisplayName is an optional user friendly name of the template.", "type": "string", "x-order": 1 }, "important": { "description": "Indicates the template is important. Deprecated: this field is no longer used.", "type": "boolean", "x-order": 5 }, "metadata": { "additionalProperties": { "type": "string" }, "description": "Metadata are key/value pairs used to attach additional metadata to a template.", "type": "object", "x-order": 6 }, "quickstart": { "description": "Quickstart contains optional text to be displayed after template creation.", "type": "string", "x-order": 3 } }, "type": "object" }, "X509Certificate": { "description": "X509Certificate represents an X.509 certificate.", "properties": { "AuthorityKeyId": { "description": "The authority key identifier extension value.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 27 }, "BasicConstraintsValid": { "description": "Whether the basic constraints extension is valid.", "type": "boolean", "x-order": 22 }, "CRLDistributionPoints": { "description": "CRL distribution point URLs.", "items": { "type": "string" }, "type": "array", "x-order": 43 }, "DNSNames": { "description": "DNS names from the subject alternative name extension.", "items": { "type": "string" }, "type": "array", "x-order": 30 }, "EmailAddresses": { "description": "Email addresses from the subject alternative name extension.", "items": { "type": "string" }, "type": "array", "x-order": 31 }, "ExcludedDNSDomains": { "description": "Excluded DNS domain names from the name constraints extension.", "items": { "type": "string" }, "type": "array", "x-order": 36 }, "ExcludedEmailAddresses": { "description": "Excluded email addresses from the name constraints extension.", "items": { "type": "string" }, "type": "array", "x-order": 40 }, "ExcludedIPRanges": { "description": "Excluded IP ranges from the name constraints extension.", "items": { "$ref": "#/components/schemas/NetIPNet" }, "type": "array", "x-order": 38 }, "ExcludedURIDomains": { "description": "Excluded URI domains from the name constraints extension.", "items": { "type": "string" }, "type": "array", "x-order": 42 }, "ExtKeyUsage": { "description": "Extended key usage values.", "items": { "format": "int64", "type": "integer" }, "type": "array", "x-order": 20 }, "Extensions": { "description": "The certificate extensions.", "items": { "$ref": "#/components/schemas/PkixExtension" }, "type": "array", "x-order": 17 }, "ExtraExtensions": { "description": "Additional extensions to add to the certificate.", "items": { "$ref": "#/components/schemas/PkixExtension" }, "type": "array", "x-order": 18 }, "IPAddresses": { "description": "IP addresses from the subject alternative name extension.", "items": { "items": { "format": "byte", "type": "string" }, "type": "array" }, "type": "array", "x-order": 32 }, "InhibitAnyPolicy": { "description": "The inhibit any-policy constraint value.", "format": "int64", "type": "integer", "x-order": 46 }, "InhibitAnyPolicyZero": { "description": "Whether InhibitAnyPolicy was explicitly set to zero.", "type": "boolean", "x-order": 47 }, "InhibitPolicyMapping": { "description": "The inhibit policy mapping constraint value.", "format": "int64", "type": "integer", "x-order": 48 }, "InhibitPolicyMappingZero": { "description": "Whether InhibitPolicyMapping was explicitly set to zero.", "type": "boolean", "x-order": 49 }, "IsCA": { "description": "Whether the certificate is a CA certificate.", "type": "boolean", "x-order": 23 }, "Issuer": { "$ref": "#/components/schemas/PkixName", "description": "The certificate issuer distinguished name.", "x-order": 12 }, "IssuingCertificateURL": { "description": "Issuing certificate URLs from the authority information access extension.", "items": { "type": "string" }, "type": "array", "x-order": 29 }, "KeyUsage": { "description": "Bitfield of key usage flags.", "format": "int64", "type": "integer", "x-order": 16 }, "MaxPathLen": { "description": "Maximum number of intermediate CAs allowed in the path.", "format": "int64", "type": "integer", "x-order": 24 }, "MaxPathLenZero": { "description": "Whether MaxPathLen was explicitly set to zero.", "type": "boolean", "x-order": 25 }, "NotAfter": { "description": "The end of the certificate validity period.", "format": "date-time", "type": "string", "x-order": 15 }, "NotBefore": { "description": "The start of the certificate validity period.", "format": "date-time", "type": "string", "x-order": 14 }, "OCSPServer": { "description": "OCSP server URLs from the authority information access extension.", "items": { "type": "string" }, "type": "array", "x-order": 28 }, "PermittedDNSDomains": { "description": "Permitted DNS domain names from the name constraints extension.", "items": { "type": "string" }, "type": "array", "x-order": 35 }, "PermittedDNSDomainsCritical": { "description": "Whether the name constraints are marked critical.", "type": "boolean", "x-order": 34 }, "PermittedEmailAddresses": { "description": "Permitted email addresses from the name constraints extension.", "items": { "type": "string" }, "type": "array", "x-order": 39 }, "PermittedIPRanges": { "description": "Permitted IP ranges from the name constraints extension.", "items": { "$ref": "#/components/schemas/NetIPNet" }, "type": "array", "x-order": 37 }, "PermittedURIDomains": { "description": "Permitted URI domains from the name constraints extension.", "items": { "type": "string" }, "type": "array", "x-order": 41 }, "Policies": { "description": "Certificate policies.", "items": { "type": "string" }, "type": "array", "x-order": 45 }, "PolicyIdentifiers": { "description": "Certificate policy OIDs.", "items": { "type": "string" }, "type": "array", "x-order": 44 }, "PolicyMappings": { "description": "Policy mappings from the policy mapping extension.", "items": { "$ref": "#/components/schemas/X509PolicyMapping" }, "type": "array", "x-order": 52 }, "PublicKey": { "description": "The public key contained in the certificate.", "type": "object", "x-order": 9 }, "PublicKeyAlgorithm": { "description": "The public key algorithm identifier.", "format": "int64", "type": "integer", "x-order": 8 }, "Raw": { "description": "The raw ASN.1 DER encoded certificate.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 1 }, "RawIssuer": { "description": "The raw ASN.1 DER encoded issuer.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 5 }, "RawSubject": { "description": "The raw ASN.1 DER encoded subject.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 4 }, "RawSubjectPublicKeyInfo": { "description": "The raw ASN.1 DER encoded SubjectPublicKeyInfo.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 3 }, "RawTBSCertificate": { "description": "The raw ASN.1 DER encoded TBSCertificate.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 2 }, "RequireExplicitPolicy": { "description": "The require explicit policy constraint value.", "format": "int64", "type": "integer", "x-order": 50 }, "RequireExplicitPolicyZero": { "description": "Whether RequireExplicitPolicy was explicitly set to zero.", "type": "boolean", "x-order": 51 }, "SerialNumber": { "description": "The certificate serial number.", "format": "int64", "type": "integer", "x-order": 11 }, "Signature": { "description": "The certificate signature.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 6 }, "SignatureAlgorithm": { "description": "The signature algorithm identifier.", "format": "int64", "type": "integer", "x-order": 7 }, "Subject": { "$ref": "#/components/schemas/PkixName", "description": "The certificate subject distinguished name.", "x-order": 13 }, "SubjectKeyId": { "description": "The subject key identifier extension value.", "items": { "format": "byte", "type": "string" }, "type": "array", "x-order": 26 }, "URIs": { "description": "URIs from the subject alternative name extension.", "items": { "$ref": "#/components/schemas/NetURL" }, "type": "array", "x-order": 33 }, "UnhandledCriticalExtensions": { "description": "Critical extensions that were not handled during parsing.", "items": { "type": "string" }, "type": "array", "x-order": 19 }, "UnknownExtKeyUsage": { "description": "Unknown extended key usage OIDs.", "items": { "type": "string" }, "type": "array", "x-order": 21 }, "Version": { "description": "The X.509 certificate version.", "format": "int64", "type": "integer", "x-order": 10 } }, "required": [ "AuthorityKeyId", "BasicConstraintsValid", "CRLDistributionPoints", "DNSNames", "EmailAddresses", "ExcludedDNSDomains", "ExcludedEmailAddresses", "ExcludedIPRanges", "ExcludedURIDomains", "ExtKeyUsage", "Extensions", "ExtraExtensions", "IPAddresses", "InhibitAnyPolicy", "InhibitAnyPolicyZero", "InhibitPolicyMapping", "InhibitPolicyMappingZero", "IsCA", "Issuer", "IssuingCertificateURL", "KeyUsage", "MaxPathLen", "MaxPathLenZero", "NotAfter", "NotBefore", "OCSPServer", "PermittedDNSDomains", "PermittedDNSDomainsCritical", "PermittedEmailAddresses", "PermittedIPRanges", "PermittedURIDomains", "Policies", "PolicyIdentifiers", "PolicyMappings", "PublicKey", "PublicKeyAlgorithm", "Raw", "RawIssuer", "RawSubject", "RawSubjectPublicKeyInfo", "RawTBSCertificate", "RequireExplicitPolicy", "RequireExplicitPolicyZero", "SerialNumber", "Signature", "SignatureAlgorithm", "Subject", "SubjectKeyId", "URIs", "UnhandledCriticalExtensions", "UnknownExtKeyUsage", "Version" ], "type": "object" }, "X509PolicyMapping": { "description": "X509PolicyMapping represents a mapping between issuer and subject domain policies in an X.509 certificate.", "properties": { "IssuerDomainPolicy": { "description": "The OID of the issuer domain policy.", "type": "string", "x-order": 1 }, "SubjectDomainPolicy": { "description": "The OID of the subject domain policy.", "type": "string", "x-order": 2 } }, "required": [ "IssuerDomainPolicy", "SubjectDomainPolicy" ], "type": "object" } } }, "info": { "description": "APIs and Definitions for the Pulumi Cloud product.", "title": "Pulumi APIs", "version": "1.0.0" }, "openapi": "3.0.3", "paths": { "/api/ai/template": { "post": { "description": "Generates a Pulumi template using the Pulumi AI service.", "operationId": "AITemplate", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AITemplateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" } }, "summary": "AITemplate", "tags": [ "AI" ] } }, "/api/capabilities": { "get": { "description": "Returns the set of capabilities that the service supports.", "operationId": "Capabilities", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCapabilitiesResponse" } } }, "description": "OK" } }, "summary": "Capabilities", "tags": [ "Miscellaneous" ] } }, "/api/change-gates/{orgName}": { "get": { "description": "Lists change gates for an entity within the organization. Change gates define approval requirements that must be satisfied before changes can be applied to infrastructure resources. Currently supports listing gates for a single entity specified by entityType and qualifiedName query parameters.", "operationId": "ListGates", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The entity type to filter by", "in": "query", "name": "entityType", "schema": { "type": "string" } }, { "description": "The fully qualified entity name", "in": "query", "name": "qualifiedName", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListChangeGatesResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "not found" } }, "summary": "ListChangeGates", "tags": [ "Organizations" ] }, "post": { "description": "Creates a new change gate for an entity in the organization. Change gates enforce approval workflows by requiring one or more approvals before infrastructure changes can be applied to the protected resource.", "operationId": "CreateGate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateChangeGateRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeGate" } } }, "description": "created" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "CreateChangeGate", "tags": [ "Organizations" ] } }, "/api/change-gates/{orgName}/{gateID}": { "delete": { "description": "Deletes a change gate, removing the approval requirement from the protected entity. Changes to the entity will no longer require approval.", "operationId": "DeleteGate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change gate identifier", "in": "path", "name": "gateID", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "DeleteChangeGate", "tags": [ "Organizations" ] }, "get": { "description": "Retrieves the configuration and status of a specific change gate, including its approval requirements and the entity it protects.", "operationId": "ReadGate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change gate identifier", "in": "path", "name": "gateID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeGate" } } }, "description": "OK" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "ReadChangeGate", "tags": [ "Organizations" ] }, "put": { "description": "Updates the configuration of an existing change gate, such as modifying its approval requirements or protected entity.", "operationId": "UpdateGate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change gate identifier", "in": "path", "name": "gateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateChangeGateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeGate" } } }, "description": "OK" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "UpdateChangeGate", "tags": [ "Organizations" ] } }, "/api/change-requests/{orgName}": { "get": { "description": "Lists change requests for an organization with support for pagination and filtering by entity type and entity ID. Change requests represent proposed infrastructure modifications that require approval before being applied.", "operationId": "List_change_requests", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of items to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } }, { "description": "The entity identifier to filter by", "in": "query", "name": "entityId", "schema": { "type": "string" } }, { "description": "The entity type to filter by", "in": "query", "name": "entityType", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListChangeRequestsResponse" } } }, "description": "OK" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "ListChangeRequests", "tags": [ "Organizations" ] } }, "/api/change-requests/{orgName}/{changeRequestID}": { "get": { "description": "Retrieves the details of a specific change request, including its current status, description, approvals, and the proposed infrastructure changes.", "operationId": "Get", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetChangeRequestResponse" } } }, "description": "OK" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "ReadChangeRequest", "tags": [ "Organizations" ] }, "patch": { "description": "Updates a change request's metadata. Currently only the description field can be modified after creation.", "operationId": "Update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateChangeRequestRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "UpdateChangeRequest", "tags": [ "Organizations" ] } }, "/api/change-requests/{orgName}/{changeRequestID}/apply": { "post": { "description": "Applies an approved change request, triggering the execution of the proposed infrastructure changes. The change request must have received the required number of approvals before it can be applied. Returns 409 if there is a conflict preventing application.", "operationId": "Apply", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeRequestApplyResult" } } }, "description": "OK" }, "400": { "description": "bad request" }, "404": { "description": "not found" }, "409": { "description": "conflict" } }, "summary": "ApplyChangeRequest", "tags": [ "Organizations" ] } }, "/api/change-requests/{orgName}/{changeRequestID}/approve": { "delete": { "description": "Withdraws a previously given approval for a change request. If the change request no longer has the required number of approvals after withdrawal, it cannot be applied until additional approvals are granted.", "operationId": "Unapprove", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UnapproveChangeRequestRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "UnapproveChangeRequest", "tags": [ "Organizations" ] }, "post": { "description": "Records an approval for a change request from the authenticated user. Once the required number of approvals is met, the change request can be applied.", "operationId": "Approve", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ApproveChangeRequestRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "ApproveChangeRequest", "tags": [ "Organizations" ] } }, "/api/change-requests/{orgName}/{changeRequestID}/close": { "post": { "description": "Closes a change request without applying it. The proposed infrastructure changes are discarded and the request is marked as closed.", "operationId": "Close", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CloseChangeRequestRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "CloseChangeRequest", "tags": [ "Organizations" ] } }, "/api/change-requests/{orgName}/{changeRequestID}/comments": { "post": { "description": "Adds a comment to a change request without approving or closing it. This allows reviewers to provide feedback or ask questions before making a decision.", "operationId": "AddComment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AddChangeRequestCommentRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "AddChangeRequestComment", "tags": [ "Organizations" ] } }, "/api/change-requests/{orgName}/{changeRequestID}/events": { "get": { "description": "Lists the event log for a change request, including approvals, status changes, and other lifecycle events. Supports pagination via continuation token.", "operationId": "ListEvents", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListChangeRequestEventsResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "change request events" } }, "summary": "ListChangeRequestEvents", "tags": [ "Organizations" ] } }, "/api/change-requests/{orgName}/{changeRequestID}/submit": { "post": { "description": "Submits a draft change request for approval. Once submitted, the request enters the review workflow and requires the configured number of approvals before it can be applied.", "operationId": "Submit", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The change request identifier", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SubmitChangeRequestRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "bad request" }, "404": { "description": "not found" } }, "summary": "SubmitChangeRequest", "tags": [ "Organizations" ] } }, "/api/cli/version": { "get": { "description": "Returns version information about the CLI.", "operationId": "Version", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCLIVersionResponse" } } }, "description": "OK" } }, "summary": "Version", "tags": [ "Miscellaneous" ] } }, "/api/console/orgs/{orgName}/integrations": { "get": { "description": "Returns a summary of all VCS integrations across all providers (GitHub, GitLab, Azure DevOps, Generic) for an organization. Each integration includes a hasIndividualAccess flag indicating whether the current user has an OAuth token for that provider.", "operationId": "ListAllVCSIntegrations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListVCSIntegrationSummariesResponse" } } }, "description": "OK" }, "404": { "description": "Organization not found" } }, "summary": "ListAllVCSIntegrations", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/azure-devops": { "get": { "description": "Lists all Azure DevOps integrations configured for an organization.", "operationId": "ListAzureDevOpsIntegrations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAzureDevOpsIntegrationsResponse" } } }, "description": "OK" } }, "summary": "ListAzureDevOpsIntegrations", "tags": [ "VCS Integrations" ] }, "post": { "description": "Creates a new Azure DevOps integration for an organization. Requires an Azure DevOps organization and project to be specified in the request body. Returns 409 if an integration already exists for the specified project.", "operationId": "CreateAzureDevOpsSetup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateAzureDevOpsAppIntegrationRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "Created successfully" }, "400": { "description": "Missing Azure DevOps organization or project" }, "409": { "description": "Azure DevOps integration already exists for this project" } }, "summary": "CreateAzureDevOpsSetup", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/azure-devops/access-status": { "get": { "description": "Returns information about a user's Azure DevOps access status for an organization, including whether the user has a valid OAuth token.", "operationId": "GetAzureDevOpsAccessStatus", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AzureDevOpsAccessResponse" } } }, "description": "OK" } }, "summary": "GetAzureDevOpsAccessStatus", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/azure-devops/oauth/complete": { "post": { "description": "Completes the OAuth authorization flow for Azure DevOps VCS integration by exchanging the authorization code for access and refresh tokens.", "operationId": "CompleteAzureDevOpsOAuth", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CompleteOAuthRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CompleteOAuthResponse" } } }, "description": "OK" }, "400": { "description": "Failed to complete OAuth" } }, "summary": "CompleteAzureDevOpsOAuth", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/azure-devops/oauth/initiate": { "post": { "description": "Initiates the OAuth authorization flow for Azure DevOps VCS integration. Returns a redirect URL that the user should be directed to for authorization.", "operationId": "InitiateAzureDevOpsOAuth", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InitiateOAuthRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InitiateOAuthResponse" } } }, "description": "OK" }, "400": { "description": "Invalid provider configuration" } }, "summary": "InitiateAzureDevOpsOAuth", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/azure-devops/setup/organizations": { "get": { "description": "Lists Azure DevOps organizations available to the current user. Requires an active Azure DevOps OAuth token.", "operationId": "ListAzureDevOpsOrganizations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/AzureDevOpsOrganization" }, "type": "array" } } }, "description": "OK" } }, "summary": "ListAzureDevOpsOrganizations", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/azure-devops/setup/organizations/{adoOrgName}/projects": { "get": { "description": "Lists Azure DevOps projects within a specified Azure DevOps organization that are available to the current user.", "operationId": "ListAzureDevOpsProjects", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Azure DevOps organization name", "in": "path", "name": "adoOrgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/AzureDevOpsProject" }, "type": "array" } } }, "description": "OK" } }, "summary": "ListAzureDevOpsProjects", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/azure-devops/{integrationId}": { "delete": { "description": "Removes a specific Azure DevOps integration from the organization.", "operationId": "DeleteAzureDevOpsIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Azure DevOps integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Azure DevOps integration not found" } }, "summary": "DeleteAzureDevOpsIntegration", "tags": [ "VCS Integrations" ] }, "get": { "description": "Gets a specific Azure DevOps integration by its integration ID. Returns the integration details including organization, project, and authentication configuration.", "operationId": "GetAzureDevOpsIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Azure DevOps integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AzureDevOpsAppIntegrationResponse" } } }, "description": "OK" }, "404": { "description": "Azure DevOps integration not found" } }, "summary": "GetAzureDevOpsIntegration", "tags": [ "VCS Integrations" ] }, "patch": { "description": "Updates an existing Azure DevOps integration's settings. Can modify the Azure DevOps organization, project, or authentication configuration.", "operationId": "UpdateAzureDevOpsIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Azure DevOps integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AzureDevOpsSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Missing Azure DevOps organization or project" }, "404": { "description": "Azure DevOps integration not found" } }, "summary": "UpdateAzureDevOpsIntegration", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/bitbucket": { "get": { "description": "Lists all BitBucket integrations configured for an organization, including their validity status and linked workspace metadata.", "operationId": "ListBitBucketIntegrations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListBitBucketIntegrationsResponse" } } }, "description": "OK" } }, "summary": "ListBitBucketIntegrations", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "post": { "description": "Creates a new BitBucket integration for an organization. Requires a BitBucket workspace UUID and optionally configures authentication via the user's BitBucket OAuth token or a workspace access token / PAT. Returns 409 if an integration already exists for the specified workspace.", "operationId": "CreateBitBucketSetup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BitBucketSetupRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "Created successfully" }, "400": { "description": "Missing or invalid BitBucket workspace" }, "409": { "description": "BitBucket integration already exists for this workspace" } }, "summary": "CreateBitBucketSetup", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/bitbucket/access-status": { "get": { "description": "Returns information about a user's BitBucket access status for an organization, including whether they have a valid OAuth token and available BitBucket workspaces for new integrations.", "operationId": "GetBitBucketAccessStatus", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BitBucketAccessStatusResponse" } } }, "description": "OK" } }, "summary": "GetBitBucketAccessStatus", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/bitbucket/{integrationId}": { "delete": { "description": "Removes a specific BitBucket integration from the organization. Cleans up associated webhooks and access tokens.", "operationId": "DeleteBitBucketIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The BitBucket integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeleteBitBucketIntegration", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "get": { "description": "Gets a specific BitBucket integration by its integration ID. Returns the integration details including the linked BitBucket workspace, authentication configuration, and validity status.", "operationId": "GetBitBucketIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The BitBucket integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BitBucketIntegrationDetails" } } }, "description": "OK" }, "404": { "description": "BitBucket integration not found" } }, "summary": "GetBitBucketIntegration", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "patch": { "description": "Updates an existing BitBucket integration's settings, such as PR comment preferences and AI summary options.", "operationId": "UpdateBitBucketIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The BitBucket integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BitBucketSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "404": { "description": "BitBucket integration not found" } }, "summary": "UpdateBitBucketIntegration", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/github": { "get": { "description": "Lists all GitHub App integrations for an organization.", "operationId": "ListGitHubIntegrations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListGitHubIntegrationsResponse" } } }, "description": "OK" } }, "summary": "ListGitHubIntegrations", "tags": [ "VCS Integrations" ] }, "post": { "description": "Initiates GitHub App setup, returns installation URL with state.", "operationId": "StartGitHubSetup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitHubSetupResponse" } } }, "description": "OK" } }, "summary": "StartGitHubSetup", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/github-enterprise": { "get": { "description": "Lists all GitHub Enterprise Server integrations for an organization. Returns only self-hosted GitHub App installations.", "operationId": "ListGitHubEnterpriseIntegrations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListGitHubIntegrationsResponse" } } }, "description": "OK" } }, "summary": "ListGitHubEnterpriseIntegrations", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/github-enterprise/{integrationId}": { "delete": { "description": "Removes a GitHub Enterprise Server integration.", "operationId": "DeleteGitHubEnterpriseIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitHub Enterprise integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "GitHub app is used by multiple Pulumi organizations." }, "404": { "description": "GitHub Enterprise integration not found" } }, "summary": "DeleteGitHubEnterpriseIntegration", "tags": [ "VCS Integrations" ] }, "get": { "description": "Gets a specific GitHub Enterprise Server integration.", "operationId": "GetGitHubEnterpriseIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitHub Enterprise integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitHubIntegrationDetails" } } }, "description": "OK" }, "404": { "description": "GitHub Enterprise integration not found" } }, "summary": "GetGitHubEnterpriseIntegration", "tags": [ "VCS Integrations" ] }, "patch": { "description": "Updates GitHub Enterprise Server integration settings.", "operationId": "UpdateGitHubEnterpriseIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitHub Enterprise integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitHubSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "404": { "description": "GitHub Enterprise integration not found" } }, "summary": "UpdateGitHubEnterpriseIntegration", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/github/access-status": { "get": { "description": "Returns information about a user's GitHub OAuth status.", "operationId": "GetGitHubAccess", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VCSGitHubAccessResponse" } } }, "description": "OK" }, "404": { "description": "GitHub App integration not found" } }, "summary": "GetGitHubAccess", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/github/{integrationId}": { "delete": { "description": "Removes a GitHub App integration.", "operationId": "DeleteGitHubIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitHub App integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "GitHub app is used by multiple Pulumi organizations." }, "404": { "description": "GitHub App integration not found" } }, "summary": "DeleteGitHubIntegration", "tags": [ "VCS Integrations" ] }, "get": { "description": "Gets a specific GitHub App integration by its integration ID. Returns the integration details including installation ID, account info, PR comment settings, and permission status. Returns 404 if the integration is not found.", "operationId": "GetGitHubIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitHub App integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitHubIntegrationDetails" } } }, "description": "OK" }, "404": { "description": "GitHub App integration not found" } }, "summary": "GetGitHubIntegration", "tags": [ "VCS Integrations" ] }, "patch": { "description": "Updates GitHub App integration settings.", "operationId": "UpdateGitHubIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitHub App integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitHubSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "404": { "description": "GitHub App integration not found" } }, "summary": "UpdateGitHubIntegration", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/gitlab": { "get": { "description": "Lists all GitLab integrations configured for an organization, including their validity status and linked group metadata.", "operationId": "ListGitLabIntegrations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListGitLabIntegrationsResponse" } } }, "description": "OK" } }, "summary": "ListGitLabIntegrations", "tags": [ "VCS Integrations" ] }, "post": { "description": "Creates a new GitLab integration for an organization. Requires a GitLab group ID and optionally configures authentication via the user's GitLab OAuth token or a group access token. Returns 409 if an integration already exists for the specified group.", "operationId": "CreateGitLabSetup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitLabSetupRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "Created successfully" }, "400": { "description": "Missing or invalid GitLab group ID" }, "409": { "description": "GitLab integration already exists for this group" } }, "summary": "CreateGitLabSetup", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/gitlab/access-status": { "get": { "description": "Returns information about a user's GitLab access status for an organization, including whether they have a valid OAuth token, existing integrations, and available GitLab groups for new integrations.", "operationId": "GetGitLabAccessStatus", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitLabAccessStatusResponse" } } }, "description": "OK" } }, "summary": "GetGitLabAccessStatus", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/gitlab/{integrationId}": { "delete": { "description": "Removes a specific GitLab integration from the organization. Cleans up associated webhooks, access tokens, and group tokens.", "operationId": "DeleteGitLabIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitLab integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "GitLab integration not found" } }, "summary": "DeleteGitLabIntegration", "tags": [ "VCS Integrations" ] }, "get": { "description": "Gets a specific GitLab integration by its integration ID. Returns the integration details including the linked GitLab group, authentication configuration, and validity status.", "operationId": "GetGitLabIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitLab integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitLabIntegrationDetails" } } }, "description": "OK" }, "404": { "description": "GitLab integration not found" } }, "summary": "GetGitLabIntegration", "tags": [ "VCS Integrations" ] }, "patch": { "description": "Updates an existing GitLab integration's settings, such as PR comment preferences and AI summary options.", "operationId": "UpdateGitLabIntegration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The GitLab integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GitLabSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "404": { "description": "GitLab integration not found" } }, "summary": "UpdateGitLabIntegration", "tags": [ "VCS Integrations" ] } }, "/api/console/orgs/{orgName}/integrations/{provider}/{integrationId}/repos": { "get": { "description": "Lists repositories available through the integration.", "operationId": "ListVCSRepos", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The VCS provider (e.g., 'github')", "in": "path", "name": "provider", "required": true, "schema": { "enum": [ "github", "gitlab", "bitbucket", "azure_devops", "generic", "github_enterprise" ], "type": "string", "x-pulumi-model-property": { "enumComments": "VCSProvider describes an external version control system used by the Pulumi Service.", "enumFieldComments": [ "GitHub version control system", "GitLab version control system", "Bitbucket version control system", "Azure DevOps version control system", "Generic version control system", "GitHub Enterprise Server version control system" ], "enumFieldNames": [ "GitHub", "GitLab", "Bitbucket", "AzureDevOps", "Generic", "GitHubEnterprise" ], "enumTypeName": "VCSProvider" } } }, { "description": "The VCS integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } }, { "description": "Page number for pagination", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListVCSReposResponse" } } }, "description": "OK" }, "400": { "description": "Unknown VCS provider" }, "403": { "description": "VCS provider access is suspended." }, "404": { "description": "VCS integration not found" } }, "summary": "ListVCSRepos", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/{provider}/{integrationId}/repos/destinations": { "get": { "description": "Lists repositories where the authenticated user can create new repos from templates via the integration.", "operationId": "ListVCSRepoDestinations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The VCS provider (e.g., 'github')", "in": "path", "name": "provider", "required": true, "schema": { "enum": [ "github", "gitlab", "bitbucket", "azure_devops", "generic", "github_enterprise" ], "type": "string", "x-pulumi-model-property": { "enumComments": "VCSProvider describes an external version control system used by the Pulumi Service.", "enumFieldComments": [ "GitHub version control system", "GitLab version control system", "Bitbucket version control system", "Azure DevOps version control system", "Generic version control system", "GitHub Enterprise Server version control system" ], "enumFieldNames": [ "GitHub", "GitLab", "Bitbucket", "AzureDevOps", "Generic", "GitHubEnterprise" ], "enumTypeName": "VCSProvider" } } }, { "description": "The VCS integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListVCSReposResponse" } } }, "description": "OK" }, "400": { "description": "Unknown VCS provider" }, "404": { "description": "VCS integration or user OAuth token not found" } }, "summary": "ListVCSRepoDestinations", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/integrations/{provider}/{integrationId}/repos/{repoId}/branches": { "get": { "description": "Lists branches for a repository.", "operationId": "ListVCSBranches", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The VCS provider (e.g., 'github')", "in": "path", "name": "provider", "required": true, "schema": { "enum": [ "github", "gitlab", "bitbucket", "azure_devops", "generic", "github_enterprise" ], "type": "string", "x-pulumi-model-property": { "enumComments": "VCSProvider describes an external version control system used by the Pulumi Service.", "enumFieldComments": [ "GitHub version control system", "GitLab version control system", "Bitbucket version control system", "Azure DevOps version control system", "Generic version control system", "GitHub Enterprise Server version control system" ], "enumFieldNames": [ "GitHub", "GitLab", "Bitbucket", "AzureDevOps", "Generic", "GitHubEnterprise" ], "enumTypeName": "VCSProvider" } } }, { "description": "The VCS integration identifier", "in": "path", "name": "integrationId", "required": true, "schema": { "type": "string" } }, { "description": "The repository identifier", "in": "path", "name": "repoId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListVCSBranchesResponse" } } }, "description": "OK" }, "400": { "description": "Unknown VCS provider" }, "404": { "description": "VCS integration not found" } }, "summary": "ListVCSBranches", "tags": [ "VCS Integrations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/orgs/{orgName}/members/{userLogin}/stacks/{projectName}/{stackName}": { "get": { "description": "Lists all permissions granted to a specific organization member for a given stack. The response provides a comprehensive view of the user's access, including permissions inherited from the organization's default role, permissions granted through team memberships, and permissions explicitly assigned to the user. Returns 404 if the user does not exist.", "operationId": "ListMemberStackPermissions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListMemberStackPermissionsResponse" } } }, "description": "OK" }, "404": { "description": "User" } }, "summary": "ListMemberStackPermissions", "tags": [ "Stacks" ] } }, "/api/console/orgs/{orgName}/stacks/search": { "post": { "description": "Returns a combined view of IaC-managed stacks and discovered stacks.", "operationId": "SearchStacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AngularGridGetRowsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListOrganizationProjectsResponsev3" } } }, "description": "OK" }, "400": { "description": "Invalid request parameters" } }, "summary": "SearchStacks", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/console/stacks/{orgName}/{projectName}/{stackName}/overview": { "get": { "description": "Returns aggregated stack overview data optimized for display in the Pulumi Cloud web console. The response combines information from multiple sources including the stack's current state, recent activity, resource counts, and configuration into a single response to minimize round trips.", "operationId": "GetStackOverview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StackOverviewResponse" } } }, "description": "OK" } }, "summary": "GetStackOverview", "tags": [ "Stacks" ] } }, "/api/console/stacks/{orgName}/{projectName}/{stackName}/teams/{teamName}": { "patch": { "description": "Modifies the permissions that a specific team has for the referenced stack. This allows setting the team's permission level (read, write, admin) for a single stack without affecting the team's permissions on other stacks. Returns 400 if the permission level is invalid or the team does not have the required base permissions. Returns 403 if the caller lacks permission to update the team. Returns 404 if the team does not exist.", "operationId": "UpdateTeamStackPermissions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateTeamStackPermissionsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid stack permission or team does not have permissions for the program" }, "403": { "description": "You do not have permission to update this team." }, "404": { "description": "Team" } }, "summary": "UpdateTeamStackPermissions", "tags": [ "Stacks" ] } }, "/api/console/stacks/{orgName}/{projectName}/{stackName}/updates/latest/summary": { "get": { "description": "Returns a human-readable summary of the most recent update to the stack, without requiring a specific update ID. The summary is formatted identically to the UpdateSummary endpoint, including a tree view of resource changes. This is a convenience endpoint that automatically resolves the latest update version. Returns 404 if the stack has no updates.", "operationId": "UpdateSummaryHandlerLatest", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ConsoleUpdateSummary" } } }, "description": "OK" }, "404": { "description": "Update" } }, "summary": "UpdateSummaryHandlerLatest", "tags": [ "Stacks" ] } }, "/api/console/stacks/{orgName}/{projectName}/{stackName}/updates/{updateID}/summary": { "get": { "description": "Returns a human-readable summary of a specific update, identified by its update ID. The summary is formatted in the same manner as generated by the CLI on 'pulumi up', including a tree view of resource changes, create/update/delete counts, and the overall result. This endpoint is optimized for display in the Pulumi Cloud web console. Returns 404 if the update does not exist.", "operationId": "UpdateSummary", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ConsoleUpdateSummary" } } }, "description": "OK" }, "404": { "description": "Update" } }, "summary": "UpdateSummary", "tags": [ "Stacks" ] } }, "/api/deployments/executor": { "get": { "description": "Streams the Linux/AMD64 Pulumi Deployments executor binary to the requester. The executor is the component that runs inside a deployment container and executes the actual Pulumi operations. The binary is retrieved from the Docker image/filesystem and proxied through the service to control access. This API is for internal use by workflow runners and requires valid credentials.", "operationId": "GetPulumiDeployExecutor", "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" } }, "summary": "GetPulumiDeployExecutor", "tags": [ "Deployments" ] } }, "/api/deployments/poll": { "get": { "description": "Polls the Pulumi Deployments queue for available work to execute. This endpoint is used by self-hosted deployment agents running in agent pools to pick up queued deployment jobs. Returns 200 with the next available deployment's workflow definition if work is available, or 204 No Content if the queue is empty. Agents should poll this endpoint repeatedly. Authenticated using an agent pool secret rather than a user access token.", "operationId": "PollDeploymentsQueue", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AgentWorkflowDefinition" } } }, "description": "OK" }, "204": { "description": "No Content" }, "403": { "description": "Forbidden" } }, "summary": "PollDeploymentsQueue", "tags": [ "Deployments" ] } }, "/api/deployments/{deploymentId}/status": { "get": { "description": "Returns the current execution status of a Pulumi Deployments run. This endpoint is used by self-hosted deployment agents running in agent pools to check whether a deployment is still active. Authenticated using an agent pool secret rather than a user access token.", "operationId": "GetDeploymentsStatus", "parameters": [ { "description": "The deployment identifier", "in": "path", "name": "deploymentId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "enum": [ "not-started", "accepted", "running", "failed", "succeeded", "skipped" ], "type": "string", "x-pulumi-model-property": { "enumComments": "JobStatus describes the status of a job run.", "enumFieldComments": [ "JobStatusNotStarted indicates that a job has not yet started.", "JobStatusAccepted indicates that a job has been accepted for execution, but is not yet running.", "JobStatusRunning indicates that a job is running.", "JobStatusFailed indicates that a job has failed.", "JobStatusSucceeded indicates that a job has succeeded.", "JobStatusSkipped indicates that a job has skipped as there are fresher deployments to execute in the queue." ], "enumFieldNames": [ "NotStarted", "Accepted", "Running", "Failed", "Succeeded", "Skipped" ], "enumTypeName": "JobStatus" } } } }, "description": "OK" } }, "summary": "GetDeploymentsStatus", "tags": [ "Deployments" ] } }, "/api/esc/cloudsetup/{orgName}/aws/setup": { "post": { "description": "Sets up AWS infrastructure using provided static credentials", "operationId": "AWSSetup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AWSSetupRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CloudSetupResult" } } }, "description": "OK" }, "400": { "description": "Failed to setup infrastructure" } }, "summary": "AWSSetup", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/aws/sso/accounts": { "get": { "description": "Lists AWS accounts accessible with the provided session", "operationId": "AWSSSOListAccounts", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The AWS region", "in": "query", "name": "region", "schema": { "type": "string" } }, { "description": "The SSO session identifier", "in": "query", "name": "sessionId", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListCloudAccountsResponse" } } }, "description": "OK" }, "400": { "description": "Failed to list accounts" }, "404": { "description": "Organization or Session not found" }, "412": { "description": "Session not yet authorized" } }, "summary": "AWSSSOListAccounts", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/aws/sso/initiate": { "post": { "description": "Initiates the AWS SSO flow", "operationId": "AWSSSOInitiate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AWSSSOInitiateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AWSSSOInitiateResponse" } } }, "description": "OK" }, "400": { "description": "Failed to initiate AWS SSO flow" } }, "summary": "AWSSSOInitiate", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/aws/sso/setup": { "post": { "description": "Sets up AWS infrastructure and ESC environments using AWS SSO", "operationId": "AWSSSOSetup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AWSSSOSetupRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CloudSetupResult" } } }, "description": "OK" }, "400": { "description": "Failed to setup infrastructure" }, "404": { "description": "Organization or Session not found" } }, "summary": "AWSSSOSetup", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/oauth/azure/accounts": { "get": { "description": "Lists Azure subscriptions accessible with the provided ARM session", "operationId": "AzureListAccounts", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Azure ARM session identifier", "in": "query", "name": "armSessionId", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListCloudAccountsResponse" } } }, "description": "OK" }, "400": { "description": "Failed to list azure subscriptions" }, "404": { "description": "Organization or Session not found" } }, "summary": "AzureListAccounts", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/oauth/azure/setup": { "post": { "description": "Sets up Azure infrastructure and ESC environments using OAuth credentials", "operationId": "AzureSetup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AzureSetupRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CloudSetupResult" } } }, "description": "OK" }, "400": { "description": "Failed to setup infrastructure" }, "404": { "description": "Organization or Session not found" } }, "summary": "AzureSetup", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/oauth/complete": { "post": { "description": "Completes OAuth flow by exchanging authorization code for access token", "operationId": "CompleteOAuth", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CompleteOAuthRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CompleteOAuthResponse" } } }, "description": "OK" }, "400": { "description": "Failed to complete OAuth" } }, "summary": "CompleteOAuth", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/oauth/gcp/accounts": { "get": { "description": "Lists GCP projects accessible with the provided oauth session", "operationId": "GCPListAccounts", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The OAuth session identifier", "in": "query", "name": "oauthSessionId", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListCloudAccountsResponse" } } }, "description": "OK" }, "400": { "description": "Failed to list gcp projects" }, "404": { "description": "Organization or Session not found" } }, "summary": "GCPListAccounts", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/oauth/gcp/setup": { "post": { "description": "Sets up GCP infrastructure using OAuth credentials", "operationId": "GCPSetup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GCPSetupRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CloudSetupResult" } } }, "description": "OK" }, "400": { "description": "Failed to setup infrastructure" }, "404": { "description": "Organization or Session not found" } }, "summary": "GCPSetup", "tags": [ "CloudSetup" ] } }, "/api/esc/cloudsetup/{orgName}/oauth/initiate": { "post": { "description": "Initiates OAuth flow for a given cloud provider", "operationId": "InitiateOAuth", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InitiateOAuthRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InitiateOAuthResponse" } } }, "description": "OK" }, "400": { "description": "Failed to initiate oauth" } }, "summary": "InitiateOAuth", "tags": [ "CloudSetup" ] } }, "/api/esc/environments": { "get": { "description": "Returns a paginated list of all Pulumi ESC environments accessible to the authenticated user across all organizations they belong to. Each entry includes the organization, project, environment name, and creation/modification timestamps. Use the organization query parameter to filter results to a specific organization. Use continuationToken for pagination through large result sets.", "operationId": "ListEnvironments_esc", "parameters": [ { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Whether to include referrer metadata. Defaults to false.", "in": "query", "name": "includeReferrerMetadata", "schema": { "type": "boolean" } }, { "description": "Maximum number of results for pagination", "in": "query", "name": "maxResults", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter results to this organization name", "in": "query", "name": "organization", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid continuation token" } }, "summary": "ListEnvironments", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}": { "get": { "description": "Returns a paginated list of all Pulumi ESC environments within a specific organization. Each entry includes the project, environment name, and creation/modification timestamps. Results are scoped to the organization specified in the URL path. Use continuationToken for pagination through large result sets.", "operationId": "ListOrgEnvironments_esc", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Whether to include referrer metadata. Defaults to false.", "in": "query", "name": "includeReferrerMetadata", "schema": { "type": "boolean" } }, { "description": "Maximum number of results for pagination", "in": "query", "name": "maxResults", "schema": { "format": "int64", "type": "integer" } }, { "description": "The custom role to use for listing environments", "in": "query", "name": "roleID", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentsResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListOrgEnvironments", "tags": [ "Environments" ] }, "post": { "description": "Creates a new Pulumi ESC (Environments, Secrets, and Configuration) environment within the specified organization. The request body must include the project name and the environment name. Environment names must be unique within a project and may only contain alphanumeric characters, hyphens, underscores, and periods. The newly created environment starts with an empty YAML definition that can be updated via the UpdateEnvironment endpoint.", "operationId": "CreateEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CreateEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/restore": { "get": { "description": "Returns a paginated list of soft-deleted Pulumi ESC environments within an organization that are still within the retention window and eligible for restoration. Use the continuationToken query parameter for pagination. Deleted environments can be restored via the RestoreEnvironment endpoint.", "operationId": "ListDeletedEnvironments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid continuation token" }, "404": { "description": "not found" } }, "summary": "ListDeletedEnvironments", "tags": [ "Environments" ] }, "put": { "description": "Restores a previously deleted Pulumi ESC environment within an organization. The request body specifies the environment to restore by its project and name. The environment must have been deleted within the retention window and not yet permanently purged. Returns 204 on success with no response body. Returns 404 if the deleted environment cannot be found.", "operationId": "RestoreEnvironment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestoreEnvironmentRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "404": { "description": "not found" } }, "summary": "RestoreEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/tags": { "get": { "description": "Returns a map of all unique tag names and their distinct values across all Pulumi ESC environments in the organization. The response is a map where each key is a tag name and the value is a list of all distinct values for that tag across all environments. This is useful for building tag-based filtering or discovery UIs.", "operationId": "ListAllEnvironmentTags_esc", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "type": "object" } } }, "description": "successful operation" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListAllEnvironmentTags", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/yaml/check": { "post": { "description": "Checks a raw YAML environment definition for errors without creating or modifying any environment. The YAML definition is provided in the request body and validated for correctness, including imports, provider configurations, function invocations, and interpolation expressions. When the showSecrets query parameter is set to true, secret values are returned in plaintext in the response. This is useful for validating environment definitions before applying them.", "operationId": "CheckYAML_esc", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Whether to show secret values in plaintext", "in": "query", "name": "showSecrets", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CheckYAML", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/yaml/open": { "post": { "description": "Opens an anonymous Pulumi ESC environment from a raw YAML definition provided in the request body, fully resolving all dynamic values, provider integrations, and secrets. Unlike OpenEnvironment, this does not require a pre-existing environment to be stored. The duration parameter specifies how long the session remains valid using Go duration format. Returns an OpenEnvironmentResponse containing the session ID. Use the session ID with ReadAnonymousOpenEnvironment to retrieve the resolved values.", "operationId": "OpenYAML_esc", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The session duration, using Go time units: ns, us, ms, s, m, h (e.g. '2h')", "in": "query", "name": "duration", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "OpenYAML", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/yaml/open/{openSessionID}": { "get": { "description": "Reads the fully resolved values from an anonymous open environment session that was created via the OpenYAML endpoint. The openSessionID path parameter must match a valid, non-expired session. The optional property query parameter accepts a dot-separated path to retrieve a specific nested value instead of the entire resolved environment (e.g., 'aws.credentials.accessKeyId'). The response contains the resolved configuration values with secrets decrypted.", "operationId": "ReadAnonymousOpenEnvironment_esc", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The session ID returned from the open environment operation", "in": "path", "name": "openSessionID", "required": true, "schema": { "type": "string" } }, { "description": "A dot-separated path to a specific property to retrieve from the environment", "in": "query", "name": "property", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "path" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadAnonymousOpenEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}": { "delete": { "description": "Permanently deletes a Pulumi ESC environment and all of its revision history, tags, and associated configuration. This operation is blocked if deletion protection is enabled on the environment (see PatchEnvironmentSettings). Enterprise and Business Critical edition organizations may be able to restore deleted environments within a retention window. Returns 409 if the environment is deletion-protected or has been modified since it was last read.", "operationId": "DeleteEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read, or it's deletion-protected" } }, "summary": "DeleteEnvironment", "tags": [ "Environments" ] }, "get": { "description": "Returns the YAML definition of a Pulumi ESC environment. The response is in application/x-yaml format and includes the environment's imports, values, provider configurations, and function invocations. Secrets remain in their encrypted form (use DecryptEnvironment to see plaintext secrets, or OpenEnvironment to fully resolve all dynamic values). When a version path parameter is provided, returns the definition for that specific revision.", "operationId": "ReadEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadEnvironment", "tags": [ "Environments" ] }, "head": { "description": "Returns the ETag header for a Pulumi ESC environment without returning the full definition body. This is used for lightweight existence checks and for obtaining the current ETag value for optimistic concurrency control. The ETag should be included in subsequent update requests via the If-Match header to prevent concurrent modification conflicts. Returns 404 if the environment does not exist.", "operationId": "HeadEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "HeadEnvironment", "tags": [ "Environments" ] }, "patch": { "description": "Validates and updates the YAML definition of a Pulumi ESC environment. The request body must contain the complete environment definition in application/x-yaml format, including imports, values, provider configurations, and function invocations. Each successful update creates a new immutable revision in the environment's version history. Supports optimistic concurrency control via ETag/If-Match headers; returns 409 if the environment has been modified since it was last read.", "operationId": "UpdateEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "UpdateEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/check": { "post": { "description": "Checks a Pulumi ESC environment definition for errors without applying changes. This validates the YAML definition including imports, provider configurations, function invocations (fn::open, fn::secret, etc.), and interpolation expressions. When the showSecrets query parameter is set to true, secret values are returned in plaintext in the response. The response includes any diagnostics or validation errors found in the environment definition. Supports optimistic concurrency control via ETag headers.", "operationId": "CheckEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Whether to show secret values in plaintext", "in": "query", "name": "showSecrets", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CheckEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CheckEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/clone": { "post": { "description": "Creates a duplicate of a Pulumi ESC environment in a new project and/or under a new name. The request body specifies the destination project and environment name, along with options to control what is preserved during the clone: preserveAccess retains permission settings, preserveHistory retains the full revision history, preserveEnvironmentTags retains environment-level tags, and preserveRevisionTags retains version-specific tags. Environments cannot be renamed directly, so cloning is the mechanism for moving or renaming environments.", "operationId": "CloneEnvironment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CloneEnvironmentRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CloneEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/decrypt": { "get": { "description": "Reads the YAML definition for a Pulumi ESC environment with all static secrets decrypted and shown in plaintext. Unlike the standard ReadEnvironment endpoint which returns secrets in their encrypted form, this endpoint resolves fn::secret values to their plaintext representations. The response is returned in application/x-yaml format. This does not resolve dynamic provider values (fn::open); use OpenEnvironment for full resolution. Requires environment open permission.", "operationId": "DecryptEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "DecryptEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/decrypt-secrets": { "post": { "description": "Decrypts encrypted secret values in a Pulumi ESC environment definition. Takes an environment definition containing encrypted secrets and returns the same definition with those values decrypted to plaintext. This is useful for inspecting or migrating environment definitions that contain fn::secret values. Requires environment open permission. Returns 413 if the request content exceeds the maximum allowed size.", "operationId": "DecryptEnvironmentSecrets", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DecryptEnvironmentSecretsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DecryptEnvironmentSecretsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid input" }, "404": { "description": "Organization or Environment not found" }, "413": { "description": "Request Content Too Large" } }, "summary": "DecryptEnvironmentSecrets", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/drafts": { "post": { "description": "Creates a new draft change request for a Pulumi ESC environment. Drafts allow proposing changes to an environment definition that can be reviewed and approved before being applied. This is part of the approvals workflow for environments. Returns a ChangeRequestRef containing the draft identifier. Requires the Approvals feature to be enabled for the organization.", "operationId": "CreateEnvironmentDraft", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeRequestRef" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "draft" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CreateEnvironmentDraft", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/drafts/{changeRequestID}": { "get": { "description": "Reads the YAML definition for a draft version of a Pulumi ESC environment. Drafts are proposed changes created as part of the approvals workflow. The draft is identified by the changeRequestID path parameter. An optional revision query parameter can target a specific base revision. The response is returned in application/x-yaml format. Requires the Approvals feature to be enabled.", "operationId": "ReadEnvironmentDraft", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The change request ID", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } }, { "description": "The environment revision number to target", "in": "query", "name": "revision", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Invalid input" } }, "summary": "ReadEnvironmentDraft", "tags": [ "Environments" ] }, "patch": { "description": "Updates the YAML definition of an existing draft change request for a Pulumi ESC environment. The draft is identified by the changeRequestID path parameter. The request body contains the updated YAML definition. Returns a ChangeRequestRef on success. Requires the Approvals feature to be enabled for the organization.", "operationId": "UpdateEnvironmentDraft", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The change request ID", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeRequestRef" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "draft" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "UpdateEnvironmentDraft", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/drafts/{changeRequestID}/open": { "post": { "description": "Opens a draft version of a Pulumi ESC environment, fully resolving all dynamic values, provider integrations, and secrets for the proposed changes. The duration parameter specifies how long the open session remains valid using Go duration format (e.g., '2h', '30m'). An optional revision parameter can target a specific base revision. Returns an OpenEnvironmentResponse containing the session ID for subsequent reads. Requires the Approvals feature.", "operationId": "OpenEnvironmentDraft", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The change request ID", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } }, { "description": "The session duration, using Go time units: ns, us, ms, s, m, h (e.g. '2h')", "in": "query", "name": "duration", "schema": { "type": "string" } }, { "description": "The environment revision number to target", "in": "query", "name": "revision", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "Change Request" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "OpenEnvironmentDraft", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/encrypt-secrets": { "post": { "description": "Encrypts plaintext secret values in a Pulumi ESC environment definition. Takes an environment definition containing plaintext secrets and returns the same definition with those values encrypted using the environment's encryption key. This is useful for preparing environment definitions that contain sensitive values before storing or updating them. Returns 413 if the request content exceeds the maximum allowed size.", "operationId": "EncryptEnvironmentSecrets", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EncryptEnvironmentSecretsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EncryptEnvironmentSecretsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid input" }, "404": { "description": "Organization or Environment not found" }, "413": { "description": "Request Content Too Large" } }, "summary": "EncryptEnvironmentSecrets", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/hooks": { "get": { "description": "Returns a list of all webhooks configured for a Pulumi ESC environment. Each webhook entry includes its name, destination URL, event filters, format, and active status. Webhooks enable external services to be notified of environment events such as updates and opens.", "operationId": "ListWebhooks_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/WebhookResponse" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "ListWebhooks", "tags": [ "Environments" ] }, "post": { "description": "Creates a new webhook for a Pulumi ESC environment. Webhooks allow external services to be notified when environment events occur, such as updates or opens. The request body specifies the webhook configuration including the destination URL, event filters, and format. Returns 400 if the organization name in the request body does not match the URL path parameter. Returns 409 if a webhook with the same name already exists.", "operationId": "CreateWebhook_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "Created" }, "400": { "description": "Organization name from request body doesn't match URL." }, "409": { "description": "Webhook already exists" } }, "summary": "CreateWebhook", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/hooks/{hookName}": { "delete": { "description": "Deletes a webhook from a Pulumi ESC environment. The webhook is identified by its name in the URL path. After deletion, the external service will no longer receive notifications for environment events. Returns 204 on success with no response body.", "operationId": "DeleteWebhook_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeleteWebhook", "tags": [ "Environments" ] }, "get": { "description": "Returns the configuration and status of a single webhook for a Pulumi ESC environment. The webhook is identified by its name in the URL path. The response includes the webhook's destination URL, event filters, format, and active status. Returns 404 if the webhook does not exist.", "operationId": "GetWebhook_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "GetWebhook", "tags": [ "Environments" ] }, "patch": { "description": "Updates the configuration of an existing webhook on a Pulumi ESC environment. The webhook is identified by its name in the URL path. The request body contains the updated webhook configuration including destination URL, event filters, format, and active status. Returns the updated WebhookResponse on success. Returns 400 if an invalid format is specified.", "operationId": "UpdateWebhook_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "OK" }, "400": { "description": "'pulumi_deployments' format can only be used on stack or environment webhooks." }, "404": { "description": "Webhook" } }, "summary": "UpdateWebhook", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/hooks/{hookName}/deliveries": { "get": { "description": "Returns a list of recent delivery attempts for a specific webhook on a Pulumi ESC environment. Each delivery record includes the HTTP status code, response body, timestamp, and whether the delivery was successful. This is useful for debugging webhook integration issues and verifying that events are being received.", "operationId": "GetWebhookDeliveries_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/WebhookDelivery" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "GetWebhookDeliveries", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/hooks/{hookName}/deliveries/{event}/redeliver": { "post": { "description": "Triggers the Pulumi Service to redeliver a specific event to a webhook on a Pulumi ESC environment. This is useful for resending events that the webhook endpoint failed to process on the initial delivery attempt (e.g., due to temporary downtime or errors). The event is identified by its delivery event ID in the URL path. Returns the new WebhookDelivery record for the redelivery.", "operationId": "RedeliverWebhookEvent_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook delivery event ID to redeliver", "in": "path", "name": "event", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookDelivery" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "RedeliverWebhookEvent", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/hooks/{hookName}/ping": { "post": { "description": "Sends a test ping event to a webhook on a Pulumi ESC environment to verify that the webhook endpoint is reachable and functioning correctly. This bypasses the normal message queue and issues the request directly to the webhook URL. Returns the WebhookDelivery record containing the HTTP status code and response from the target endpoint.", "operationId": "PingWebhook_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookDelivery" } } }, "description": "OK" }, "404": { "description": "Organization or Environment not found" } }, "summary": "PingWebhook", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/metadata": { "get": { "description": "Returns metadata for a Pulumi ESC environment, including the calling user's effective permission level (read, open, write, admin), creation and modification timestamps, the environment's project, and other administrative information. This is useful for determining what actions the current user can perform on the environment before attempting those operations.", "operationId": "GetEnvironmentMetadata_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentMetadata" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "GetEnvironmentMetadata", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/open": { "post": { "description": "Opens a Pulumi ESC environment, fully resolving all dynamic values, provider integrations (fn::open), interpolation expressions, and secrets. This initiates an access session that evaluates the complete environment definition including all imports. The duration parameter specifies how long the session remains valid using Go duration format (e.g., '2h45m', '300ms'). Returns an OpenEnvironmentResponse containing the session ID and any diagnostics. Use the session ID with ReadOpenEnvironment to retrieve the resolved values.", "operationId": "OpenEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The session duration, using Go time units: ns, us, ms, s, m, h (e.g. '2h')", "in": "query", "name": "duration", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "OpenEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/open/request": { "post": { "description": "Creates an open request for a Pulumi ESC environment that has gated opens enabled. When an environment has open gates configured, opening the environment requires an approval workflow. This endpoint initiates that process by creating an open request, and also creates corresponding open requests for each imported environment that has open gates. Requires the Approvals feature to be enabled for the organization. Returns 400 if the environment does not have gated opens.", "operationId": "CreateOpenEnvironmentRequest", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentOpenRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentOpenRequestResponse" } } }, "description": "OK" }, "400": { "description": "unable to create open request, please check whether opens are gated" }, "404": { "description": "open request" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CreateOpenEnvironmentRequest", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/open/request/{changeRequestID}": { "get": { "description": "Reads the details of an open environment request that was created as part of the gated opens approval workflow. The request is identified by the changeRequestID path parameter. The response includes the request's status, the requesting user, and approval details. An optional revision query parameter can target a specific environment revision. Requires the Approvals feature to be enabled.", "operationId": "ReadOpenEnvironmentRequest", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The change request ID", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } }, { "description": "The environment revision number to target", "in": "query", "name": "revision", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentOpenRequest" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "open request" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadOpenEnvironmentRequest", "tags": [ "Environments" ] }, "put": { "description": "Updates an existing open environment request that was created as part of the gated opens approval workflow. The request is identified by the changeRequestID path parameter. The request body contains the updated open request details, such as approval status. Returns a ChangeRequestRef on success. Requires the Approvals feature to be enabled for the organization.", "operationId": "UpdateOpenEnvironmentRequest", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The change request ID", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentOpenRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeRequestRef" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "open request" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "UpdateOpenEnvironmentRequest", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/open/{openSessionID}": { "get": { "description": "Reads the fully resolved values from an open environment session that was created via the OpenEnvironment endpoint. The openSessionID path parameter must match a valid, non-expired session. The optional property query parameter accepts a dot-separated path to retrieve a specific nested value instead of the entire resolved environment (e.g., 'aws.credentials.accessKeyId'). The response contains all resolved configuration values with secrets decrypted and provider-sourced values fully evaluated.", "operationId": "ReadOpenEnvironment_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The session ID returned from the open environment operation", "in": "path", "name": "openSessionID", "required": true, "schema": { "type": "string" } }, { "description": "A dot-separated path to a specific property to retrieve from the environment", "in": "query", "name": "property", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "path" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadOpenEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/ownership": { "post": { "description": "Changes the ownership of the specified environment to the provided user. Returns the identity of the previous owner.", "operationId": "ReassignEnvironmentOwnership", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserInfo" } } }, "description": "The new owner's identity", "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserInfo" } } }, "description": "OK" } }, "summary": "ReassignEnvironmentOwnership", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/referrers": { "get": { "description": "Returns a paginated list of entities that reference a Pulumi ESC environment, including other environments that import it and Pulumi stacks that use it in their configuration. The count parameter limits results (range 1-500). Set allRevisions to true to include references across all revisions, and latestStackVersionOnly to true to return only the latest stack version for each referring stack. Use continuationToken for pagination.", "operationId": "ListEnvironmentReferrers_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Whether to include all revisions", "in": "query", "name": "allRevisions", "schema": { "type": "boolean" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } }, { "description": "Whether to return only the latest stack version", "in": "query", "name": "latestStackVersionOnly", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentReferrersResponse" } } }, "description": "OK" }, "400": { "description": "count must be in the range [1, 500]" }, "404": { "description": "environment" } }, "summary": "ListEnvironmentReferrers", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/rotate": { "post": { "description": "Triggers secret rotation for a Pulumi ESC environment. This evaluates all fn::rotate declarations in the environment definition and rotates the corresponding secrets in their external systems (e.g., rotating database passwords, API keys, or cloud credentials). Requires the secret rotation feature to be enabled for the organization. Returns 409 if the environment has been modified since it was last read.", "operationId": "RotateEnvironment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RotateEnvironmentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RotateEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "403": { "description": "Secret rotation is not enabled for this organization" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "RotateEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/rotate/history": { "get": { "description": "Returns the secret rotation history for a Pulumi ESC environment. Each entry represents a rotation event where secrets defined with fn::rotate were cycled to new values in their external systems. The response includes timestamps, outcomes, and the rotators involved. Requires the secret rotation feature to be enabled for the organization.", "operationId": "ListEnvironmentSecretRotationHistory", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentSecretRotationHistoryResponse" } } }, "description": "OK" }, "403": { "description": "Secret rotation is not enabled for the organization" } }, "summary": "ListEnvironmentSecretRotationHistory", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/schedules": { "get": { "description": "Returns all scheduled actions configured for a Pulumi ESC environment. Schedules automate recurring operations such as secret rotation. The response includes each schedule's timing configuration, action type, and current status (active or paused).", "operationId": "ListEnvironmentSchedule", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListScheduledActionsResponse" } } }, "description": "OK" }, "404": { "description": "Organization or Environment not found" } }, "summary": "ListEnvironmentSchedule", "tags": [ "Environments" ] }, "post": { "description": "Creates a new scheduled action for a Pulumi ESC environment. Schedules can be used to automate recurring operations on environments, such as secret rotation. The request body specifies the schedule timing and the action to perform. Returns the created ScheduledAction on success. Requires the secret rotation feature to be enabled for the organization.", "operationId": "CreateEnvironmentSchedule", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentScheduleRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "400": { "description": "Invalid input" }, "403": { "description": "Secret rotation feature is not enabled for the organization" }, "404": { "description": "Organization or Environment not found" } }, "summary": "CreateEnvironmentSchedule", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/schedules/{scheduleID}": { "delete": { "description": "Permanently deletes a scheduled action from a Pulumi ESC environment. This removes the schedule and cancels any future executions. The schedule is identified by its scheduleID. Requires the secret rotation feature to be enabled for the organization.", "operationId": "DeleteEnvironmentSchedule", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule ID", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "Bad Request" }, "403": { "description": "Secret rotation feature is not enabled for the organization" }, "404": { "description": "Organization or Environment not found" } }, "summary": "DeleteEnvironmentSchedule", "tags": [ "Environments" ] }, "get": { "description": "Returns the details of a specific scheduled action for a Pulumi ESC environment. The schedule is identified by the scheduleID path parameter. The response includes the schedule's timing configuration (cron expression or one-time), the action to perform, and the current status (active or paused).", "operationId": "ReadEnvironmentSchedule", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule ID", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" } }, "summary": "ReadEnvironmentSchedule", "tags": [ "Environments" ] }, "patch": { "description": "Updates the configuration of a scheduled action for a Pulumi ESC environment. The schedule is identified by the scheduleID path parameter. The request body specifies the updated timing and action configuration. Changes take effect for future executions only; any currently running execution is not affected. Returns the updated ScheduledAction on success.", "operationId": "UpdateEnvironmentSchedule", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule ID", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentScheduleRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "EnvironmentSchedule" } }, "summary": "UpdateEnvironmentSchedule", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/schedules/{scheduleID}/history": { "get": { "description": "Returns the execution history for a specific scheduled action on a Pulumi ESC environment. Each history entry includes the execution timestamp, outcome (success or failure), and any error details. This is useful for monitoring the reliability of automated operations like secret rotation.", "operationId": "ListEnvironmentScheduleHistory", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule ID", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListScheduledActionHistoryResponse" } } }, "description": "OK" }, "404": { "description": "Organization or Environment not found" } }, "summary": "ListEnvironmentScheduleHistory", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/schedules/{scheduleID}/pause": { "post": { "description": "Pauses a scheduled action on a Pulumi ESC environment, preventing any future executions until the schedule is resumed. The schedule's configuration is preserved and can be reactivated via the ResumeEnvironmentSchedule endpoint. This is useful for temporarily disabling automated operations like secret rotation without deleting the schedule.", "operationId": "PauseEnvironmentSchedule", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule ID", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "404": { "description": "Organization or Environment not found" } }, "summary": "PauseEnvironmentSchedule", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/schedules/{scheduleID}/resume": { "post": { "description": "Resumes a previously paused scheduled action on a Pulumi ESC environment, re-enabling future executions. The schedule will continue from its next scheduled time according to its configured timing (cron expression or one-time schedule). The schedule is identified by the scheduleID path parameter.", "operationId": "ResumeEnvironmentSchedule", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule ID", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "404": { "description": "Organization or Environment not found" } }, "summary": "ResumeEnvironmentSchedule", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/settings": { "get": { "description": "Returns the current settings for a Pulumi ESC environment, including whether deletion protection is enabled. Deletion protection prevents the environment from being deleted until the setting is explicitly disabled. Settings can be modified via the PatchEnvironmentSettings endpoint.", "operationId": "GetEnvironmentSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentSettings" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "GetEnvironmentSettings", "tags": [ "Environments" ] }, "patch": { "description": "Updates settings for a Pulumi ESC environment using a partial update (patch) approach. Currently supports toggling deletion protection via the deletionProtected field. When deletionProtected is set to true, the environment cannot be deleted until the setting is explicitly disabled. Only the fields included in the request body are modified; omitted fields retain their current values.", "operationId": "PatchEnvironmentSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PatchEnvironmentSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "PatchEnvironmentSettings", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/tags": { "get": { "description": "Returns a paginated list of user-defined tags for a Pulumi ESC environment. Tags are key-value pairs used for organizing and categorizing environments. Use the after parameter for cursor-based pagination and count to limit the number of results returned.", "operationId": "ListEnvironmentTags_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Only return results after this value", "in": "query", "name": "after", "schema": { "format": "int64", "type": "integer" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentTagsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid input" }, "404": { "description": "Organization or Environment not found" } }, "summary": "ListEnvironmentTags", "tags": [ "Environments" ] }, "post": { "description": "Adds a new user-defined tag to a Pulumi ESC environment. Tags are key-value pairs that provide contextual metadata for organizing and searching environments (e.g., region=us-east-1, team=platform). The tag name and value are provided in the request body. Returns the created EnvironmentTag on success. Returns 409 if a tag with the same name already exists on the environment.", "operationId": "CreateEnvironmentTag_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentTagRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentTag" } } }, "description": "OK" }, "400": { "description": "Invalid tag name or value" }, "404": { "description": "environment" }, "409": { "description": "Tag already exists" } }, "summary": "CreateEnvironmentTag", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/tags/{tagName}": { "delete": { "description": "Removes a user-defined tag from a Pulumi ESC environment. The tag is identified by its name in the URL path. Returns 204 on success with no response body. Returns 404 if the tag does not exist on the environment.", "operationId": "DeleteEnvironmentTag_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The environment tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid tag name or value" }, "404": { "description": "tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "DeleteEnvironmentTag", "tags": [ "Environments" ] }, "get": { "description": "Returns a single user-defined tag for a Pulumi ESC environment, identified by the tag name in the URL path. The response includes the tag name, value, and metadata. Returns 404 if the tag does not exist on the environment.", "operationId": "GetEnvironmentTag_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The environment tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentTag" } } }, "description": "OK" }, "404": { "description": "tag" } }, "summary": "GetEnvironmentTag", "tags": [ "Environments" ] }, "patch": { "description": "Modifies the value of an existing user-defined tag on a Pulumi ESC environment. The tag is identified by its name in the URL path. The request body contains the new value for the tag. Returns the updated EnvironmentTag on success. Returns 404 if the tag does not exist on the environment.", "operationId": "UpdateEnvironmentTag_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The environment tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateEnvironmentTagRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentTag" } } }, "description": "OK" }, "400": { "description": "Invalid tag name or value" }, "404": { "description": "environment tag" } }, "summary": "UpdateEnvironmentTag", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions": { "get": { "description": "Returns a paginated list of revisions for a Pulumi ESC environment. Each revision represents an immutable snapshot of the environment definition created when the environment is updated. The response includes revision numbers, timestamps, and the identity of the user who made each change. Use the before parameter to fetch revisions before a specific revision number, and count to limit the number of results returned.", "operationId": "ListEnvironmentRevisions_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Only return results before this revision", "in": "query", "name": "before", "schema": { "format": "int64", "type": "integer" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/EnvironmentRevision" }, "type": "array" } } }, "description": "successful operation" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListEnvironmentRevisions", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/tags": { "get": { "description": "Returns a paginated list of revision tags for a Pulumi ESC environment. Revision tags are named references pointing to specific revision numbers (e.g., 'latest', 'prod', 'stable'). They can be used in environment imports and Pulumi stack configuration to pin to a specific version. Use the after parameter for cursor-based pagination and count to limit results.", "operationId": "ListRevisionTags_esc_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Only return results after this value", "in": "query", "name": "after", "schema": { "type": "string" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentRevisionTagsResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListRevisionTags", "tags": [ "Environments" ] }, "post": { "description": "Creates a new revision tag for a Pulumi ESC environment. Revision tags are named references that point to specific revision numbers, similar to Git tags. They allow pinning a stable reference to a known-good version of an environment. Tagged versions can be used in imports and Pulumi stack configuration (e.g., myproject/env@prod) to ensure stable references unaffected by subsequent changes. The built-in 'latest' tag always points to the most recent revision.", "operationId": "CreateRevisionTag_esc_environments_versions_tags", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentRevisionTagRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid revision tag" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CreateRevisionTag", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/tags/{tagName}": { "delete": { "description": "Deletes a named revision tag from a Pulumi ESC environment. The tag is identified by its name in the URL path. After deletion, any imports or stack configurations referencing this tag will fail to resolve. The built-in 'latest' tag cannot be deleted. Returns 204 on success with no response body.", "operationId": "DeleteRevisionTag_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid revision tag" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "DeleteRevisionTag", "tags": [ "Environments" ] }, "get": { "description": "Returns the details of a specific revision tag for a Pulumi ESC environment. The tag is identified by its name in the URL path. The response includes the tag name and the revision number it points to. Returns 404 if the tag does not exist.", "operationId": "ReadRevisionTag_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentRevisionTag" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadRevisionTag", "tags": [ "Environments" ] }, "patch": { "description": "Updates an existing revision tag for a Pulumi ESC environment to point to a different revision number. The tag is identified by its name in the URL path. The request body specifies the new revision number. This allows advancing or rolling back a named reference (e.g., moving the 'prod' tag to a newer or older revision). Returns 204 on success with no response body.", "operationId": "UpdateRevisionTag_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateEnvironmentRevisionTagRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid revision tag" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "UpdateRevisionTag", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/{version}": { "get": { "description": "Returns the YAML definition of a Pulumi ESC environment. The response is in application/x-yaml format and includes the environment's imports, values, provider configurations, and function invocations. Secrets remain in their encrypted form (use DecryptEnvironment to see plaintext secrets, or OpenEnvironment to fully resolve all dynamic values). When a version path parameter is provided, returns the definition for that specific revision.", "operationId": "ReadEnvironment_esc_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/{version}/check": { "post": { "description": "Checks a Pulumi ESC environment definition for errors without applying changes. This validates the YAML definition including imports, provider configurations, function invocations (fn::open, fn::secret, etc.), and interpolation expressions. When the showSecrets query parameter is set to true, secret values are returned in plaintext in the response. The response includes any diagnostics or validation errors found in the environment definition. Supports optimistic concurrency control via ETag headers.", "operationId": "CheckEnvironment_esc_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "Whether to show secret values in plaintext", "in": "query", "name": "showSecrets", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CheckEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CheckEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/{version}/decrypt": { "get": { "description": "Reads the YAML definition for a Pulumi ESC environment with all static secrets decrypted and shown in plaintext. Unlike the standard ReadEnvironment endpoint which returns secrets in their encrypted form, this endpoint resolves fn::secret values to their plaintext representations. The response is returned in application/x-yaml format. This does not resolve dynamic provider values (fn::open); use OpenEnvironment for full resolution. Requires environment open permission.", "operationId": "DecryptEnvironment_esc_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Invalid input" }, "404": { "description": "Organization or Environment not found" } }, "summary": "DecryptEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/{version}/open": { "post": { "description": "Opens a Pulumi ESC environment, fully resolving all dynamic values, provider integrations (fn::open), interpolation expressions, and secrets. This initiates an access session that evaluates the complete environment definition including all imports. The duration parameter specifies how long the session remains valid using Go duration format (e.g., '2h45m', '300ms'). Returns an OpenEnvironmentResponse containing the session ID and any diagnostics. Use the session ID with ReadOpenEnvironment to retrieve the resolved values.", "operationId": "OpenEnvironment_esc_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "The session duration, using Go time units: ns, us, ms, s, m, h (e.g. '2h')", "in": "query", "name": "duration", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "OpenEnvironment", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/{version}/referrers": { "get": { "description": "Returns a paginated list of entities that reference a Pulumi ESC environment, including other environments that import it and Pulumi stacks that use it in their configuration. The count parameter limits results (range 1-500). Set allRevisions to true to include references across all revisions, and latestStackVersionOnly to true to return only the latest stack version for each referring stack. Use continuationToken for pagination.", "operationId": "ListEnvironmentReferrers_esc_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "Whether to include all revisions", "in": "query", "name": "allRevisions", "schema": { "type": "boolean" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } }, { "description": "Whether to return only the latest stack version", "in": "query", "name": "latestStackVersionOnly", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentReferrersResponse" } } }, "description": "OK" }, "400": { "description": "count must be in the range [1, 500]" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListEnvironmentReferrers", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/{version}/retract": { "post": { "description": "Retracts a specific revision of a Pulumi ESC environment, marking it as withdrawn. A retracted revision remains in the history but is no longer considered a valid version for use. The request body may include a reason for the retraction. The revision is identified by the version path parameter. Returns 204 on success with no response body.", "operationId": "RetractEnvironmentRevision_esc_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RetractEnvironmentRevisionRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "RetractEnvironmentRevision", "tags": [ "Environments" ] } }, "/api/esc/environments/{orgName}/{projectName}/{envName}/versions/{version}/tags": { "get": { "description": "Returns a paginated list of revision tags for a Pulumi ESC environment. Revision tags are named references pointing to specific revision numbers (e.g., 'latest', 'prod', 'stable'). They can be used in environment imports and Pulumi stack configuration to pin to a specific version. Use the after parameter for cursor-based pagination and count to limit results.", "operationId": "ListRevisionTags_esc_environments_versions2", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "Only return results after this value", "in": "query", "name": "after", "schema": { "type": "string" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentRevisionTagsResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListRevisionTags", "tags": [ "Environments" ] } }, "/api/esc/providers": { "get": { "description": "Returns a list of all available Pulumi ESC providers. Providers are integrations that dynamically retrieve configuration and secrets from external sources (e.g., AWS, Azure, Google Cloud, HashiCorp Vault, 1Password) via the fn::open function in environment definitions. Optionally filter by organization using the orgName query parameter to see only providers available to that organization.", "operationId": "ListProviders_esc", "parameters": [ { "description": "Filter providers available to this organization", "in": "query", "name": "orgName", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListProvidersResponse" } } }, "description": "OK" } }, "summary": "ListProviders", "tags": [ "Environments" ] } }, "/api/esc/providers/{providerName}/schema": { "get": { "description": "Returns the JSON schema for a Pulumi ESC provider. Providers are integrations that dynamically retrieve configuration and secrets from external sources such as AWS, Azure, Google Cloud, HashiCorp Vault, and others via fn::open. The schema describes the provider's input parameters, output structure, and configuration options. The provider is identified by name in the URL path.", "operationId": "GetProviderSchema_esc", "parameters": [ { "description": "The provider name", "in": "path", "name": "providerName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ProviderSchema" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "provider" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "GetProviderSchema", "tags": [ "Environments" ] } }, "/api/esc/rotators": { "get": { "description": "Returns a list of all available Pulumi ESC secret rotators. Rotators are integrations that automatically rotate secrets in external systems via the fn::rotate function in environment definitions. Optionally filter by organization using the orgName query parameter to see only rotators available to that organization.", "operationId": "ListRotators", "parameters": [ { "description": "Filter rotators available to this organization", "in": "query", "name": "orgName", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListRotatorsResponse" } } }, "description": "OK" } }, "summary": "ListRotators", "tags": [ "Environments" ] } }, "/api/esc/rotators/{rotatorName}/schema": { "get": { "description": "Returns the JSON schema for a Pulumi ESC secret rotator. Rotators are integrations that automatically rotate secrets in external systems via fn::rotate. The schema describes the rotator's input parameters, output structure, and configuration options. The rotator is identified by name in the URL path.", "operationId": "GetRotatorSchema", "parameters": [ { "description": "The rotator name", "in": "path", "name": "rotatorName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ProviderSchema" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "rotator" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "GetRotatorSchema", "tags": [ "Environments" ] } }, "/api/oauth/token": { "post": { "description": "Exchanges an external identity provider token for a Pulumi access token using the OAuth 2.0 Token Exchange flow (RFC 8693).\n\nThe request body must include:\n- `audience`: a URN identifying the target org (e.g., `urn:pulumi:org:{ORG_NAME}`)\n- `grant_type`: must be `urn:ietf:params:oauth:grant-type:token-exchange`\n- `subject_token`: the OIDC identity token from the external provider\n- `subject_token_type`: must be `urn:ietf:params:oauth:token-type:id_token`\n- `requested_token_type`: one of `urn:pulumi:token-type:access_token:organization`, `...team`, `...personal`, or `...runner`\n\nOptional parameters:\n- `scope`: depends on the requested token type. For `organization`, must be empty or `admin`. For `team`, must be `team:TEAM_NAME`. For `personal`, must be `user:USER_LOGIN`. For `runner`, must be `runner:RUNNER_NAME`.\n- `expiration`: token lifetime in seconds\n\nThe response includes `access_token`, `issued_token_type`, `token_type`, `expires_in`, `scope`, and `refresh_token`.", "operationId": "Token", "requestBody": { "content": { "application/json": { "schema": { "additionalProperties": { "type": "object" }, "type": "object" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TokenExchangeGrantResponse" } } }, "description": "OK" } }, "summary": "Token", "tags": [ "Miscellaneous", "OAuthTokenExchange" ] } }, "/api/openapi/pulumi-spec.json": { "get": { "description": "Returns the OpenAPI v3 specification for the service.", "operationId": "FetchRestSpecification", "responses": { "200": { "content": { "application/json": { "schema": { "items": { "format": "byte", "type": "string" }, "type": "array" } } }, "description": "OK" } }, "summary": "FetchRestSpecification", "tags": [ "Miscellaneous" ] } }, "/api/orgs/{orgName}": { "get": { "description": "Returns detailed information about the specified organization, including its name, display name, avatar URL, enabled features, subscription tier, and access control settings. The response includes member count, team availability, and other configuration relevant to the caller's role within the organization.", "operationId": "GetOrganization", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Organization" } } }, "description": "OK" } }, "summary": "GetOrganization", "tags": [ "Organizations" ] }, "patch": { "description": "Updates an organization's settings, such as the default stack permission level for new members, whether members can create teams, and other organization-wide configuration options. Returns the updated organization metadata.", "operationId": "UpdateOrganizationSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateOrganizationRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrganizationMetadata" } } }, "description": "OK" }, "400": { "description": "Invalid organization settings" } }, "summary": "UpdateOrganizationSettings", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/agent-pools": { "get": { "description": "Returns all agent pools configured for an organization. Agent pools enable self-hosted deployment agents, allowing organizations to run Pulumi Deployments on their own infrastructure for accessing private networks, meeting compliance requirements, or using custom execution environments. Each pool in the response includes its ID, name, and configuration details.", "operationId": "ListOrgAgentPool", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAgentPoolsResponse" } } }, "description": "OK" }, "403": { "description": "Forbidden" } }, "summary": "ListOrgAgentPool", "tags": [ "Workflows", "DeploymentRunners" ] }, "post": { "description": "Creates a new agent pool for an organization. Agent pools enable self-hosted deployment agents, allowing organizations to run Pulumi Deployments on their own infrastructure rather than Pulumi-managed infrastructure. This is useful for accessing private networks, meeting compliance requirements, or using custom execution environments. The response includes an access token (agent pool secret) that self-hosted agents use to authenticate when polling for deployment work. This token is only returned once at creation time and cannot be retrieved later.", "operationId": "CreateOrgAgentPool", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateOrgAgentPoolRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateAccessTokenResponse" } } }, "description": "OK" }, "400": { "description": "Metadata object store endpoint is not configured" }, "403": { "description": "Forbidden" } }, "summary": "CreateOrgAgentPool", "tags": [ "Workflows", "DeploymentRunners" ] } }, "/api/orgs/{orgName}/agent-pools/{poolId}": { "delete": { "description": "Deletes an agent pool from an organization. If the agent pool is currently referenced by any stack's deployment settings, the deletion will fail with a 400 error unless the 'force' query parameter is set to true. Force-deleting a pool that is in use will cause affected stacks to fall back to Pulumi-managed infrastructure for future deployments. Returns 204 No Content on success.", "operationId": "DeleteOrgAgentPool", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The agent pool identifier", "in": "path", "name": "poolId", "required": true, "schema": { "type": "string" } }, { "description": "Force the operation even if the pool is in use", "in": "query", "name": "force", "schema": { "type": "boolean" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Agent pool is in use" }, "403": { "description": "Forbidden" }, "404": { "description": "AgentPool" } }, "summary": "DeleteOrgAgentPool", "tags": [ "Workflows", "DeploymentRunners" ] }, "get": { "description": "Returns the details of a specific agent pool, including its name, ID, creation timestamp, and configuration. Agent pools enable self-hosted deployment agents that run Pulumi Deployments on organization-managed infrastructure. The pool ID can be referenced in stack deployment settings to route deployments to self-hosted agents instead of Pulumi-managed infrastructure.", "operationId": "GetAgentPool", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The agent pool identifier", "in": "path", "name": "poolId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AgentPoolDetail" } } }, "description": "OK" }, "403": { "description": "Forbidden" }, "404": { "description": "AgentPool" } }, "summary": "GetAgentPool", "tags": [ "Workflows", "DeploymentRunners" ] }, "patch": { "description": "Updates an existing agent pool's configuration for an organization. This can be used to modify the pool's name or other configurable properties. The request body uses the same format as CreateOrgAgentPool. Only provided fields are updated; omitted fields remain unchanged.", "operationId": "PatchOrgAgentPool", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The agent pool identifier", "in": "path", "name": "poolId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateOrgAgentPoolRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PatchOrgAgentPoolResponse" } } }, "description": "OK" }, "403": { "description": "Forbidden" }, "404": { "description": "AgentPool" } }, "summary": "PatchOrgAgentPool", "tags": [ "Workflows", "DeploymentRunners" ] } }, "/api/orgs/{orgName}/ai/conversations": { "get": { "description": "Lists all Pulumi Copilot conversations across an entire organization.", "operationId": "ListOrgConversations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Page number for pagination", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Number of results per page", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListConversationsResponse" } } }, "description": "OK" } }, "summary": "ListOrgConversations", "tags": [ "AI" ] } }, "/api/orgs/{orgName}/ai/conversations/{userLogin}": { "get": { "description": "Lists all Pulumi Copilot conversations for a specific user within an organization.", "operationId": "ListConversations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } }, { "description": "Page number for pagination", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Number of results per page", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListConversationsResponse" } } }, "description": "OK" } }, "summary": "ListConversations", "tags": [ "AI" ] }, "post": { "description": "Creates a new Pulumi Copilot conversation for the specified user.", "operationId": "CreateConversation", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateConversationRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "409": { "description": "conversation id already registered" } }, "summary": "CreateConversation", "tags": [ "AI" ] } }, "/api/orgs/{orgName}/ai/conversations/{userLogin}/{conversationID}": { "get": { "description": "Retrieves the details and messages of a Pulumi Copilot conversation.", "operationId": "GetConversation", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } }, { "description": "The unique identifier of the Pulumi Copilot conversation", "in": "path", "name": "conversationID", "required": true, "schema": { "type": "string" } }, { "description": "Page number for pagination", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Number of results per page", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetConversationResponse" } } }, "description": "OK" }, "404": { "description": "conversation" } }, "summary": "GetConversation", "tags": [ "AI" ] }, "patch": { "description": "Updates properties of an existing Pulumi Copilot conversation.", "operationId": "PatchConversation", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } }, { "description": "The unique identifier of the Pulumi Copilot conversation", "in": "path", "name": "conversationID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PatchConversationRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "404": { "description": "conversation" } }, "summary": "PatchConversation", "tags": [ "AI" ] } }, "/api/orgs/{orgName}/ai/conversations/{userLogin}/{conversationID}/feedback": { "post": { "description": "Submits user feedback on a Pulumi Copilot conversation.", "operationId": "SubmitFeedback", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } }, { "description": "The unique identifier of the Pulumi Copilot conversation", "in": "path", "name": "conversationID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/FeedbackRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid feedbackKind. Only 'thumbsup' or 'thumbsdown' are allowed." } }, "summary": "SubmitFeedback", "tags": [ "AI" ] } }, "/api/orgs/{orgName}/ai/conversations/{userLogin}/{conversationID}/messages": { "post": { "description": "Appends a new message to an existing Pulumi Copilot conversation.", "operationId": "AppendMessageToConversation", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } }, { "description": "The unique identifier of the Pulumi Copilot conversation", "in": "path", "name": "conversationID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppendMessageToConversationRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid AI role. Only 'user' or 'assistant' are allowed." }, "404": { "description": "conversation" } }, "summary": "AppendMessageToConversation", "tags": [ "AI" ] } }, "/api/orgs/{orgName}/ai/conversations/{userLogin}/{conversationID}/programs/{programID}.zip": { "get": { "description": "Fetches a template program as a zip file.", "operationId": "FetchProgram", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } }, { "description": "The unique identifier of the Pulumi Copilot conversation", "in": "path", "name": "conversationID", "required": true, "schema": { "type": "string" } }, { "description": "The identifier of the generated template program to download", "in": "path", "name": "programID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "404": { "description": "conversation or program" } }, "summary": "FetchProgram", "tags": [ "AI" ] } }, "/api/orgs/{orgName}/auditlogs": { "get": { "description": "Lists audit log events for an organization. Either continuationToken or startTime is required. Supports filtering by event type and user.", "operationId": "ListAuditLogEventsHandlerV1", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Token for paginated result retrieval", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Upper bound of the query range (unix timestamp)", "in": "query", "name": "endTime", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter audit logs by event type", "in": "query", "name": "eventFilter", "schema": { "type": "string" } }, { "description": "Response format: 'json' (default)", "in": "query", "name": "format", "schema": { "type": "string" } }, { "description": "Returns entries older than this timestamp (unix timestamp)", "in": "query", "name": "startTime", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter audit logs by username", "in": "query", "name": "userFilter", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResponseAuditLogs" } } }, "description": "OK" }, "400": { "description": "invalid query params" }, "404": { "description": "user not found" } }, "summary": "ListAuditLogEventsHandlerV1", "tags": [ "Organizations", "AuditLogs" ] } }, "/api/orgs/{orgName}/auditlogs/export": { "get": { "description": "Exports audit log events for an organization in a downloadable format. Audit logs provide an immutable record of all user activity within the organization, including stack operations, member changes, and policy modifications. Results can be filtered by time range, event type, and user. Supported export formats are CSV and CEF (Common Event Format for SIEM integration). Pagination is supported via the continuationToken parameter.\n\n**Important:** This endpoint differs from other API endpoints:\n- The response is always **gzip compressed**. Use `--compressed` with curl or handle gzip decompression in your client.\n- The `Content-Type: application/json` response header is omitted.\n\nNote: In V1, startTime specifies the upper bound of the query range. Use the V2 endpoint for more intuitive time range semantics.", "operationId": "ExportAuditLogEventsHandlerV1", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Token for paginated result retrieval", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Upper bound of the query range (unix timestamp)", "in": "query", "name": "endTime", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter audit logs by event type", "in": "query", "name": "eventFilter", "schema": { "type": "string" } }, { "description": "Response format: 'cef' or 'csv' (defaults to csv)", "in": "query", "name": "format", "schema": { "type": "string" } }, { "description": "Returns entries older than this timestamp (unix timestamp)", "in": "query", "name": "startTime", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter audit logs by username", "in": "query", "name": "userFilter", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "text/plain": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Audit Logs is available only to organizations with an Enterprise subscription." }, "404": { "description": "user not found" } }, "summary": "ExportAuditLogEventsHandlerV1", "tags": [ "Organizations", "AuditLogs" ] } }, "/api/orgs/{orgName}/auditlogs/export/config": { "delete": { "description": "DeleteAuditLogExportConfiguration removes an organization's audit log export settings.\nSkip feature validation so removal can happen if org no longer has access to feature.", "operationId": "DeleteAuditLogExportConfiguration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Organization has not configured audit log export." } }, "summary": "DeleteAuditLogExportConfiguration", "tags": [ "Organizations", "AuditLogs" ] }, "get": { "description": "GetAuditLogExportConfiguration returns the organization's current audit log export configuration.\nIf the organization has not configured its audit logs for export, returns a 404.", "operationId": "GetAuditLogExportConfiguration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrganizationAuditLogExportSettings" } } }, "description": "OK" }, "404": { "description": "Audit log export configuration" } }, "summary": "GetAuditLogExportConfiguration", "tags": [ "Organizations", "AuditLogs" ] }, "post": { "description": "Creates or updates the organization's automated audit log export configuration. Audit log export enables automatic delivery of audit events to an S3 bucket for long-term retention and SIEM integration. The configuration includes the S3 bucket details and IAM role for authentication. This feature is available on Business Critical edition.", "operationId": "UpdateAuditLogExportConfiguration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateOrganizationAuditLogExportSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Audit log export is not available for this organization." } }, "summary": "UpdateAuditLogExportConfiguration", "tags": [ "Organizations", "AuditLogs" ] } }, "/api/orgs/{orgName}/auditlogs/export/config/force": { "post": { "description": "ForceAuditLogExport exports the audit logs for the organization for a user-supplied timestamp.\nThis can be used to backfill data that may have been missed due to an outage or permissions issue.", "operationId": "ForceAuditLogExport", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Unix timestamp to export audit logs for (used for backfilling missed data)", "in": "query", "name": "timestamp", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuditLogExportResult" } } }, "description": "OK" }, "400": { "description": "Audit log export is not available for this organization." }, "404": { "description": "Audit log export configuration" } }, "summary": "ForceAuditLogExport", "tags": [ "Organizations", "AuditLogs" ] } }, "/api/orgs/{orgName}/auditlogs/export/config/test": { "post": { "description": "TestAuditLogExportConfiguration uses the provided audit log configuration and\nchecks if we are able to successfully write some data.", "operationId": "TestAuditLogExportConfiguration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuditLogsExportS3Config" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuditLogExportResult" } } }, "description": "OK" }, "400": { "description": "Audit log export is not available for this organization." } }, "summary": "TestAuditLogExportConfiguration", "tags": [ "Organizations", "AuditLogs" ] } }, "/api/orgs/{orgName}/auditlogs/reader-kind": { "get": { "description": "GetAuditLogsReaderKind returns whether the audit log is being read\nfrom MySQL or DynamoDB to control the event filtering UI on the front end.", "operationId": "GetAuditLogsReaderKind", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "string" } } }, "description": "OK" } }, "summary": "GetAuditLogsReaderKind", "tags": [ "Organizations", "AuditLogs" ] } }, "/api/orgs/{orgName}/auditlogs/v2": { "get": { "description": "Lists audit log events for an organization. Uses startTime as the lower bound and endTime as the upper bound of the query range. Supports filtering by event type and user.", "operationId": "ListAuditLogEventsHandlerV2", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Token for paginated result retrieval", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Upper bound of the query range (unix timestamp)", "in": "query", "name": "endTime", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter audit logs by event type", "in": "query", "name": "eventFilter", "schema": { "type": "string" } }, { "description": "Response format: 'json' (default)", "in": "query", "name": "format", "schema": { "type": "string" } }, { "description": "Lower bound of the query range (unix timestamp)", "in": "query", "name": "startTime", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter audit logs by username", "in": "query", "name": "userFilter", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResponseAuditLogs" } } }, "description": "OK" }, "400": { "description": "invalid query params" }, "404": { "description": "user not found" } }, "summary": "ListAuditLogEventsHandlerV2", "tags": [ "Organizations", "AuditLogs" ] } }, "/api/orgs/{orgName}/auditlogs/v2/export": { "get": { "description": "Exports audit log events in a downloadable format (CSV or CEF). Supports filtering by time range using startTime (lower bound) and endTime (upper bound), as well as filtering by event type and user.", "operationId": "ExportAuditLogEventsHandlerV2", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Token for paginated result retrieval", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Upper bound of the query range (unix timestamp)", "in": "query", "name": "endTime", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter audit logs by event type", "in": "query", "name": "eventFilter", "schema": { "type": "string" } }, { "description": "Response format: 'cef' or 'csv' (defaults to csv)", "in": "query", "name": "format", "schema": { "type": "string" } }, { "description": "Lower bound of the query range (unix timestamp)", "in": "query", "name": "startTime", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter audit logs by username", "in": "query", "name": "userFilter", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "text/plain": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Audit Logs is available only to organizations with an Enterprise subscription." }, "404": { "description": "user not found" } }, "summary": "ExportAuditLogEventsHandlerV2", "tags": [ "Organizations", "AuditLogs" ] } }, "/api/orgs/{orgName}/auth/policies/oidcissuers/{issuerId}": { "get": { "description": "Returns the authentication policy associated with a specific OIDC issuer registration. Authentication policies define rules for how OIDC tokens from the issuer are validated and what access they grant, including claim mappings and trust conditions.", "operationId": "GetAuthPolicy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The OIDC issuer identifier", "in": "path", "name": "issuerId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthPolicy" } } }, "description": "OK" }, "400": { "description": "Invalid issuer ID" } }, "summary": "GetAuthPolicy", "tags": [ "Organizations", "OidcIssuers" ] } }, "/api/orgs/{orgName}/auth/policies/{policyId}": { "patch": { "description": "Updates an authentication policy for an organization. Authentication policies define rules for how OIDC tokens are validated and what access they grant, including claim mappings, trust conditions, and role assignments. The policy definition cannot be empty.\n\nThe request body contains a `policies` array where each policy object includes:\n- `decision`: `allow` or `deny`\n- `tokenType`: `organization`, `team`, `personal`, or `runner`\n- `teamName`: required when tokenType is `team`\n- `userLogin`: required when tokenType is `personal`\n- `runnerID`: required when tokenType is `runner`\n- `authorizedPermissions`: array of permissions (only `admin` is supported for organization tokens)\n- `rules`: object defining claim-matching rules for the token\n\nFor more information about authorization rules, refer to the [OIDC authorization policies documentation](https://www.pulumi.com/docs/pulumi-cloud/access-management/oidc/client/#configure-the-authorization-policies).", "operationId": "UpdateAuthPolicy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy identifier", "in": "path", "name": "policyId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthPolicyUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AuthPolicy" } } }, "description": "OK" }, "400": { "description": "policy definition can not be empty" } }, "summary": "UpdateAuthPolicy", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/bulk-transfer/stacks": { "post": { "description": "TransferAllStacks transfers all active stacks from one org to another, where deleted stacks\nwill be skipped/ignored. We are currently constraining usage of this function to organizations\nwith less than or equal to TransferAllStacksMax stacks.\n\nNOTE: This operation will lock the organization while the transfer is in-progress, to\nrewrite all checkpoint files that use service-managed secrets. This means that the\norganization will be read-only and no stack updates can begin until the rename process\nhas completed.", "operationId": "TransferAllStacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TransferAllStacksRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "type": "string" } } }, "description": "OK" } }, "summary": "TransferAllStacks", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/cmk": { "get": { "description": "Returns all customer managed keys (CMK) configured for an organization, including their key identifiers, cloud provider details, enabled status, and which key is set as the default for new stacks.", "operationId": "ListOrganizationKeys", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/CustomerManagedKey" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "ListOrganizationKeys", "tags": [ "Organizations" ] }, "post": { "description": "Creates a new customer managed key (CMK) for an organization, allowing the organization to use their own encryption keys for securing secrets stored in Pulumi Cloud. The key must be a valid cloud provider key (e.g., AWS KMS). Once created, the key can be set as the default encryption key for all new stacks in the organization.", "operationId": "CreateOrganizationKey", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CustomerManagedKeyInput" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CustomerManagedKey" } } }, "description": "Created" }, "400": { "description": "Invalid key provided" } }, "summary": "CreateOrganizationKey", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/cmk/disable": { "post": { "description": "Disables all customer managed keys (CMK) for an organization, reverting to Pulumi-managed encryption for secrets. After disabling, new stacks will use the default Pulumi-managed encryption rather than customer-provided keys.", "operationId": "DisableAllOrganizationKeys", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "Organization does not have customer managed keys" } }, "summary": "DisableAllOrganizationKeys", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/cmk/migration": { "get": { "description": "Returns all key encryption key (KEK) migrations for an organization. KEK migrations track the process of re-encrypting secrets when rotating customer managed keys. Each migration record includes the source and destination keys, status, and any errors encountered during the migration process.", "operationId": "ListOrganizationKeyMigrations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/KeyEncryptionKeyMigration" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "ListOrganizationKeyMigrations", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/cmk/migration/retry": { "post": { "description": "Retries any failed key encryption key (KEK) migrations for an organization. KEK migrations can fail due to transient errors when re-encrypting secrets during customer managed key rotation. This endpoint re-attempts the failed migrations without restarting the entire process.", "operationId": "RetryOrganizationKeyMigrations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" } }, "summary": "RetryOrganizationKeyMigrations", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/cmk/{keyID}/default": { "post": { "description": "Sets a customer managed key as the default encryption key for the organization. New stacks created in the organization will use this key for encrypting secrets by default. The key must already be created and enabled for the organization.", "operationId": "SetDefaultOrganizationKey", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The key identifier", "in": "path", "name": "keyID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "404": { "description": "Organization or Key not found" } }, "summary": "SetDefaultOrganizationKey", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/cmk/{keyID}/disable": { "post": { "description": "Disables a specific customer managed key (CMK) for an organization. The key can no longer be used for encrypting new secrets, but existing secrets encrypted with this key remain accessible.", "operationId": "DisableOrganizationKey", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The key identifier", "in": "path", "name": "keyID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DisableCustomerManagedKeyRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "Invalid key provided" }, "404": { "description": "Organization or Key not found" } }, "summary": "DisableOrganizationKey", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/deployments": { "get": { "description": "Returns a paginated list of all Pulumi Deployments executions across an organization, filtered to only include deployments for stacks the requesting user has access to. The response includes each deployment's ID, status, version, creation time, the requesting user, project and stack names, Pulumi operation type, job details, and associated update results. Use 'page' (minimum 1, default 1) and 'pageSize' (1-100, default 10) for pagination, 'sort' to specify the sort field, and 'asc' to control sort direction (default descending). The response also includes the total count of matching deployments.", "operationId": "ListOrgDeployments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Sort in ascending order when true (default false)", "in": "query", "name": "asc", "schema": { "type": "boolean" } }, { "description": "Page number (min 1, default 1)", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Results per page (1-100, default 10)", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } }, { "description": "Field to sort results by", "in": "query", "name": "sort", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListDeploymentResponseV2" } } }, "description": "OK" }, "400": { "description": "Invalid query parameter" }, "404": { "description": "Run" } }, "summary": "ListOrgDeployments", "tags": [ "Deployments" ] } }, "/api/orgs/{orgName}/deployments/metadata": { "get": { "description": "Returns metadata about the organization's Pulumi Deployments state. The response includes the overall pause status, a list of individually paused stacks (as stack references like `project/stack`), the configured concurrency limit (maximum number of concurrent deployments), and deployment counts broken down by status (`notStarted`, `accepted`, `running`, `failed`, `succeeded`, `skipped`, and `total`). This endpoint is useful for monitoring deployment health and capacity across an organization.", "operationId": "OrgDeploymentsMetadata", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrgDeploymentsMetadataResponse" } } }, "description": "OK" } }, "summary": "OrgDeploymentsMetadata", "tags": [ "Deployments" ] } }, "/api/orgs/{orgName}/deployments/pause": { "post": { "description": "Pauses all future Pulumi Deployments executions across an entire organization. While paused, new deployments can still be queued and currently executing deployments will continue to run to completion. However, queued deployments will not be picked up for execution until deployments are resumed. This provides a safety mechanism to temporarily halt all deployment activity across the organization, for example during maintenance windows or incident response. Requires organization administrator permissions. Use the ResumeOrgDeployments endpoint to resume processing.", "operationId": "PauseOrgDeployments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" } }, "summary": "PauseOrgDeployments", "tags": [ "Deployments" ] } }, "/api/orgs/{orgName}/deployments/resume": { "post": { "description": "Resumes Pulumi Deployments executions for an organization that was previously paused via PauseOrgDeployments. Any queued deployments that accumulated while the organization was paused will begin processing according to the organization's concurrency limits. Requires organization administrator permissions.", "operationId": "ResumeOrgDeployments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" } }, "summary": "ResumeOrgDeployments", "tags": [ "Deployments" ] } }, "/api/orgs/{orgName}/deployments/summary": { "get": { "description": "Retrieves a summary of Pulumi Deployments compute usage (deployment minutes) for an organization. The response provides aggregated deployment minute consumption over the specified time period. Use the 'granularity' parameter to control time bucketing (e.g. 'daily' or 'hourly'), and either 'lookbackDays' (number of days from the current date) or 'lookbackStart' (a Unix timestamp) to define the reporting window. Returns 204 No Content if no usage data is available for the specified period.", "operationId": "GetUsageSummaryDeployCompute", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Time granularity for the summary (e.g. 'daily', 'hourly')", "in": "query", "name": "granularity", "schema": { "type": "string" } }, { "description": "Number of days to look back from the current date", "in": "query", "name": "lookbackDays", "schema": { "format": "int64", "type": "integer" } }, { "description": "Start of the lookback period (Unix timestamp)", "in": "query", "name": "lookbackStart", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetResourceCountSummaryResponse" } } }, "description": "OK" }, "204": { "description": "No Content" }, "400": { "description": "Bad granularity value or invalid lookbackDays/lookbackStart parameter" } }, "summary": "GetUsageSummaryDeployCompute", "tags": [ "Deployments" ] } }, "/api/orgs/{orgName}/deployments/usagereport": { "get": { "description": "Retrieves raw deployment usage records for self-hosted Pulumi Cloud customers to self-report deployment consumption. Returns aggregated deployment usage records for the specified organization. The 'lookbackDays' query parameter controls how far back in time to retrieve records. This endpoint is primarily used by self-hosted customers for usage reporting and billing reconciliation purposes.", "operationId": "GetDeployUsageReport", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Number of days to look back", "in": "query", "name": "lookbackDays", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/UsageRecord" }, "type": "array" } } }, "description": "successful operation" }, "400": { "description": "Invalid query parameter" } }, "summary": "GetDeployUsageReport", "tags": [ "Deployments" ] } }, "/api/orgs/{orgName}/discovered-resources/summary": { "get": { "description": "GetUsageSummaryDiscoveredResourceHours handles request to fetch the summary\nof discovered resources for an organization.", "operationId": "GetUsageSummaryDiscoveredResourceHours", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Time granularity for aggregation (e.g., 'hourly', 'daily', 'monthly')", "in": "query", "name": "granularity", "schema": { "type": "string" } }, { "description": "Number of days to look back from the current time or lookbackStart", "in": "query", "name": "lookbackDays", "schema": { "format": "int64", "type": "integer" } }, { "description": "Unix timestamp for the start of the lookback period (defaults to current time if omitted)", "in": "query", "name": "lookbackStart", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetResourceCountSummaryResponse" } } }, "description": "OK" }, "204": { "description": "No Content" } }, "summary": "GetUsageSummaryDiscoveredResourceHours", "tags": [ "Organizations", "ResourcesUnderManagement" ] } }, "/api/orgs/{orgName}/hooks": { "get": { "description": "Returns all webhooks configured at the organization level. Each webhook in the response includes its name, destination URL, format (generic JSON, Slack, or Microsoft Teams), active status, and subscribed event filters. Organization-level webhooks can fire on stack lifecycle events, deployment events, drift detection events, and policy violation events.", "operationId": "ListWebhooks_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/WebhookResponse" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "ListWebhooks", "tags": [ "Organizations", "Webhooks" ] }, "post": { "description": "Creates a new webhook for an organization to notify external services when events occur. Webhooks can be configured to fire on stack events (created, deleted, update succeeded/failed), deployment events (queued, started, succeeded, failed), drift detection events, and policy violation events (mandatory, advisory).\n\nThe `format` field accepts: `raw` (default), `slack`, `ms_teams`, or `pulumi_deployments`.\n\nThe `filters` field accepts a list of event types to subscribe to. See the [webhook event filtering documentation](https://www.pulumi.com/docs/pulumi-cloud/webhooks/#event-filtering) for available filters.\n\nThe optional `secret` field sets the HMAC key for signature verification via the `Pulumi-Webhook-Signature` header. See the [webhook headers documentation](https://www.pulumi.com/docs/pulumi-cloud/webhooks/#headers) for details.", "operationId": "CreateWebhook_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "Created" }, "400": { "description": "Organization name from request body doesn't match URL." }, "409": { "description": "Webhook with this name already exists" } }, "summary": "CreateWebhook", "tags": [ "Organizations", "Webhooks" ] } }, "/api/orgs/{orgName}/hooks/{hookName}": { "delete": { "description": "Permanently deletes an organization-level webhook. The webhook will no longer receive event notifications for stack updates, deployments, drift detection, or policy violations. This action cannot be undone.", "operationId": "DeleteWebhook_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name identifier", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeleteWebhook", "tags": [ "Organizations", "Webhooks" ] }, "get": { "description": "Returns the configuration of a specific organization-level webhook, including its name, destination URL, format (generic JSON, Slack, or Microsoft Teams), active status, event filter subscriptions, and whether a shared secret is configured for HMAC signature verification.", "operationId": "GetWebhook_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name identifier", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "GetWebhook", "tags": [ "Organizations", "Webhooks" ] }, "patch": { "description": "Updates an existing organization-level webhook's configuration, including its destination URL, format, active status, event filter subscriptions, and shared secret. The 'pulumi_deployments' format can only be used on stack or environment webhooks, not organization-level ones.", "operationId": "UpdateWebhook_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name identifier", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "OK" }, "400": { "description": "'pulumi_deployments' format can only be used on stack or environment webhooks." }, "404": { "description": "Webhook" } }, "summary": "UpdateWebhook", "tags": [ "Organizations", "Webhooks" ] } }, "/api/orgs/{orgName}/hooks/{hookName}/deliveries": { "get": { "description": "Returns the recent delivery history for a specific webhook, including the HTTP status code, response time, request payload, and delivery timestamp for each attempt. This allows monitoring webhook health and diagnosing delivery failures. Each delivery includes a unique Pulumi-Webhook-ID.", "operationId": "GetWebhookDeliveries_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name identifier", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/WebhookDelivery" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "GetWebhookDeliveries", "tags": [ "Organizations", "Webhooks" ] } }, "/api/orgs/{orgName}/hooks/{hookName}/deliveries/{event}/redeliver": { "post": { "description": "RedeliverWebhookEvent will trigger the Pulumi Service to redeliver\na specific event to a webhook. For example, to resend an event that the\nhook failed to process the first time.", "operationId": "RedeliverWebhookEvent_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name identifier", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } }, { "description": "The event identifier to redeliver", "in": "path", "name": "event", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookDelivery" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "RedeliverWebhookEvent", "tags": [ "Organizations", "Webhooks" ] } }, "/api/orgs/{orgName}/hooks/{hookName}/ping": { "post": { "description": "PingWebhook sends a test ping to a webhook to validate it's working.\nThis function bypasses the message queue machinery and issues the request directly to the webhook.", "operationId": "PingWebhook_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name identifier", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookDelivery" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "PingWebhook", "tags": [ "Organizations", "Webhooks" ] } }, "/api/orgs/{orgName}/insights-scans/summary": { "get": { "description": "Returns a summary of Insights scan usage for an organization, grouped by the specified time granularity.", "operationId": "GetUsageSummaryInsightsScans", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Time granularity for grouping usage data. Valid values: 'hourly', 'daily', 'weekly', 'monthly', 'yearly'. Hourly granularity is limited to a 2-day lookback.", "in": "query", "name": "granularity", "schema": { "type": "string" } }, { "description": "Number of days to look back for usage data. Mutually exclusive with lookbackStart; exactly one must be provided.", "in": "query", "name": "lookbackDays", "schema": { "format": "int64", "type": "integer" } }, { "description": "Start of the lookback period as a Unix timestamp (seconds since epoch). Must be within the last year and in the past. Mutually exclusive with lookbackDays; exactly one must be provided.", "in": "query", "name": "lookbackStart", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetResourceCountSummaryResponse" } } }, "description": "OK" }, "204": { "description": "No Content" } }, "summary": "GetUsageSummaryInsightsScans", "tags": [ "Insights", "InsightsAccounts" ] } }, "/api/orgs/{orgName}/members": { "get": { "description": "ListOrganizationMembers lists the members of an organization. This API unfortunately has two different\n\"modes\", returning either the organization's \"frontend members\" or \"backend members\".\n\n - A \"frontend member\" is data stored in the Pulumi Service's database. For organizations billed\n per-member, this is the set of members that are counted against the organization's seat cap.\n - A \"backend member\" is data stored in the organization's backend. (e.g. GitHub, GitLab, or for SAML\n orgs, also the Pulumi Service database.)\n\nThis isn't ideal, but is required so that the APIs can be paginated correctly while not returning any\nusers twice. (Which would be impossible in some cases.)", "operationId": "ListOrganizationMembers", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Token for paginated result retrieval", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Member type to list: 'frontend' for Pulumi Service members or 'backend' for organization backend members", "in": "query", "name": "type", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListOrganizationMembersResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" } }, "summary": "ListOrganizationMembers", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/members/{userLogin}": { "delete": { "description": "Removes a user from an organization. The removed user loses access to all organization resources including stacks, teams, and projects. The caller cannot remove themselves from the organization. The user is also removed from all teams they belong to within the organization.", "operationId": "DeleteOrganizationMember", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "You cannot remove yourself from the organization." }, "404": { "description": "User" } }, "summary": "DeleteOrganizationMember", "tags": [ "Organizations" ] }, "patch": { "description": "Modifies a user's role within an organization. Set `role` to assign a built-in role (`member`, `admin`, or `billingManager`), or set `fgaRoleId` to assign a custom role. If both are provided, `fgaRoleId` takes precedence.", "operationId": "UpdateOrganizationMember", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateOrganizationMemberRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid parameter 'roleID'." }, "404": { "description": "User" } }, "summary": "UpdateOrganizationMember", "tags": [ "Organizations" ] }, "post": { "description": "Adds an existing Pulumi user to an organization with a built-in role. **Important:** The user must have already signed up for a Pulumi account before they can be added to an organization.\n\nThis endpoint only assigns built-in roles. To onboard a user with a custom role, use the organization invite flow (`BatchCreateOrgInviteEmail`) and set `roleId` on the invite — the custom role is applied when the user accepts. Alternatively, add the user here with a built-in role and then call `UpdateOrganizationMember` with `fgaRoleId` to reassign.\n\nReturns the newly created organization member record. Returns 409 if the user is already a member of the organization.", "operationId": "AddOrganizationMember", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AddOrganizationMemberRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrganizationMember" } } }, "description": "OK" }, "400": { "description": "Invalid organization role." }, "404": { "description": "User" }, "409": { "description": "User is already an organization member." } }, "summary": "AddOrganizationMember", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/members/{userLogin}/set-admin": { "post": { "description": "Promotes a member to administrator on organizations that are limited to a single admin. This endpoint is only valid for Team subscriptions (Team Starter and Team Growth) — it returns 400 on any other plan. On these plans, `UpdateOrganizationMember` cannot promote a member to admin, because doing so would require simultaneously demoting the current admin. This endpoint performs both changes atomically: the caller (who must be the current sole admin) is demoted to member and the target user is promoted to admin.\n\n**Note:** This endpoint operates on built-in roles only and does not integrate with custom roles.", "operationId": "SetSoleOrganizationAdmin", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Wrong API. Use the regular update Pulumi organization member endpoint instead." }, "404": { "description": "User" } }, "summary": "SetSoleOrganizationAdmin", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/metadata": { "get": { "description": "GetOrganizationMetadata returns metadata about the given organization. This is\ndesigned to be an inexpensive call.", "operationId": "GetOrganizationMetadata", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrganizationMetadata" } } }, "description": "OK" } }, "summary": "GetOrganizationMetadata", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/oidc/issuers": { "get": { "description": "Returns all OIDC issuer registrations for an organization. OIDC issuer registrations establish trust relationships with external identity providers (such as AWS, Azure, Google Cloud, or GitHub Actions) to enable token exchange for temporary Pulumi Cloud credentials. This eliminates the need for long-lived access tokens in CI/CD pipelines and deployment automation.", "operationId": "List_orgs_oidc_issuers", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListOidcIssuersResponse" } } }, "description": "OK" } }, "summary": "List", "tags": [ "Organizations", "OidcIssuers" ] }, "post": { "description": "Registers a new OIDC issuer for an organization, establishing a trust relationship with an external identity provider. Once registered, the identity provider can issue signed, short-lived tokens that are exchanged for temporary Pulumi Cloud credentials during deployments. This eliminates the need to store long-lived access tokens. Supported providers include AWS, Azure, Google Cloud, GitHub Actions, and any OIDC-compliant identity provider. The request must include the issuer URL, and the service will fetch the provider's public signing keys to verify token authenticity.", "operationId": "RegisterOidcIssuer", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIssuerRegistrationRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIssuerRegistrationResponse" } } }, "description": "OK" }, "400": { "description": "metadata object store endpoint is not configured" } }, "summary": "RegisterOidcIssuer", "tags": [ "Organizations", "OidcIssuers" ] } }, "/api/orgs/{orgName}/oidc/issuers/{issuerId}": { "delete": { "description": "Deletes an OIDC issuer registration from an organization, removing the trust relationship between the organization and the identity provider. After deletion, tokens issued by this provider can no longer be exchanged for temporary Pulumi Cloud credentials. Any deployments or automation relying on this OIDC issuer for authentication will stop working.", "operationId": "DeleteOidcIssuer", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The OIDC issuer identifier", "in": "path", "name": "issuerId", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "oidc issuer" } }, "summary": "DeleteOidcIssuer", "tags": [ "Organizations", "OidcIssuers" ] }, "get": { "description": "Returns the details of a specific OIDC issuer registration, including the issuer URL, audience restrictions, TLS thumbprints, and trust policy configuration. OIDC issuer registrations establish trust relationships between the organization and external identity providers, enabling token exchange for temporary Pulumi Cloud credentials without storing long-lived secrets.", "operationId": "GetOidcIssuer", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The OIDC issuer identifier", "in": "path", "name": "issuerId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIssuerRegistrationResponse" } } }, "description": "OK" }, "404": { "description": "oidc issuer" } }, "summary": "GetOidcIssuer", "tags": [ "Organizations", "OidcIssuers" ] }, "patch": { "description": "Updates an existing OIDC issuer registration for an organization. This can be used to modify the issuer name, audience restrictions, trust policies, or other configuration. The issuer URL itself cannot be changed after creation. The issuer name is required in the update request.", "operationId": "UpdateOidcIssuer", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The OIDC issuer identifier", "in": "path", "name": "issuerId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIssuerUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIssuerRegistrationResponse" } } }, "description": "OK" }, "400": { "description": "the issuer name is required" }, "404": { "description": "oidc issuer" } }, "summary": "UpdateOidcIssuer", "tags": [ "Organizations", "OidcIssuers" ] } }, "/api/orgs/{orgName}/oidc/issuers/{issuerId}/regenerate-thumbprints": { "post": { "description": "Regenerates the TLS certificate thumbprints for an OIDC issuer by re-fetching the issuer's public keys. This is needed when the identity provider rotates its TLS certificates. Cannot be used if the issuer's JWKS are statically configured.", "operationId": "RegenerateThumbprints", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The OIDC issuer identifier", "in": "path", "name": "issuerId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OidcIssuerRegistrationResponse" } } }, "description": "OK" }, "400": { "description": "issuer jwks are statically configured, can't regenerate thumbprints" }, "404": { "description": "oidc issuer" } }, "summary": "RegenerateThumbprints", "tags": [ "Organizations", "OidcIssuers" ] } }, "/api/orgs/{orgName}/packages/usage": { "get": { "description": "Returns the stacks within an organization that use a specific Pulumi package, helping track package adoption and identify affected stacks when planning package upgrades or deprecations.", "operationId": "GetPackageUsedByStacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The continuation token", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Maximum number of results to return per page. Defaults to 100, maximum 500.", "in": "query", "name": "limit", "schema": { "format": "int64", "type": "integer" } }, { "description": "The package name", "in": "query", "name": "packageName", "schema": { "type": "string" } }, { "description": "Filter to stacks using this specific version. If omitted, returns stacks using any version.", "in": "query", "name": "version", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PackageUsageResponse" } } }, "description": "OK" }, "400": { "description": "missing required query param: packageName" }, "404": { "description": "Package or organization not found" } }, "summary": "GetPackageUsedByStacks", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/policygroups": { "get": { "description": "Returns a list of all Policy Groups for the organization. Policy Groups define which Policy Packs are enforced on which stacks, with configurable enforcement levels (advisory, mandatory, or disabled) per pack. Every organization has a default Policy Group, and additional groups can be created to apply different policy sets to different environments (e.g., stricter enforcement in production).", "operationId": "ListPolicyGroups", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppListPolicyGroupsResponse" } } }, "description": "OK" }, "404": { "description": "Organization not found" } }, "summary": "ListPolicyGroups", "tags": [ "Organizations", "PolicyGroups" ] }, "post": { "description": "Creates a new Policy Group for an organization. Policy Groups define which Policy Packs are enforced on which stacks or cloud accounts, with configurable enforcement levels (advisory, mandatory, or disabled) per pack. This allows different policy strictness for different environments, such as advisory-only in development and mandatory in production.", "operationId": "NewPolicyGroup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/NewPolicyGroupRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid entity type or invalid Policy Group name" }, "404": { "description": "Organization not found" }, "409": { "description": "Policy Group already exists" } }, "summary": "NewPolicyGroup", "tags": [ "Organizations", "PolicyGroups" ] } }, "/api/orgs/{orgName}/policygroups/metadata": { "get": { "description": "Returns high-level policy protection metrics for an organization, including the number of stacks protected by policy enforcement, the total number of Policy Groups, and overall policy coverage statistics.", "operationId": "GetPolicyGroupMetadata", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PolicyGroupMetadata" } } }, "description": "OK" }, "404": { "description": "Organization not found" } }, "summary": "GetPolicyGroupMetadata", "tags": [ "Organizations", "PolicyGroups" ] } }, "/api/orgs/{orgName}/policygroups/{policyGroup}": { "delete": { "description": "Deletes a Policy Group from an organization. A Policy Group defines which Policy Packs are enforced on which stacks, with configurable enforcement levels (advisory, mandatory, or disabled) per pack. The organization's default Policy Group cannot be deleted. Deleting a Policy Group removes all policy enforcement associations for the stacks that were assigned to it.", "operationId": "DeletePolicyGroup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy group name", "in": "path", "name": "policyGroup", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Cannot delete the default Policy Group" }, "404": { "description": "Organization or Policy Group not found" } }, "summary": "DeletePolicyGroup", "tags": [ "Organizations", "PolicyGroups" ] }, "get": { "description": "Returns the details of a specific Policy Group, including the list of Policy Packs applied to it and their enforcement levels (advisory, mandatory, or disabled), as well as the stacks or cloud accounts assigned to the group. Policy Groups enable targeted policy enforcement by associating sets of policies with specific infrastructure resources.", "operationId": "GetPolicyGroup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy group name", "in": "path", "name": "policyGroup", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PolicyGroup" } } }, "description": "OK" }, "404": { "description": "Organization or Policy Group not found" } }, "summary": "GetPolicyGroup", "tags": [ "Organizations", "PolicyGroups" ] }, "patch": { "description": "Updates a Policy Group's configuration. This multi-purpose endpoint supports several operations in a single request via different body fields:\n\n- `newName`: rename the policy group\n- `addStack` / `removeStack`: add or remove stacks (with `name` and `routingProject` fields)\n- `addPolicyPack` / `removePolicyPack`: add or remove policy packs (with `name`, `version`, `versionTag`, and optional `config`)\n- `addInsightsAccount` / `removeInsightsAccount`: add or remove Insights accounts\n\nEnforcement levels for policy packs are `advisory`, `mandatory`, or `disabled`.", "operationId": "UpdatePolicyGroup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy group name", "in": "path", "name": "policyGroup", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdatePolicyGroupRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Bad Request" }, "404": { "description": "Organization, Policy Group, Stack, Account, or Policy Pack not found" } }, "summary": "UpdatePolicyGroup", "tags": [ "Organizations", "PolicyGroups" ] } }, "/api/orgs/{orgName}/policygroups/{policyGroup}/batch": { "patch": { "description": "BatchUpdatePolicyGroup applies multiple update operations to the Policy Group efficiently. Each operation in the list uses the same fields as UpdatePolicyGroupRequest. Operations are grouped by type (adds, removes) and processed in batches for efficiency.", "operationId": "BatchUpdatePolicyGroup", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy group name", "in": "path", "name": "policyGroup", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/UpdatePolicyGroupRequest" }, "type": "array" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Bad Request" }, "404": { "description": "Organization, Policy Group, Stack, Account, or Policy Pack not found" } }, "summary": "BatchUpdatePolicyGroup", "tags": [ "Organizations", "PolicyGroups" ] } }, "/api/orgs/{orgName}/policypacks": { "get": { "description": "ListPolicyPacks returns a list of all complete Policy Packs for the organization.\nIf the `policypack` query parameter is set, it will only list the policy\npacks with the specified name.", "operationId": "ListPolicyPacks_orgs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "query", "name": "policypack", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppListPolicyPacksResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" } }, "summary": "ListPolicyPacks", "tags": [ "Organizations", "PolicyPacks" ] }, "post": { "description": "Creates a new Policy Pack for an organization. A Policy Pack is a versioned collection of related policies that validate infrastructure configuration during deployments. Policies can enforce rules such as requiring encryption on storage buckets or prohibiting public access to databases. The pack must contain at least one policy. Once created, the pack can be applied to Policy Groups to enforce rules on specific stacks with configurable enforcement levels (advisory, mandatory, or disabled).", "operationId": "CreatePolicyPack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCreatePolicyPackRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCreatePolicyPackResponse" } } }, "description": "Created" }, "400": { "description": "Policy Pack must have at least one policy." } }, "summary": "CreatePolicyPack", "tags": [ "Organizations", "PolicyPacks" ] } }, "/api/orgs/{orgName}/policypacks/{policyPackName}": { "delete": { "description": "DeletePolicyPack deletes all versions of a Policy Pack, the associated\npacks stored in S3, and any applied versions of the Policy Packs.", "operationId": "DeletePolicyPack_orgs_policypacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "policyPackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "Cannot delete an enabled Policy Pack" }, "404": { "description": "Policy Pack" } }, "summary": "DeletePolicyPack", "tags": [ "Organizations", "PolicyPacks" ] } }, "/api/orgs/{orgName}/policypacks/{policyPackName}/versions/{version}": { "delete": { "description": "DeletePolicyPackVersion deletes a specific version of a Policy Pack and deletes\nthe associated pack stored in S3. A Policy Pack must be unapplied to be deleted.", "operationId": "DeletePolicyPackVersion", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "policyPackName", "required": true, "schema": { "type": "string" } }, { "description": "The version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "Cannot delete external policy packs" }, "404": { "description": "Organization or Policy Pack not found" }, "409": { "description": "Cannot delete a Policy Pack that is applied to Policy Groups" } }, "summary": "DeletePolicyPackVersion", "tags": [ "Organizations", "PolicyPacks" ] }, "get": { "description": "Returns the metadata and list of individual policies for a specific version of a Policy Pack. Each policy includes its name, description, enforcement level (advisory, mandatory, or disabled), and configuration schema. Returns 400 if the Policy Pack version is not yet complete (still being uploaded), or 404 if the organization or pack is not found.", "operationId": "GetPolicyPack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "policyPackName", "required": true, "schema": { "type": "string" } }, { "description": "The version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppGetPolicyPackResponse" } } }, "description": "OK" }, "400": { "description": "Cannot get incomplete Policy Pack" }, "404": { "description": "Organization or Policy Pack not found" } }, "summary": "GetPolicyPack", "tags": [ "Organizations", "PolicyPacks" ] } }, "/api/orgs/{orgName}/policypacks/{policyPackName}/versions/{version}/complete": { "post": { "description": "Transitions the publish status of a specific Policy Pack version to 'complete', making it available for enforcement. Policy Packs go through a multi-step publish process: first the pack content is uploaded, then this endpoint is called to finalize publication. Returns 400 if the pack is already complete.", "operationId": "CompletePolicyPack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "policyPackName", "required": true, "schema": { "type": "string" } }, { "description": "The version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Policy Pack is already complete" }, "404": { "description": "Organization or Policy Pack not found" } }, "summary": "CompletePolicyPack", "tags": [ "Organizations", "PolicyPacks" ] } }, "/api/orgs/{orgName}/policypacks/{policyPackName}/versions/{version}/schema": { "get": { "description": "Returns the JSON configuration schema for a specific version of a Policy Pack. The schema defines the configurable parameters for each policy in the pack, including allowed values, defaults, and validation rules. Policy Groups use this schema to configure policy behavior when assigning packs to stacks.", "operationId": "GetPolicyPackConfigSchema", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "policyPackName", "required": true, "schema": { "type": "string" } }, { "description": "The version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppGetPolicyPackConfigSchemaResponse" } } }, "description": "OK" }, "400": { "description": "Policy as code feature not enabled" }, "404": { "description": "Organization or Policy Pack not found" } }, "summary": "GetPolicyPackConfigSchema", "tags": [ "Organizations", "PolicyPacks" ] } }, "/api/orgs/{orgName}/policyresults/compliance": { "post": { "description": "Returns compliance results for policy issues grouped by entity. The grouping can be by stack, cloud account, or severity, providing different views of the organization's policy compliance posture. This powers the compliance dashboard in the Pulumi Cloud console.", "operationId": "GetPolicyComplianceResults", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetPolicyComplianceResultsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetPolicyComplianceResultsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid entity parameter. Must be 'stack', 'account', or 'severity'" }, "404": { "description": "Organization not found" } }, "summary": "GetPolicyComplianceResults", "tags": [ "Organizations", "PolicyResults" ] } }, "/api/orgs/{orgName}/policyresults/issues": { "post": { "description": "Returns all policy issues for an organization with support for pagination and advanced filtering via the grid request format. Policy issues represent violations detected by Policy Packs during stack updates or continuous compliance scans. Each issue includes the violating resource, policy details, enforcement level (advisory or mandatory), severity, and triage status.", "operationId": "ListPolicyIssues", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AngularGridGetRowsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPolicyIssuesResponse" } } }, "description": "OK" }, "400": { "description": "Invalid filter parameters" }, "404": { "description": "Organization not found" } }, "summary": "ListPolicyIssues", "tags": [ "Organizations", "PolicyResults" ] } }, "/api/orgs/{orgName}/policyresults/issues/export": { "post": { "description": "Exports policy issues for an organization to CSV format for offline analysis or reporting. Policy issues represent violations detected by Policy Packs during stack updates or continuous compliance scans. The export includes issue details such as the violating resource, policy name, enforcement level, and severity.", "operationId": "ExportPolicyIssues", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AngularGridGetRowsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "text/plain": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Invalid request parameters" }, "404": { "description": "Organization not found" } }, "summary": "ExportPolicyIssues", "tags": [ "Organizations", "PolicyResults" ] } }, "/api/orgs/{orgName}/policyresults/issues/filters": { "post": { "description": "Returns the available filter options for listing policy issues, such as policy pack names, enforcement levels, severity values, and resource types. This is used to populate filter dropdowns in the policy issues UI.", "operationId": "GetPolicyIssuesFilters", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PolicyIssueFiltersRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PolicyIssueFiltersResponse" } } }, "description": "OK" }, "400": { "description": "Field parameter is required" }, "404": { "description": "Organization not found" } }, "summary": "GetPolicyIssuesFilters", "tags": [ "Organizations", "PolicyResults" ] } }, "/api/orgs/{orgName}/policyresults/issues/{issueId}": { "get": { "description": "Returns the details of a specific policy issue, including the violating resource, the policy pack and policy name that flagged the violation, the enforcement level (advisory or mandatory), severity, and the current triage status of the issue.", "operationId": "GetPolicyIssue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The issue identifier", "in": "path", "name": "issueId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetPolicyIssueResponse" } } }, "description": "OK" }, "404": { "description": "Organization or Policy issue not found" } }, "summary": "GetPolicyIssue", "tags": [ "Organizations", "PolicyResults" ] }, "patch": { "description": "Updates a policy issue's triage status and other mutable fields. All body fields are optional — only provide the fields you want to update.\n\n- `status`: `open`, `in_progress`, `by_design`, `fixed`, or `ignored`\n- `priority`: `p0`, `p1`, `p2`, `p3`, or `p4`\n- `assignedTo`: username to assign the issue to, or `null` to unassign", "operationId": "UpdatePolicyIssue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The issue identifier", "in": "path", "name": "issueId", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdatePolicyIssueRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetPolicyIssueResponse" } } }, "description": "OK" }, "400": { "description": "Invalid input" }, "404": { "description": "Organization or Policy issue not found" } }, "summary": "UpdatePolicyIssue", "tags": [ "Organizations", "PolicyResults" ] } }, "/api/orgs/{orgName}/policyresults/metadata": { "get": { "description": "Returns high-level policy compliance statistics for an organization, including total violation counts, breakdown by severity and enforcement level, and trends over time. This provides an overview of the organization's policy compliance posture.", "operationId": "GetPolicyResultsMetadata", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PolicyResultsMetadata" } } }, "description": "OK" }, "404": { "description": "Organization not found" } }, "summary": "GetPolicyResultsMetadata", "tags": [ "Organizations", "PolicyResults" ] } }, "/api/orgs/{orgName}/policyresults/policies": { "post": { "description": "Returns policy compliance data grouped by policy pack and policy name, showing how many stacks are in compliance or violation for each individual policy rule. Supports pagination and filtering via the grid request format.", "operationId": "ListPoliciesCompliance", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AngularGridGetRowsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPoliciesComplianceResponse" } } }, "description": "OK" }, "400": { "description": "Invalid grid request parameters" }, "404": { "description": "Organization not found" } }, "summary": "ListPoliciesCompliance", "tags": [ "Organizations", "PolicyResults" ] } }, "/api/orgs/{orgName}/policyresults/violationsv2": { "get": { "deprecated": true, "description": "ListPolicyViolationsV2Handler gets all the policy violations for an org.\nDeprecated: Use /policyresults/issues", "operationId": "ListPolicyViolationsV2", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPolicyViolationsV2Response" } } }, "description": "OK" }, "404": { "description": "Organization not found" } }, "summary": "ListPolicyViolationsV2", "tags": [ "Organizations", "PolicyResults" ], "x-pulumi-route-property": { "Deprecated": true, "SupersededBy": "ListPolicyIssues", "Visibility": "Public" } } }, "/api/orgs/{orgName}/registry/policypacks/{policyPackName}": { "get": { "description": "Retrieves lightweight registry metadata for a policy pack (source/publisher/name) without loading detailed policy definitions.", "operationId": "GetOrgRegistryPolicyPack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "policyPackName", "required": true, "schema": { "type": "string" } }, { "description": "Version tag to retrieve (e.g., 'latest')", "in": "query", "name": "tag", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetRegistryPolicyPackVersionResponse" } } }, "description": "OK" }, "404": { "description": "Organization or Policy pack not found" } }, "summary": "GetOrgRegistryPolicyPack", "tags": [ "Organizations", "PolicyPacks" ] } }, "/api/orgs/{orgName}/resources/summary": { "get": { "description": "GetUsageSummaryResourceHours handles request to fetch the summary\nof resources under management (RUM) and resource hours under management\n(RHUM) for an organization.", "operationId": "GetUsageSummaryResourceHours", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Time granularity for aggregation (e.g., 'hourly', 'daily', 'monthly')", "in": "query", "name": "granularity", "schema": { "type": "string" } }, { "description": "Number of days to look back from the current time or lookbackStart", "in": "query", "name": "lookbackDays", "schema": { "format": "int64", "type": "integer" } }, { "description": "Unix timestamp for the start of the lookback period (defaults to current time if omitted)", "in": "query", "name": "lookbackStart", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetResourceCountSummaryResponse" } } }, "description": "OK" }, "204": { "description": "No Content" } }, "summary": "GetUsageSummaryResourceHours", "tags": [ "Organizations", "ResourcesUnderManagement" ] } }, "/api/orgs/{orgName}/restore-stack": { "get": { "description": "ListDeletedStacks returns the last 25 deleted stacks for a given org. It would be incredible to one day\nmerge this function with `ListOrganizationProjects` -- but that function is very bloated and not performant, so implementing\na lighter-weight handler focusing only on the most recently deleted stacks.", "operationId": "ListDeletedStacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListDeletedStacksResponse" } } }, "description": "OK" } }, "summary": "ListDeletedStacks", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/restore-stack/{programID}": { "post": { "description": "RestoreDeletedStack un-deletes a soft-deleted stack for the given programID\nif the organization has the restore stacks feature enabled.", "operationId": "RestoreDeletedStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The program identifier", "in": "path", "name": "programID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RestoreDeletedStackRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "404": { "description": "program" }, "409": { "description": "Stack with this name already exists" } }, "summary": "RestoreDeletedStack", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/roles": { "get": { "description": "Returns custom roles for an organization filtered by their UX purpose (e.g., 'organization', 'team', or 'token'). This allows the UI to display only the roles relevant to the current context, such as showing only organization-level roles when managing member access.", "operationId": "ListRolesByOrgIDAndUXPurpose", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Filter roles by their UX purpose (e.g., 'organization', 'team', 'token')", "in": "query", "name": "uxPurpose", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListRolesResponse" } } }, "description": "OK" }, "400": { "description": "Role purpose is not valid" } }, "summary": "ListRolesByOrgIDAndUXPurpose", "tags": [ "Organizations" ] }, "post": { "description": "Creates a new custom role for an organization. Custom roles define fine-grained permission sets that can be assigned to organization members and teams, enabling precise access control beyond the built-in admin and member roles. Optionally, an associated policy and role binding can be created alongside the role.", "operationId": "CreateRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Also create an associated policy and role binding alongside the role", "in": "query", "name": "createPolicyAndRole", "schema": { "type": "boolean" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PermissionDescriptorBase" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PermissionDescriptorRecord" } } }, "description": "OK" }, "400": { "description": "Invalid role references: referenced role or permission set ID does not exist or is empty" }, "409": { "description": "Role with this name already exists" } }, "summary": "CreateRole", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/roles/scopes": { "get": { "description": "Returns all available permission scopes that can be assigned to custom roles, organized by category (e.g., stacks, teams, organization settings). Each scope represents a specific action or capability that can be granted or denied.", "operationId": "ListAvailableScopes", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "additionalProperties": { "items": { "$ref": "#/components/schemas/RbacScopeGroup" }, "type": "array" }, "type": "object" } } }, "description": "successful operation" } }, "summary": "ListAvailableScopes", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/roles/{roleID}": { "delete": { "description": "Deletes a custom role from an organization. If the role is currently assigned to members or teams, deletion requires the force parameter. Deleting a role revokes the permissions it granted to any assigned members or teams.", "operationId": "DeleteRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } }, { "description": "Force deletion even if the role is currently assigned to members or teams", "in": "query", "name": "force", "schema": { "type": "boolean" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid query parameter" }, "404": { "description": "Role" } }, "summary": "DeleteRole", "tags": [ "Organizations" ] }, "get": { "description": "Returns the details of a specific custom role, including its name, description, and the set of permission scopes it grants. Custom roles enable fine-grained access control beyond the built-in admin and member roles.", "operationId": "GetRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PermissionDescriptorRecord" } } }, "description": "OK" } }, "summary": "GetRole", "tags": [ "Organizations" ] }, "patch": { "description": "Updates an existing custom role's name, description, or permission scopes. Changes take effect immediately for all members and teams assigned to the role.", "operationId": "UpdateRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateRoleRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PermissionDescriptorRecord" } } }, "description": "OK" }, "400": { "description": "Invalid role references: referenced role or permission set ID does not exist or is empty" }, "409": { "description": "Role with this name already exists" } }, "summary": "UpdateRole", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/roles/{roleID}/default": { "patch": { "description": "Sets the default custom role for the organization. New members who join the organization will be automatically assigned this role unless a different role is specified during the invitation process.", "operationId": "UpdateOrganizationDefaultRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid role type" } }, "summary": "UpdateOrganizationDefaultRole", "tags": [ "Organizations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/orgs/{orgName}/roles/{roleID}/teams": { "get": { "operationId": "ListTeamsWithRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListTeamsWithRoleResponse" } } }, "description": "OK" } }, "summary": "ListTeamsWithRole", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/roles/{roleID}/tokens": { "get": { "description": "Returns all organization tokens that have been assigned to a specific custom role. This helps administrators audit which tokens have particular permission levels and manage token-to-role assignments for least-privilege access.", "operationId": "ListOrgTokensWithRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAccessTokensResponse" } } }, "description": "OK" } }, "summary": "ListOrgTokensWithRole", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/roles/{roleID}/users": { "get": { "operationId": "ListUsersWithRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListUsersWithRoleResponse" } } }, "description": "OK" } }, "summary": "ListUsersWithRole", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/saml": { "get": { "description": "Returns the SAML configuration data for an organization, including the SSO endpoint URL, identity provider metadata, and SAML attribute mappings. SAML-backed organizations use an external identity provider for user authentication and can enforce single sign-on for all members.", "operationId": "GetSAMLOrganization", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SAMLOrganization" } } }, "description": "OK" } }, "summary": "GetSAMLOrganization", "tags": [ "Organizations" ] }, "patch": { "description": "Updates the SAML configuration for a SAML-backed organization, including the identity provider SSO descriptor, attribute mappings, and other SAML settings. The new IDP SSO descriptor is required in the update request.", "operationId": "UpdateSAMLOrganization", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateSAMLOrganizationRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SAMLOrganization" } } }, "description": "OK" }, "400": { "description": "NewIDPSSODescriptor is required." }, "404": { "description": "SAML Organization" } }, "summary": "UpdateSAMLOrganization", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/saml/admins": { "get": { "description": "ListSAMLOrganizationAdmins returns the list of SAML admins for an organization.\nWe currently only support one SAML admin per organization, where the SAML admin is\nthe user who onboarded the organization to SAML.", "operationId": "ListSAMLOrganizationAdmins", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListSAMLOrganizationAdminsResponse" } } }, "description": "OK" } }, "summary": "ListSAMLOrganizationAdmins", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/saml/admins/{userLogin}": { "post": { "description": "Updates the SAML admin for an organization. The SAML admin is the user who manages the SAML SSO configuration. Currently, each organization supports only one SAML admin (typically the user who onboarded the organization to SAML). The new admin must not belong to other organizations.", "operationId": "UpdateSAMLOrganizationAdmins", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The user login name", "in": "path", "name": "userLogin", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Requesting user belongs to other organizations" } }, "summary": "UpdateSAMLOrganizationAdmins", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/search": { "head": { "description": "Returns a 200 response if the search cluster is available and healthy, 404 otherwise. This is a lightweight health check used to determine whether resource search functionality is operational for the organization.", "operationId": "SearchClusterAvailable", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "boolean" } } }, "description": "OK" }, "404": { "description": "search cluster" } }, "summary": "SearchClusterAvailable", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/search/column-set": { "get": { "description": "Returns aggregation results for a given field in resource search, providing the unique values and counts for a specific field like 'type', 'package', or 'project'. This is used to populate filter dropdowns and faceted navigation in the resource search UI.", "operationId": "GetResourceColumnFilterSet", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The resource field to aggregate (e.g., 'type', 'package', 'project')", "in": "query", "name": "field", "schema": { "type": "string" } }, { "description": "Search query string", "in": "query", "name": "query", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "additionalProperties": { "$ref": "#/components/schemas/Aggregation" }, "type": "object" } } }, "description": "successful operation" }, "400": { "description": "missing field parameter" }, "422": { "description": "search cluster is unreachable" } }, "summary": "GetResourceColumnFilterSet", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/search/resources": { "get": { "deprecated": true, "description": "Searches for resources within an organization. Deprecated: use GetOrgResourceSearchV2Query for improved search functionality.", "operationId": "GetOrgResourceSearchQuery", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Collapse results to show one entry per stack instead of per resource", "in": "query", "name": "collapse", "schema": { "type": "boolean" } }, { "description": "Cursor for paginated results", "in": "query", "name": "cursor", "schema": { "type": "string" } }, { "description": "Facet filters to apply", "in": "query", "name": "facet", "schema": { "items": { "type": "string" }, "type": "array" } }, { "description": "Group results by this field", "in": "query", "name": "groupBy", "schema": { "type": "string" } }, { "description": "Page number for pagination", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Include resource properties in search results (may increase response size)", "in": "query", "name": "properties", "schema": { "type": "boolean" } }, { "description": "Search query string", "in": "query", "name": "query", "schema": { "type": "string" } }, { "description": "Number of results to return", "in": "query", "name": "size", "schema": { "format": "int64", "type": "integer" } }, { "description": "Sort order for results", "in": "query", "name": "sort", "schema": { "items": { "type": "string" }, "type": "array" } }, { "description": "Number of top aggregation buckets to return", "in": "query", "name": "top", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResourceSearchResult" } } }, "description": "OK" }, "400": { "description": "invalid groupBy field" }, "422": { "description": "search cluster is unreachable" } }, "summary": "GetOrgResourceSearchQuery", "tags": [ "Organizations", "ResourceSearch" ], "x-pulumi-route-property": { "Deprecated": true, "SupersededBy": "GetOrgResourceSearchV2Query", "Visibility": "Public" } } }, "/api/orgs/{orgName}/search/resources/dashboard": { "get": { "description": "GetResourceDashboardAggregations returns aggregated resource data for display on organization dashboard cards, including resource counts grouped by package and other dimensions.", "operationId": "GetResourceDashboardAggregations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResourceSearchResult" } } }, "description": "OK" }, "404": { "description": "Organization not found" }, "422": { "description": "search cluster is unreachable" } }, "summary": "GetResourceDashboardAggregations", "tags": [ "Organizations", "ResourceSearch" ] } }, "/api/orgs/{orgName}/search/resources/export": { "get": { "description": "ExportOrgResourceSearchQuery exports resource search results as a CSV file download. Supports the same query parameters as the standard resource search to filter results.", "operationId": "ExportOrgResourceSearchQuery", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Collapse results to show one entry per stack instead of per resource", "in": "query", "name": "collapse", "schema": { "type": "boolean" } }, { "description": "Cursor for paginated results", "in": "query", "name": "cursor", "schema": { "type": "string" } }, { "description": "Facet filters to apply", "in": "query", "name": "facet", "schema": { "items": { "type": "string" }, "type": "array" } }, { "description": "Page number for pagination", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Include resource properties in search results (may increase response size)", "in": "query", "name": "properties", "schema": { "type": "boolean" } }, { "description": "Search query string", "in": "query", "name": "query", "schema": { "type": "string" } }, { "description": "Number of results to return", "in": "query", "name": "size", "schema": { "format": "int64", "type": "integer" } }, { "description": "Sort order for results", "in": "query", "name": "sort", "schema": { "items": { "type": "string" }, "type": "array" } }, { "description": "Number of top aggregation buckets to return", "in": "query", "name": "top", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "text/plain": { "schema": { "type": "string" } } }, "description": "CSV file with exported resource data" }, "422": { "description": "search cluster is unreachable" } }, "summary": "ExportOrgResourceSearchQuery", "tags": [ "Organizations", "DataExport" ] } }, "/api/orgs/{orgName}/search/resources/parse": { "get": { "description": "GetNaturalLanguageQuery converts a natural language query into a structured Pulumi search query using AI. For example, converts 'show me all S3 buckets in production' into a proper search syntax.", "operationId": "GetNaturalLanguageQuery", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Search query string", "in": "query", "name": "query", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetNaturalLanguageQueryResponse" } } }, "description": "OK" }, "400": { "description": "please provide a query" }, "402": { "description": "AI assist feature requires Enterprise subscription" }, "404": { "description": "NLP search feature not enabled" }, "503": { "description": "AI services are temporarily unavailable" } }, "summary": "GetNaturalLanguageQuery", "tags": [ "Organizations", "ResourceSearch" ] } }, "/api/orgs/{orgName}/search/resourcesv2": { "get": { "description": "Searches for resources within an organization with advanced filtering, sorting, and pagination capabilities.\n\n**Pagination:** The `page` parameter supports up to 10,000 results. For larger result sets, use the `cursor` parameter instead (Enterprise plans only). Note that pagination is not transactional — result ordering may change if a stack update completes during pagination.\n\n**Sorting:** The `sort` parameter accepts: `created`, `custom`, `delete`, `dependencies`, `id`, `modified`, `module`, `name`, `package`, `parentUrn`, `project`, `protected`, `providerUrn`, `stack`, `type`, `urn`, `managed`, `category`. If omitted, results are sorted by search relevance (or last modified time when no query is provided).\n\n**Properties:** Set `properties=true` to include resource input/output values. Requires a supported subscription — returns 402 if not available.\n\n**Collapse:** Set `collapse=true` to consolidate resources that exist in multiple sources (e.g., both IaC stacks and Insights scans) into a single result.", "operationId": "GetOrgResourceSearchV2Query", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Sort in ascending order when true, descending when false", "in": "query", "name": "asc", "schema": { "type": "boolean" } }, { "description": "Collapse results to show one entry per stack instead of per resource", "in": "query", "name": "collapse", "schema": { "type": "boolean" } }, { "description": "Cursor for paginated results", "in": "query", "name": "cursor", "schema": { "type": "string" } }, { "description": "Facet filters to apply", "in": "query", "name": "facet", "schema": { "items": { "type": "string" }, "type": "array" } }, { "description": "Group results by this field", "in": "query", "name": "groupBy", "schema": { "type": "string" } }, { "description": "Page number for pagination", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Include resource properties in search results (may increase response size)", "in": "query", "name": "properties", "schema": { "type": "boolean" } }, { "description": "Search query string", "in": "query", "name": "query", "schema": { "type": "string" } }, { "description": "Number of results to return", "in": "query", "name": "size", "schema": { "format": "int64", "type": "integer" } }, { "description": "Sort order for results", "in": "query", "name": "sort", "schema": { "items": { "type": "string" }, "type": "array" } }, { "description": "Number of top aggregation buckets to return", "in": "query", "name": "top", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ResourceSearchResult" } } }, "description": "OK" }, "400": { "description": "invalid groupBy field" }, "422": { "description": "search cluster is unreachable" } }, "summary": "GetOrgResourceSearchV2Query", "tags": [ "Organizations", "ResourceSearch" ] } }, "/api/orgs/{orgName}/secrets/summary": { "get": { "description": "GetUsageSummaryEnvironmentSecrets handles request to fetch the summary\nof ESC secret hours for an organization.", "operationId": "GetUsageSummaryEnvironmentSecrets", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Time granularity for aggregation (e.g., 'hourly', 'daily', 'monthly')", "in": "query", "name": "granularity", "schema": { "type": "string" } }, { "description": "Number of days to look back from the current time or lookbackStart", "in": "query", "name": "lookbackDays", "schema": { "format": "int64", "type": "integer" } }, { "description": "Unix timestamp for the start of the lookback period (defaults to current time if omitted)", "in": "query", "name": "lookbackStart", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetResourceCountSummaryResponse" } } }, "description": "OK" }, "204": { "description": "No Content" } }, "summary": "GetUsageSummaryEnvironmentSecrets", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/services": { "get": { "description": "Returns all service accounts in an organization. Service accounts provide programmatic, non-human identities for accessing Pulumi Cloud resources. They can hold access tokens, belong to teams, and have stack permissions, making them suitable for CI/CD pipelines, automation tools, and other machine-to-machine integrations.", "operationId": "ListServices", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListServicesResponse" } } }, "description": "OK" } }, "summary": "ListServices", "tags": [ "Organizations", "Services" ] }, "post": { "description": "Creates a new service account in an organization. Service accounts provide programmatic, non-human identities for accessing Pulumi Cloud resources. They are scoped to an organization and can hold access tokens, belong to teams, and have stack permissions. The service name must be unique within the organization.", "operationId": "CreateService", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateServiceRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Service" } } }, "description": "OK" }, "400": { "description": "Invalid service data provided" }, "404": { "description": "service" }, "409": { "description": "Service with this name already exists" } }, "summary": "CreateService", "tags": [ "Organizations", "Services" ] } }, "/api/orgs/{orgName}/services/{ownerType}/{ownerName}/{serviceName}": { "delete": { "description": "Deletes a service account from an organization. Service accounts provide programmatic, non-human access to Pulumi Cloud resources. If the service has other members, deletion requires explicit confirmation via the force parameter. All access tokens and permissions associated with the service are revoked.", "operationId": "DeleteService", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The owner type", "in": "path", "name": "ownerType", "required": true, "schema": { "type": "string" } }, { "description": "The owner name", "in": "path", "name": "ownerName", "required": true, "schema": { "type": "string" } }, { "description": "The service name", "in": "path", "name": "serviceName", "required": true, "schema": { "type": "string" } }, { "description": "Force deletion even if the service has other members", "in": "query", "name": "force", "schema": { "type": "boolean" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid query parameter" }, "404": { "description": "service" }, "412": { "description": "confirmation is required to delete service with other members" } }, "summary": "DeleteService", "tags": [ "Organizations", "Services" ] }, "get": { "description": "Returns the details of a specific service account, including its name, owner, description, team memberships, access tokens, and stack permissions. Service accounts provide programmatic, non-human access to Pulumi Cloud resources and are identified by their owner type, owner name, and service name.", "operationId": "GetService", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The owner type", "in": "path", "name": "ownerType", "required": true, "schema": { "type": "string" } }, { "description": "The owner name", "in": "path", "name": "ownerName", "required": true, "schema": { "type": "string" } }, { "description": "The service name", "in": "path", "name": "serviceName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetServiceResponse" } } }, "description": "OK" } }, "summary": "GetService", "tags": [ "Organizations", "Services" ] }, "head": { "description": "Checks whether a service account exists in the organization without returning its full details. Returns 204 No Content if the service exists, or an error if not found. This is a lightweight check useful for validating service account references.", "operationId": "HeadService", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The owner type", "in": "path", "name": "ownerType", "required": true, "schema": { "type": "string" } }, { "description": "The owner name", "in": "path", "name": "ownerName", "required": true, "schema": { "type": "string" } }, { "description": "The service name", "in": "path", "name": "serviceName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "HeadService", "tags": [ "Organizations", "Services" ] }, "patch": { "description": "Updates the metadata and configuration of an existing service account, such as its description, team memberships, and access settings. Service accounts provide programmatic, non-human access to Pulumi Cloud resources.", "operationId": "UpdateService", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The owner type", "in": "path", "name": "ownerType", "required": true, "schema": { "type": "string" } }, { "description": "The owner name", "in": "path", "name": "ownerName", "required": true, "schema": { "type": "string" } }, { "description": "The service name", "in": "path", "name": "serviceName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateServiceMetadataRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Service" } } }, "description": "OK" }, "400": { "description": "Invalid service update data provided or invalid member type." }, "404": { "description": "service" } }, "summary": "UpdateService", "tags": [ "Organizations", "Services" ] } }, "/api/orgs/{orgName}/services/{ownerType}/{ownerName}/{serviceName}/items": { "post": { "description": "Adds items (such as access tokens, team memberships, or stack permissions) to an existing service account. Service accounts provide programmatic, non-human access to Pulumi Cloud resources and are scoped to an organization. Items define what the service account can access and what credentials it holds. Returns the updated service details.", "operationId": "AddServiceItems", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The owner type", "in": "path", "name": "ownerType", "required": true, "schema": { "type": "string" } }, { "description": "The owner name", "in": "path", "name": "ownerName", "required": true, "schema": { "type": "string" } }, { "description": "The service name", "in": "path", "name": "serviceName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AddServiceItemsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetServiceResponse" } } }, "description": "OK" }, "400": { "description": "Invalid service item data provided." } }, "summary": "AddServiceItems", "tags": [ "Organizations", "Services" ] } }, "/api/orgs/{orgName}/services/{ownerType}/{ownerName}/{serviceName}/items/{itemType}/{itemName}": { "delete": { "description": "Removes a specific item (such as a team membership, access token, or stack permission) from a service account. Returns the updated service details after the item has been removed.", "operationId": "RemoveServiceItem", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The owner type", "in": "path", "name": "ownerType", "required": true, "schema": { "type": "string" } }, { "description": "The owner name", "in": "path", "name": "ownerName", "required": true, "schema": { "type": "string" } }, { "description": "The service name", "in": "path", "name": "serviceName", "required": true, "schema": { "type": "string" } }, { "description": "The item type", "in": "path", "name": "itemType", "required": true, "schema": { "type": "string" } }, { "description": "The item name", "in": "path", "name": "itemName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetServiceResponse" } } }, "description": "OK" }, "400": { "description": "invalid item name" } }, "summary": "RemoveServiceItem", "tags": [ "Organizations", "Services" ] } }, "/api/orgs/{orgName}/teams": { "get": { "description": "Retrieves all teams within an organization. Teams provide a centralized way to manage stack access permissions for groups of users. The response includes each team's name, type (Pulumi-managed, GitHub-backed, or GitLab-backed), member count, and summary of stack permissions. Teams are available to organizations on Enterprise and Business Critical editions.", "operationId": "ListTeams", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListTeamsResponse" } } }, "description": "OK" } }, "summary": "ListTeams", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/teams/github": { "post": { "description": "Creates a new Pulumi team backed by a GitHub team. When an organization is backed by GitHub, existing GitHub teams can be imported into Pulumi to manage stack permissions. Membership is managed through GitHub while stack access permissions are controlled within Pulumi Cloud. The request must include the GitHub team ID. Returns 409 if a team with the same name already exists.", "operationId": "CreateGitHubTeam", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateGitHubTeamRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Team" } } }, "description": "Created" }, "400": { "description": "No TeamID provided." }, "404": { "description": "GitHub Team" }, "409": { "description": "Team with this name already exists" } }, "summary": "CreateGitHubTeam", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/teams/pulumi": { "post": { "description": "CreatePulumiTeam creates a \"Pulumi\" team, i.e. one whose membership is managed by Pulumi.\n(As opposed to a GitHub or GitLab-based team.)", "operationId": "CreatePulumiTeam", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreatePulumiTeamRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Team" } } }, "description": "Created" }, "400": { "description": "Display name too long. Max length 100 characters." }, "409": { "description": "Team with this name already exists" } }, "summary": "CreatePulumiTeam", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/teams/{teamName}": { "delete": { "description": "Permanently removes a team from an organization. All stack permission grants assigned to the team are revoked, and team members lose any access that was granted solely through team membership. Team tokens associated with the team are also invalidated. This action cannot be undone.", "operationId": "DeleteTeam", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Team" } }, "summary": "DeleteTeam", "tags": [ "Organizations" ] }, "get": { "description": "Retrieves detailed information about a specific team within an organization. The response includes the team name, display name, description, team type (Pulumi-managed, GitHub-backed, or GitLab-backed), list of members with their roles (team admin or team member), and the stack permissions granted to the team. Teams provide a centralized way to manage stack access for groups of users.", "operationId": "GetTeam", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Team" } } }, "description": "OK" } }, "summary": "GetTeam", "tags": [ "Organizations" ] }, "patch": { "description": "Updates a team's membership and configuration. This multi-purpose endpoint supports several operations:\n\n**Update membership:** Use `member` (username) and `memberAction` (`add` or `remove`) to manage team members.\n\n**Grant stack access:** Use `addStackPermission` with `projectName`, `stackName`, and `permission` (integer: `101` = read, `102` = edit, `103` = admin).\n\n**Remove stack access:** Use `removeStack` with `projectName` and `stackName`.\n\nMembers added to a team inherit the team's stack permissions. Teams are not available to individual (single-user) organizations.", "operationId": "UpdateTeam", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateTeamRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Teams are not available to individual orgs." } }, "summary": "UpdateTeam", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/teams/{teamName}/enable-team-roles": { "post": { "description": "Enables custom role-based access control for a team. Once enabled, the team can be assigned custom roles that define fine-grained permissions beyond the default team admin and team member roles. Returns the created role descriptor.", "operationId": "EnableTeamRoles", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PermissionDescriptorRecord" } } }, "description": "OK" }, "400": { "description": "Role with this name already exists" } }, "summary": "EnableTeamRoles", "tags": [ "Organizations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/orgs/{orgName}/teams/{teamName}/roles": { "get": { "description": "ListTeamRoles will list the roles for a team. For now, this will always be a\nlist of one, since we currently only support one role per team.", "operationId": "ListTeamRoles", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListTeamRolesResponse" } } }, "description": "OK" }, "404": { "description": "Role" } }, "summary": "ListTeamRoles", "tags": [ "Organizations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/orgs/{orgName}/teams/{teamName}/roles/{roleID}": { "delete": { "description": "Removes a custom role assignment from a team. This revokes the permissions that were granted to team members through the role. Currently only one role can be assigned per team.", "operationId": "DeleteTeamRole", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Role" } }, "summary": "DeleteTeamRole", "tags": [ "Organizations" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "post": { "description": "UpdateTeamRoles upserts the role assigned to a team since we currently only support\na 1:1 mapping of teams to roles.", "operationId": "UpdateTeamRoles", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } }, { "description": "The role identifier", "in": "path", "name": "roleID", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Role with this name already exists" } }, "summary": "UpdateTeamRoles", "tags": [ "Organizations" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/orgs/{orgName}/teams/{teamName}/tokens": { "get": { "description": "Retrieves all access tokens for a specific team. Team tokens inherit the stack permissions assigned to the team, providing scoped CI/CD automation access. The response includes token metadata such as name, description, creation date, last used date, and expiration status. The actual token values are never returned after initial creation. An optional filter parameter can include expired tokens.", "operationId": "ListTeamTokens", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } }, { "description": "Filter tokens by status (e.g., include expired tokens)", "in": "query", "name": "filter", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAccessTokensResponse" } } }, "description": "OK" } }, "summary": "ListTeamTokens", "tags": [ "Organizations" ] }, "post": { "description": "Generates a new access token scoped to a specific team within an organization. Team tokens inherit the stack permissions assigned to the team, making them suitable for CI/CD pipelines that need access limited to a specific set of stacks.\n\nThe `name` field must be unique across the organization (including deleted tokens) and cannot exceed 40 characters. The `expires` field accepts a unix epoch timestamp up to two years from the present, or `0` for no expiry (default).\n\n**Important:** The token value in the response is only returned once at creation time and cannot be retrieved later.", "operationId": "CreateTeamToken", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } }, { "description": "Audit log reason for creating this token", "in": "query", "name": "reason", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateTeamAccessTokenRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateAccessTokenResponse" } } }, "description": "OK" } }, "summary": "CreateTeamToken", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/teams/{teamName}/tokens/{tokenId}": { "delete": { "description": "Permanently revokes and deletes a team access token. Any CI/CD pipelines or automation using this token will immediately lose access to the stacks assigned to the team. This action cannot be undone.", "operationId": "DeleteTeamToken", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } }, { "description": "The access token identifier", "in": "path", "name": "tokenId", "required": true, "schema": { "type": "string" } }, { "description": "Audit log reason for deleting this token", "in": "query", "name": "reason", "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "the requested token is not a team token" } }, "summary": "DeleteTeamToken", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/template": { "get": { "description": "GetProjectTemplate attempts to fetch Pulumi.yaml from a template\nrepository. If the repository represents a valid template, we return a\nresponse identical to the format we use for the public pulumi/templates\nrepo.\n\nThis API accepts either a `url` or `project` query param to denote\neither where to fetch the project template from or which project's\npre-configured template to use respectively. If both are passed in `project`\ntake precedence, falling back to `url` if there is no source configured on\nthe project.", "operationId": "GetProjectTemplate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "400": { "description": "missing required query param: oneof [url, project]" }, "404": { "description": "project" }, "422": { "description": "invalid template" } }, "summary": "GetProjectTemplate", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/template/configuration": { "get": { "description": "GetProjectTemplateConfiguration attempts to lookup any config we store\nfor the template using the template query parameter passed in as a key\ninto the org's template sources.", "operationId": "GetProjectTemplateConfiguration", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetTemplateConfigurationResponse" } } }, "description": "OK" }, "400": { "description": "missing required query param: url" } }, "summary": "GetProjectTemplateConfiguration", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/template/download": { "get": { "description": "Downloads a template archive for an organization as an application/x-tar binary stream. The template is identified by a URL query parameter pointing to the template source. Returns the tar archive containing the template's project files and configuration.", "operationId": "GetOrgTemplateDownload", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-tar": { "schema": { "items": { "format": "byte", "type": "string" }, "type": "array" } } }, "description": "OK" }, "400": { "description": "missing required query param: url" } }, "summary": "GetOrgTemplateDownload", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/template/readme": { "get": { "description": "Returns the README content for an organization template as Markdown text. The template is identified by a URL query parameter. Returns 404 if the template does not contain a README.md file, or 422 if the README content is invalid.", "operationId": "GetOrgTemplateReadme", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "text/markdown": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "missing required query param: url" }, "404": { "description": "README.md" }, "422": { "description": "invalid readme" } }, "summary": "GetOrgTemplateReadme", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/templates": { "get": { "description": "Returns a combined list of all templates available to the organization and the current user. This includes templates from the organization's configured template collections as well as Pulumi's built-in public templates. Each template includes its name, description, language, and source URL.", "operationId": "GetOrgTemplates", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetOrgTemplatesResponse" } } }, "description": "OK" } }, "summary": "GetOrgTemplates", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/templates/sources": { "get": { "description": "Returns all template collections (sources) configured for an organization. Template collections define where project templates are sourced from, such as Git repositories. Each collection includes its name, URL, and the templates it provides.", "operationId": "GetOrgTemplateCollections", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetOrgTemplateSourcesResponse" } } }, "description": "OK" } }, "summary": "GetOrgTemplateCollections", "tags": [ "Organizations" ] }, "post": { "description": "Creates a new template collection (source) for an organization. Template collections define where project templates are sourced from, such as a Git repository. Organization members can use these templates to create new stacks with pre-configured infrastructure code.", "operationId": "CreateOrgTemplateCollection", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpsertOrgTemplateSourceRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TemplateSource" } } }, "description": "OK" }, "400": { "description": "unsupported template source" }, "404": { "description": "template source" }, "409": { "description": "a template source with this name already exists in this organization" } }, "summary": "CreateOrgTemplateCollection", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/templates/sources/{templateID}": { "delete": { "description": "Removes a template collection (source) from an organization. Templates sourced from this collection will no longer be available to organization members when creating new stacks. Returns 400 if the template ID is invalid, or 404 if the template source does not exist.", "operationId": "DeleteOrgTemplateCollection", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The template identifier", "in": "path", "name": "templateID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "invalid template ID" }, "404": { "description": "Template source" } }, "summary": "DeleteOrgTemplateCollection", "tags": [ "Organizations" ] }, "patch": { "description": "Updates an existing template collection for an organization, allowing modification of the template source URL, name, or other configuration. Template collections define where project templates are sourced from.", "operationId": "UpdateOrgTemplateCollection", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The template identifier", "in": "path", "name": "templateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpsertOrgTemplateSourceRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TemplateSource" } } }, "description": "OK" }, "400": { "description": "invalid template ID" }, "404": { "description": "Template Source" }, "409": { "description": "a template source with this name already exists in this organization" } }, "summary": "UpdateOrgTemplateCollection", "tags": [ "Organizations" ] } }, "/api/orgs/{orgName}/tokens": { "get": { "description": "Retrieves all access tokens created for an organization. Organization tokens provide CI/CD automation access scoped to the organization rather than tied to individual user accounts. The response includes token metadata such as name, description, creation date, last used date, and expiration status. The actual token values are never returned after initial creation. An optional filter parameter can include expired tokens in the results.", "operationId": "ListOrgTokens", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Filter tokens by status (e.g., include expired tokens)", "in": "query", "name": "filter", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAccessTokensResponse" } } }, "description": "OK" } }, "summary": "ListOrgTokens", "tags": [ "Organizations", "AccessTokens" ] }, "post": { "description": "Generates a new access token scoped to the organization for use in CI/CD pipelines and automated workflows. Organization tokens belong to the organization rather than individual users, ensuring that access is not disrupted when team members leave.\n\nThe `name` field must be unique across the organization (including deleted tokens) and cannot exceed 40 characters. The `expires` field accepts a unix epoch timestamp up to two years from the present, or `0` for no expiry (default).\n\n**Important:** The token value in the response is only returned once at creation time and cannot be retrieved later. Audit logs for actions performed with organization tokens are attributed to the organization rather than an individual user.", "operationId": "CreateOrgToken", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Audit log reason for creating this token", "in": "query", "name": "reason", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateOrgAccessTokenRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateAccessTokenResponse" } } }, "description": "OK" } }, "summary": "CreateOrgToken", "tags": [ "Organizations", "AccessTokens" ] } }, "/api/orgs/{orgName}/tokens/{tokenId}": { "delete": { "description": "Permanently revokes and deletes an organization access token. Any CI/CD pipelines or automation using this token will immediately lose access to the organization's resources. This action cannot be undone.", "operationId": "DeleteOrgToken", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The access token identifier", "in": "path", "name": "tokenId", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeleteOrgToken", "tags": [ "Organizations", "AccessTokens" ] } }, "/api/preview/agents/{orgName}/tasks": { "get": { "description": "Lists all agent tasks for the specified organization. Supports pagination via continuationToken with a configurable pageSize (1-1000, default 100). Returns task metadata including ID, name, status, and creation timestamp.", "operationId": "ListTasks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Token for retrieving the next page of results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of results per page", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAgentTasksResponse" } } }, "description": "OK" }, "400": { "description": "pageSize must be between 1 and 1000" } }, "summary": "ListTasks", "tags": [ "AI Agents", "Neo" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "post": { "description": "Creates a new agent task for the specified organization. The request must include a prompt (the user event message) that initiates the task. Set the 'permissionMode' field in the request body to restrict the agent to read-only operations. Returns the created task details including task ID, name, status, and timestamp.", "operationId": "CreateTasks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateAgentTaskRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateAgentTaskResponse" } } }, "description": "Created" }, "400": { "description": "prompt is required" } }, "summary": "CreateTasks", "tags": [ "AI Agents", "Neo" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/agents/{orgName}/tasks/{taskID}": { "get": { "description": "Retrieves metadata for a specific agent task, including its ID, name, status, creation timestamp, and associated entities. Returns 404 if the task does not exist.", "operationId": "GetTask", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The agent task identifier", "in": "path", "name": "taskID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AgentTask" } } }, "description": "OK" }, "404": { "description": "task" } }, "summary": "GetTask", "tags": [ "AI Agents", "Neo" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "patch": { "description": "Updates the settings or metadata of an agent task. Only the user who created the task can modify it.", "operationId": "UpdateTask", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The agent task identifier", "in": "path", "name": "taskID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateTaskRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AgentTask" } } }, "description": "OK" }, "403": { "description": "feature not enabled for organization" }, "404": { "description": "task not found or not owned by user" } }, "summary": "UpdateTask", "tags": [ "AI Agents", "Neo" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "post": { "description": "Sends a response to an ongoing agent task. Supported event types include user_message, user_confirmation, and user_cancel. Returns 409 if the task already has a pending request that has not completed.", "operationId": "RespondToTask", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The agent task identifier", "in": "path", "name": "taskID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AgentRespondToTaskRequest" } } }, "x-originalParamName": "body" }, "responses": { "202": { "description": "Accepted" }, "400": { "description": "event field is required" }, "404": { "description": "task" }, "409": { "description": "cannot respond while a request is still ongoing" } }, "summary": "RespondToTask", "tags": [ "AI Agents", "Neo" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/agents/{orgName}/tasks/{taskID}/events": { "get": { "description": "Retrieves the event stream for a specific agent task. Events include agent messages, tool calls, status changes, and user interactions. Supports pagination via continuationToken with a configurable pageSize (1-1000).", "operationId": "GetTaskEvents", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The agent task identifier", "in": "path", "name": "taskID", "required": true, "schema": { "type": "string" } }, { "description": "Token for retrieving the next page of results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of results per page", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAgentTaskEventsResponse" } } }, "description": "OK" }, "400": { "description": "pageSize must be between 1 and 1000" }, "404": { "description": "task" } }, "summary": "GetTaskEvents", "tags": [ "AI Agents", "Neo" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/agents/{orgName}/tasks/{taskID}/events/stream": { "get": { "description": "Streams events for a specific agent task as Server-Sent Events. Each SSE data frame contains a JSON-encoded AgentConsoleEvent. The stream delivers existing events immediately, then keeps the connection open to deliver new events in real time until the task completes.", "operationId": "StreamTaskEvents", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The agent task identifier", "in": "path", "name": "taskID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "text/event-stream": { "schema": { "$ref": "#/components/schemas/AgentConsoleEvent" } } }, "description": "OK" }, "404": { "description": "task" } }, "summary": "StreamTaskEvents", "tags": [ "AI Agents", "Neo" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/environments": { "get": { "deprecated": true, "description": "Returns a paginated list of all Pulumi ESC environments accessible to the authenticated user across all organizations they belong to. Each entry includes the organization, project, environment name, and creation/modification timestamps. Use the organization query parameter to filter results to a specific organization. Use continuationToken for pagination through large result sets.", "operationId": "ListEnvironments_preview", "parameters": [ { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Whether to include referrer metadata. Defaults to false.", "in": "query", "name": "includeReferrerMetadata", "schema": { "type": "boolean" } }, { "description": "Maximum number of results for pagination", "in": "query", "name": "maxResults", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter results to this organization name", "in": "query", "name": "organization", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid continuation token" } }, "summary": "ListEnvironments", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/providers": { "get": { "deprecated": true, "description": "Returns a list of all available Pulumi ESC providers. Providers are integrations that dynamically retrieve configuration and secrets from external sources (e.g., AWS, Azure, Google Cloud, HashiCorp Vault, 1Password) via the fn::open function in environment definitions. Optionally filter by organization using the orgName query parameter to see only providers available to that organization.", "operationId": "ListProviders_preview_environments", "parameters": [ { "description": "Filter providers available to this organization", "in": "query", "name": "orgName", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListProvidersResponse" } } }, "description": "OK" } }, "summary": "ListProviders", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/providers/{providerName}/schema": { "get": { "deprecated": true, "description": "Returns the JSON schema for a Pulumi ESC provider. Providers are integrations that dynamically retrieve configuration and secrets from external sources such as AWS, Azure, Google Cloud, HashiCorp Vault, and others via fn::open. The schema describes the provider's input parameters, output structure, and configuration options. The provider is identified by name in the URL path.", "operationId": "GetProviderSchema_preview_environments", "parameters": [ { "description": "The provider name", "in": "path", "name": "providerName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ProviderSchema" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "provider" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "GetProviderSchema", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}": { "get": { "deprecated": true, "description": "Returns a paginated list of all Pulumi ESC environments within a specific organization. Each entry includes the project, environment name, and creation/modification timestamps. Results are scoped to the organization specified in the URL path. Use continuationToken for pagination through large result sets.", "operationId": "ListOrgEnvironments_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Whether to include referrer metadata. Defaults to false.", "in": "query", "name": "includeReferrerMetadata", "schema": { "type": "boolean" } }, { "description": "Maximum number of results for pagination", "in": "query", "name": "maxResults", "schema": { "format": "int64", "type": "integer" } }, { "description": "The custom role to use for listing environments", "in": "query", "name": "roleID", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentsResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListOrgEnvironments", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/tags": { "get": { "deprecated": true, "description": "Returns a map of all unique tag names and their distinct values across all Pulumi ESC environments in the organization. The response is a map where each key is a tag name and the value is a list of all distinct values for that tag across all environments. This is useful for building tag-based filtering or discovery UIs.", "operationId": "ListAllEnvironmentTags_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "additionalProperties": { "items": { "type": "string" }, "type": "array" }, "type": "object" } } }, "description": "successful operation" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListAllEnvironmentTags", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/yaml/check": { "post": { "deprecated": true, "description": "Checks a raw YAML environment definition for errors without creating or modifying any environment. The YAML definition is provided in the request body and validated for correctness, including imports, provider configurations, function invocations, and interpolation expressions. When the showSecrets query parameter is set to true, secret values are returned in plaintext in the response. This is useful for validating environment definitions before applying them.", "operationId": "CheckYAML_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Whether to show secret values in plaintext", "in": "query", "name": "showSecrets", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CheckYAML", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/yaml/open": { "post": { "deprecated": true, "description": "Opens an anonymous Pulumi ESC environment from a raw YAML definition provided in the request body, fully resolving all dynamic values, provider integrations, and secrets. Unlike OpenEnvironment, this does not require a pre-existing environment to be stored. The duration parameter specifies how long the session remains valid using Go duration format. Returns an OpenEnvironmentResponse containing the session ID. Use the session ID with ReadAnonymousOpenEnvironment to retrieve the resolved values.", "operationId": "OpenYAML_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The session duration, using Go time units: ns, us, ms, s, m, h (e.g. '2h')", "in": "query", "name": "duration", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "OpenYAML", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/yaml/open/{openSessionID}": { "get": { "deprecated": true, "description": "Reads the fully resolved values from an anonymous open environment session that was created via the OpenYAML endpoint. The openSessionID path parameter must match a valid, non-expired session. The optional property query parameter accepts a dot-separated path to retrieve a specific nested value instead of the entire resolved environment (e.g., 'aws.credentials.accessKeyId'). The response contains the resolved configuration values with secrets decrypted.", "operationId": "ReadAnonymousOpenEnvironment_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The session ID returned from the open environment operation", "in": "path", "name": "openSessionID", "required": true, "schema": { "type": "string" } }, { "description": "A dot-separated path to a specific property to retrieve from the environment", "in": "query", "name": "property", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "path" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadAnonymousOpenEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}": { "delete": { "deprecated": true, "description": "Permanently deletes a Pulumi ESC environment and all of its revision history, tags, and associated configuration. This operation is blocked if deletion protection is enabled on the environment (see PatchEnvironmentSettings). Enterprise and Business Critical edition organizations may be able to restore deleted environments within a retention window. Returns 409 if the environment is deletion-protected or has been modified since it was last read.", "operationId": "DeleteEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "DeleteEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "get": { "deprecated": true, "description": "Returns the YAML definition of a Pulumi ESC environment. The response is in application/x-yaml format and includes the environment's imports, values, provider configurations, and function invocations. Secrets remain in their encrypted form (use DecryptEnvironment to see plaintext secrets, or OpenEnvironment to fully resolve all dynamic values). When a version path parameter is provided, returns the definition for that specific revision.", "operationId": "ReadEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "head": { "deprecated": true, "description": "Returns the ETag header for a Pulumi ESC environment without returning the full definition body. This is used for lightweight existence checks and for obtaining the current ETag value for optimistic concurrency control. The ETag should be included in subsequent update requests via the If-Match header to prevent concurrent modification conflicts. Returns 404 if the environment does not exist.", "operationId": "HeadEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "HeadEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "patch": { "deprecated": true, "description": "Validates and updates the YAML definition of a Pulumi ESC environment. The request body must contain the complete environment definition in application/x-yaml format, including imports, values, provider configurations, and function invocations. Each successful update creates a new immutable revision in the environment's version history. Supports optimistic concurrency control via ETag/If-Match headers; returns 409 if the environment has been modified since it was last read.", "operationId": "UpdateEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "UpdateEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "post": { "deprecated": true, "description": "Creates a new Pulumi ESC (Environments, Secrets, and Configuration) environment within the specified organization. The request body must include the project name and the environment name. Environment names must be unique within a project and may only contain alphanumeric characters, hyphens, underscores, and periods. The newly created environment starts with an empty YAML definition that can be updated via the UpdateEnvironment endpoint.", "operationId": "CreateEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CreateEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/check": { "post": { "deprecated": true, "description": "Checks a Pulumi ESC environment definition for errors without applying changes. This validates the YAML definition including imports, provider configurations, function invocations (fn::open, fn::secret, etc.), and interpolation expressions. When the showSecrets query parameter is set to true, secret values are returned in plaintext in the response. The response includes any diagnostics or validation errors found in the environment definition. Supports optimistic concurrency control via ETag headers.", "operationId": "CheckEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Whether to show secret values in plaintext", "in": "query", "name": "showSecrets", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CheckEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CheckEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/decrypt": { "get": { "deprecated": true, "description": "Reads the YAML definition for a Pulumi ESC environment with all static secrets decrypted and shown in plaintext. Unlike the standard ReadEnvironment endpoint which returns secrets in their encrypted form, this endpoint resolves fn::secret values to their plaintext representations. The response is returned in application/x-yaml format. This does not resolve dynamic provider values (fn::open); use OpenEnvironment for full resolution. Requires environment open permission.", "operationId": "DecryptEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "DecryptEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/hooks": { "get": { "deprecated": true, "description": "Returns a list of all webhooks configured for a Pulumi ESC environment. Each webhook entry includes its name, destination URL, event filters, format, and active status. Webhooks enable external services to be notified of environment events such as updates and opens.", "operationId": "ListWebhooks_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/WebhookResponse" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "ListWebhooks", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "post": { "deprecated": true, "description": "Creates a new webhook for a Pulumi ESC environment. Webhooks allow external services to be notified when environment events occur, such as updates or opens. The request body specifies the webhook configuration including the destination URL, event filters, and format. Returns 400 if the organization name in the request body does not match the URL path parameter. Returns 409 if a webhook with the same name already exists.", "operationId": "CreateWebhook_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "Created" }, "400": { "description": "Organization name from request body doesn't match URL." }, "409": { "description": "Webhook already exists" } }, "summary": "CreateWebhook", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/hooks/{hookName}": { "delete": { "deprecated": true, "description": "Deletes a webhook from a Pulumi ESC environment. The webhook is identified by its name in the URL path. After deletion, the external service will no longer receive notifications for environment events. Returns 204 on success with no response body.", "operationId": "DeleteWebhook_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeleteWebhook", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "get": { "deprecated": true, "description": "Returns the configuration and status of a single webhook for a Pulumi ESC environment. The webhook is identified by its name in the URL path. The response includes the webhook's destination URL, event filters, format, and active status. Returns 404 if the webhook does not exist.", "operationId": "GetWebhook_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "GetWebhook", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "patch": { "deprecated": true, "description": "Updates the configuration of an existing webhook on a Pulumi ESC environment. The webhook is identified by its name in the URL path. The request body contains the updated webhook configuration including destination URL, event filters, format, and active status. Returns the updated WebhookResponse on success. Returns 400 if an invalid format is specified.", "operationId": "UpdateWebhook_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "OK" }, "400": { "description": "'pulumi_deployments' format can only be used on stack or environment webhooks." }, "404": { "description": "Webhook" } }, "summary": "UpdateWebhook", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/hooks/{hookName}/deliveries": { "get": { "deprecated": true, "description": "Returns a list of recent delivery attempts for a specific webhook on a Pulumi ESC environment. Each delivery record includes the HTTP status code, response body, timestamp, and whether the delivery was successful. This is useful for debugging webhook integration issues and verifying that events are being received.", "operationId": "GetWebhookDeliveries_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/WebhookDelivery" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "GetWebhookDeliveries", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/hooks/{hookName}/deliveries/{event}/redeliver": { "post": { "deprecated": true, "description": "Triggers the Pulumi Service to redeliver a specific event to a webhook on a Pulumi ESC environment. This is useful for resending events that the webhook endpoint failed to process on the initial delivery attempt (e.g., due to temporary downtime or errors). The event is identified by its delivery event ID in the URL path. Returns the new WebhookDelivery record for the redelivery.", "operationId": "RedeliverWebhookEvent_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook delivery event ID to redeliver", "in": "path", "name": "event", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookDelivery" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "RedeliverWebhookEvent", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/hooks/{hookName}/ping": { "post": { "deprecated": true, "description": "Sends a test ping event to a webhook on a Pulumi ESC environment to verify that the webhook endpoint is reachable and functioning correctly. This bypasses the normal message queue and issues the request directly to the webhook URL. Returns the WebhookDelivery record containing the HTTP status code and response from the target endpoint.", "operationId": "PingWebhook_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookDelivery" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "PingWebhook", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/metadata": { "get": { "deprecated": true, "description": "Returns metadata for a Pulumi ESC environment, including the calling user's effective permission level (read, open, write, admin), creation and modification timestamps, the environment's project, and other administrative information. This is useful for determining what actions the current user can perform on the environment before attempting those operations.", "operationId": "GetEnvironmentMetadata_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentMetadata" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "GetEnvironmentMetadata", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/open": { "post": { "deprecated": true, "description": "Opens a Pulumi ESC environment, fully resolving all dynamic values, provider integrations (fn::open), interpolation expressions, and secrets. This initiates an access session that evaluates the complete environment definition including all imports. The duration parameter specifies how long the session remains valid using Go duration format (e.g., '2h45m', '300ms'). Returns an OpenEnvironmentResponse containing the session ID and any diagnostics. Use the session ID with ReadOpenEnvironment to retrieve the resolved values.", "operationId": "OpenEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The session duration, using Go time units: ns, us, ms, s, m, h (e.g. '2h')", "in": "query", "name": "duration", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "OpenEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/open/{openSessionID}": { "get": { "deprecated": true, "description": "Reads the fully resolved values from an open environment session that was created via the OpenEnvironment endpoint. The openSessionID path parameter must match a valid, non-expired session. The optional property query parameter accepts a dot-separated path to retrieve a specific nested value instead of the entire resolved environment (e.g., 'aws.credentials.accessKeyId'). The response contains all resolved configuration values with secrets decrypted and provider-sourced values fully evaluated.", "operationId": "ReadOpenEnvironment_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The session ID returned from the open environment operation", "in": "path", "name": "openSessionID", "required": true, "schema": { "type": "string" } }, { "description": "A dot-separated path to a specific property to retrieve from the environment", "in": "query", "name": "property", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "path" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadOpenEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/tags": { "get": { "deprecated": true, "description": "Returns a paginated list of user-defined tags for a Pulumi ESC environment. Tags are key-value pairs used for organizing and categorizing environments. Use the after parameter for cursor-based pagination and count to limit the number of results returned.", "operationId": "ListEnvironmentTags_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Only return results after this value", "in": "query", "name": "after", "schema": { "format": "int64", "type": "integer" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentTagsResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListEnvironmentTags", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "post": { "deprecated": true, "description": "Adds a new user-defined tag to a Pulumi ESC environment. Tags are key-value pairs that provide contextual metadata for organizing and searching environments (e.g., region=us-east-1, team=platform). The tag name and value are provided in the request body. Returns the created EnvironmentTag on success. Returns 409 if a tag with the same name already exists on the environment.", "operationId": "CreateEnvironmentTag_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentTagRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentTag" } } }, "description": "OK" }, "400": { "description": "Invalid tag name or value" }, "404": { "description": "environment" }, "409": { "description": "Tag already exists" } }, "summary": "CreateEnvironmentTag", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/tags/{tagName}": { "delete": { "deprecated": true, "description": "Removes a user-defined tag from a Pulumi ESC environment. The tag is identified by its name in the URL path. Returns 204 on success with no response body. Returns 404 if the tag does not exist on the environment.", "operationId": "DeleteEnvironmentTag_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The environment tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid tag name or value" }, "404": { "description": "tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "DeleteEnvironmentTag", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "get": { "deprecated": true, "description": "Returns a single user-defined tag for a Pulumi ESC environment, identified by the tag name in the URL path. The response includes the tag name, value, and metadata. Returns 404 if the tag does not exist on the environment.", "operationId": "GetEnvironmentTag_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The environment tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentTag" } } }, "description": "OK" }, "404": { "description": "tag" } }, "summary": "GetEnvironmentTag", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "patch": { "deprecated": true, "description": "Modifies the value of an existing user-defined tag on a Pulumi ESC environment. The tag is identified by its name in the URL path. The request body contains the new value for the tag. Returns the updated EnvironmentTag on success. Returns 404 if the tag does not exist on the environment.", "operationId": "UpdateEnvironmentTag_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The environment tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateEnvironmentTagRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentTag" } } }, "description": "OK" }, "400": { "description": "Invalid tag name or value" }, "404": { "description": "environment tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "UpdateEnvironmentTag", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions": { "get": { "deprecated": true, "description": "Returns a paginated list of revisions for a Pulumi ESC environment. Each revision represents an immutable snapshot of the environment definition created when the environment is updated. The response includes revision numbers, timestamps, and the identity of the user who made each change. Use the before parameter to fetch revisions before a specific revision number, and count to limit the number of results returned.", "operationId": "ListEnvironmentRevisions_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Only return results before this revision", "in": "query", "name": "before", "schema": { "format": "int64", "type": "integer" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/EnvironmentRevision" }, "type": "array" } } }, "description": "successful operation" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListEnvironmentRevisions", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/tags": { "get": { "deprecated": true, "description": "Returns a paginated list of revision tags for a Pulumi ESC environment. Revision tags are named references pointing to specific revision numbers (e.g., 'latest', 'prod', 'stable'). They can be used in environment imports and Pulumi stack configuration to pin to a specific version. Use the after parameter for cursor-based pagination and count to limit results.", "operationId": "ListRevisionTags_preview_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "Only return results after this value", "in": "query", "name": "after", "schema": { "type": "string" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentRevisionTagsResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListRevisionTags", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/tags/{tagName}": { "delete": { "deprecated": true, "description": "Deletes a named revision tag from a Pulumi ESC environment. The tag is identified by its name in the URL path. After deletion, any imports or stack configurations referencing this tag will fail to resolve. The built-in 'latest' tag cannot be deleted. Returns 204 on success with no response body.", "operationId": "DeleteRevisionTag_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid revision tag" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "DeleteRevisionTag", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "get": { "deprecated": true, "description": "Returns the details of a specific revision tag for a Pulumi ESC environment. The tag is identified by its name in the URL path. The response includes the tag name and the revision number it points to. Returns 404 if the tag does not exist.", "operationId": "ReadRevisionTag_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EnvironmentRevisionTag" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadRevisionTag", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "patch": { "deprecated": true, "description": "Updates an existing revision tag for a Pulumi ESC environment to point to a different revision number. The tag is identified by its name in the URL path. The request body specifies the new revision number. This allows advancing or rolling back a named reference (e.g., moving the 'prod' tag to a newer or older revision). Returns 204 on success with no response body.", "operationId": "UpdateRevisionTag_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateEnvironmentRevisionTagRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid revision tag" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "UpdateRevisionTag", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "post": { "deprecated": true, "description": "Creates a new revision tag for a Pulumi ESC environment. Revision tags are named references that point to specific revision numbers, similar to Git tags. They allow pinning a stable reference to a known-good version of an environment. Tagged versions can be used in imports and Pulumi stack configuration (e.g., myproject/env@prod) to ensure stable references unaffected by subsequent changes. The built-in 'latest' tag always points to the most recent revision.", "operationId": "CreateRevisionTag_preview_environments_versions_tags", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateEnvironmentRevisionTagRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid revision tag" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CreateRevisionTag", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/{version}": { "get": { "deprecated": true, "description": "Returns the YAML definition of a Pulumi ESC environment. The response is in application/x-yaml format and includes the environment's imports, values, provider configurations, and function invocations. Secrets remain in their encrypted form (use DecryptEnvironment to see plaintext secrets, or OpenEnvironment to fully resolve all dynamic values). When a version path parameter is provided, returns the definition for that specific revision.", "operationId": "ReadEnvironment_preview_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ReadEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/{version}/check": { "post": { "deprecated": true, "description": "Checks a Pulumi ESC environment definition for errors without applying changes. This validates the YAML definition including imports, provider configurations, function invocations (fn::open, fn::secret, etc.), and interpolation expressions. When the showSecrets query parameter is set to true, secret values are returned in plaintext in the response. The response includes any diagnostics or validation errors found in the environment definition. Supports optimistic concurrency control via ETag headers.", "operationId": "CheckEnvironment_preview_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "Whether to show secret values in plaintext", "in": "query", "name": "showSecrets", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CheckEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CheckEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/{version}/decrypt": { "get": { "deprecated": true, "description": "Reads the YAML definition for a Pulumi ESC environment with all static secrets decrypted and shown in plaintext. Unlike the standard ReadEnvironment endpoint which returns secrets in their encrypted form, this endpoint resolves fn::secret values to their plaintext representations. The response is returned in application/x-yaml format. This does not resolve dynamic provider values (fn::open); use OpenEnvironment for full resolution. Requires environment open permission.", "operationId": "DecryptEnvironment_preview_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "DecryptEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/{version}/open": { "post": { "deprecated": true, "description": "Opens a Pulumi ESC environment, fully resolving all dynamic values, provider integrations (fn::open), interpolation expressions, and secrets. This initiates an access session that evaluates the complete environment definition including all imports. The duration parameter specifies how long the session remains valid using Go duration format (e.g., '2h45m', '300ms'). Returns an OpenEnvironmentResponse containing the session ID and any diagnostics. Use the session ID with ReadOpenEnvironment to retrieve the resolved values.", "operationId": "OpenEnvironment_preview_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "The session duration, using Go time units: ns, us, ms, s, m, h (e.g. '2h')", "in": "query", "name": "duration", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "revision tag" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "OpenEnvironment", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/{version}/referrers": { "get": { "deprecated": true, "description": "Returns a paginated list of entities that reference a Pulumi ESC environment, including other environments that import it and Pulumi stacks that use it in their configuration. The count parameter limits results (range 1-500). Set allRevisions to true to include references across all revisions, and latestStackVersionOnly to true to return only the latest stack version for each referring stack. Use continuationToken for pagination.", "operationId": "ListEnvironmentReferrers_preview_environments_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "Whether to include all revisions", "in": "query", "name": "allRevisions", "schema": { "type": "boolean" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } }, { "description": "Whether to return only the latest stack version", "in": "query", "name": "latestStackVersionOnly", "schema": { "type": "boolean" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentReferrersResponse" } } }, "description": "OK" }, "400": { "description": "count must be in the range [1, 500]" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListEnvironmentReferrers", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/{version}/retract": { "post": { "deprecated": true, "description": "Retracts a specific revision of a Pulumi ESC environment, marking it as withdrawn. A retracted revision remains in the history but is no longer considered a valid version for use. The request body may include a reason for the retraction. The revision is identified by the version path parameter. Returns 204 on success with no response body.", "operationId": "RetractEnvironmentRevision_preview_environments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RetractEnvironmentRevisionRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Bad request" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "RetractEnvironmentRevision", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/environments/{orgName}/{envName}/versions/{version}/tags": { "get": { "deprecated": true, "description": "Returns a paginated list of revision tags for a Pulumi ESC environment. Revision tags are named references pointing to specific revision numbers (e.g., 'latest', 'prod', 'stable'). They can be used in environment imports and Pulumi stack configuration to pin to a specific version. Use the after parameter for cursor-based pagination and count to limit results.", "operationId": "ListRevisionTags_preview_environments_versions2", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The revision version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "Only return results after this value", "in": "query", "name": "after", "schema": { "type": "string" } }, { "description": "Maximum number of results to return", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListEnvironmentRevisionTagsResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "environment" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "ListRevisionTags", "tags": [ "Environments" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/esc/environments/{orgName}/{projectName}/{envName}/drafts": { "post": { "description": "Creates a new draft change request for a Pulumi ESC environment. Drafts allow proposing changes to an environment definition that can be reviewed and approved before being applied. This is part of the approvals workflow for environments. Returns a ChangeRequestRef containing the draft identifier. Requires the Approvals feature to be enabled for the organization.", "operationId": "CreateEnvironmentDraft_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeRequestRef" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "draft" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "CreateEnvironmentDraft", "tags": [ "Environments" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/esc/environments/{orgName}/{projectName}/{envName}/drafts/{changeRequestID}": { "get": { "description": "Reads the YAML definition for a draft version of a Pulumi ESC environment. Drafts are proposed changes created as part of the approvals workflow. The draft is identified by the changeRequestID path parameter. An optional revision query parameter can target a specific base revision. The response is returned in application/x-yaml format. Requires the Approvals feature to be enabled.", "operationId": "ReadEnvironmentDraft_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The change request ID", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } }, { "description": "The environment revision number to target", "in": "query", "name": "revision", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/x-yaml": { "schema": { "type": "string" } } }, "description": "OK" }, "400": { "description": "Invalid input" } }, "summary": "ReadEnvironmentDraft", "tags": [ "Environments" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "patch": { "description": "Updates the YAML definition of an existing draft change request for a Pulumi ESC environment. The draft is identified by the changeRequestID path parameter. The request body contains the updated YAML definition. Returns a ChangeRequestRef on success. Requires the Approvals feature to be enabled for the organization.", "operationId": "UpdateEnvironmentDraft_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The change request ID", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ChangeRequestRef" } } }, "description": "OK" }, "400": { "description": "Bad request" }, "404": { "description": "draft" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "UpdateEnvironmentDraft", "tags": [ "Environments" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/esc/environments/{orgName}/{projectName}/{envName}/drafts/{changeRequestID}/open": { "post": { "description": "Opens a draft version of a Pulumi ESC environment, fully resolving all dynamic values, provider integrations, and secrets for the proposed changes. The duration parameter specifies how long the open session remains valid using Go duration format (e.g., '2h', '30m'). An optional revision parameter can target a specific base revision. Returns an OpenEnvironmentResponse containing the session ID for subsequent reads. Requires the Approvals feature.", "operationId": "OpenEnvironmentDraft_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The environment name", "in": "path", "name": "envName", "required": true, "schema": { "type": "string" } }, { "description": "The change request ID", "in": "path", "name": "changeRequestID", "required": true, "schema": { "type": "string" } }, { "description": "The session duration, using Go time units: ns, us, ms, s, m, h (e.g. '2h')", "in": "query", "name": "duration", "schema": { "type": "string" } }, { "description": "The environment revision number to target", "in": "query", "name": "revision", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenEnvironmentResponse" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" }, "404": { "description": "Change Request" }, "409": { "description": "the environment has changed since it was read" } }, "summary": "OpenEnvironmentDraft", "tags": [ "Environments" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts": { "get": { "description": "Lists Insights accounts available to the authenticated user within the specified organization.", "operationId": "ListAccounts", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of results to return (default: 100, max: 1000)", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter results to child accounts of the specified parent account name (e.g., an AWS organization management account)", "in": "query", "name": "parent", "schema": { "type": "string" } }, { "description": "Filter results to accounts accessible by the specified role", "in": "query", "name": "roleID", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListInsightsAccountsResponse" } } }, "description": "successful operation" }, "400": { "description": "count must be in the range [1, 1000]" }, "404": { "description": "Organization or parent account not found" } }, "summary": "ListAccounts", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "post": { "description": "Creates multiple Insights accounts in a single operation. Each account is created independently, so a failure to create one account does not prevent other accounts from being created. Returns the list of successfully created accounts and details about any failures. Accounts are created with the same permissions as the single CreateAccount endpoint. For AWS accounts, regional child accounts are created automatically based on the provider configuration.", "operationId": "BulkCreateAccounts", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BulkCreateInsightsAccountsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BulkCreateInsightsAccountsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid request body or empty accounts list" }, "404": { "description": "Organization not found" } }, "summary": "BulkCreateAccounts", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}": { "delete": { "description": "Deletes an Insights account and its associated configuration. This operation is irreversible.", "operationId": "DeleteAccount", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Account" } }, "summary": "DeleteAccount", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "get": { "description": "Gets detailed information for a specific Insights account.", "operationId": "ReadAccount", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ReadInsightsAccountResponse" } } }, "description": "successful operation" }, "404": { "description": "Account" } }, "summary": "ReadAccount", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "head": { "description": "Checks whether an Insights account exists. Returns 204 if found, 404 otherwise.", "operationId": "HeadAccount", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Account" } }, "summary": "HeadAccount", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "patch": { "description": "Updates an existing Insights account. Supports partial updates to the ESC environment reference, scan schedule ('none' or 'daily'), and provider-specific configuration such as the list of regions to scan. All request body fields are optional; only provided fields are updated.", "operationId": "UpdateAccount", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateInsightsAccountRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid provider config" }, "404": { "description": "Account or environment not found" } }, "summary": "UpdateAccount", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "post": { "description": "Creates a new Insights account. An Insights account represents a cloud provider account (e.g., AWS, Azure, OCI) configured for resource discovery.", "operationId": "CreateAccount", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateInsightsAccountRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid account name" }, "404": { "description": "Organization or environment not found" } }, "summary": "CreateAccount", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/ownership": { "post": { "description": "Changes the ownership of the specified Insights account to the provided user. Returns the identity of the previous owner.", "operationId": "ReassignAccountOwnership", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserInfo" } } }, "description": "The new owner's identity", "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserInfo" } } }, "description": "OK" } }, "summary": "ReassignStackOwnership", "tags": [ "Insights" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/policy/packs": { "get": { "description": "Returns the policy packs configured to analyze resources in the specified Insights account.", "operationId": "ListPolicyPacksForAccount", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPolicyPacksForInsightsAccountResponse" } } }, "description": "successful operation" }, "400": { "description": "invalid continuation token" }, "404": { "description": "Account" } }, "summary": "ListPolicyPacksForAccount", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources": { "post": { "description": "Creates or updates discovered resources in an Insights account. Used by scanners to report resource state.", "operationId": "UpsertResources", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpsertInsightsResourcesRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "404": { "description": "Account" } }, "summary": "UpsertResources", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/references": { "post": { "description": "Returns discovered resources along with their referenced resources for a batch of resource identifiers.", "operationId": "ListResourcesWithReferences", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListResourcesWithReferencesRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/InsightsResourceWithReferences" }, "type": "array" } } }, "description": "successful operation" }, "404": { "description": "Account or Resource Identifier" } }, "summary": "ListResourcesWithReferences", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}": { "get": { "description": "Returns a discovered resource with its current version details.", "operationId": "ReadResource", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The resource type and cloud provider ID, double-URL-encoded, in the format 'type::id'", "in": "path", "name": "resourceTypeAndId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InsightsResourceWithVersion" } } }, "description": "successful operation" }, "400": { "description": "invalid resource version" }, "404": { "description": "Account" } }, "summary": "ReadResource", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/edges": { "get": { "description": "Returns the relationships (edges) between a discovered resource and other resources in the account.", "operationId": "ListResourceVersionEdges", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The resource type and cloud provider ID, double-URL-encoded, in the format 'type::id'", "in": "path", "name": "resourceTypeAndId", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of results to return (default: 100, max: 500)", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListInsightsResourceVersionEdgesResponse" } } }, "description": "successful operation" }, "400": { "description": "count must be in the range [1, 500]" }, "404": { "description": "Account" } }, "summary": "ListResourceVersionEdges", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/references": { "get": { "description": "Returns a discovered resource along with its referenced (related) resources.", "operationId": "ReadResourceWithReferences", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The resource type and cloud provider ID, double-URL-encoded, in the format 'type::id'", "in": "path", "name": "resourceTypeAndId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InsightsResourceWithReferences" } } }, "description": "successful operation" } }, "summary": "ReadResourceWithReferences", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/stack_edges": { "get": { "description": "Returns the Pulumi stacks that manage the specified discovered resource.", "operationId": "ListResourceStackEdges", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The resource type and cloud provider ID, double-URL-encoded, in the format 'type::id' (e.g., 'aws:ec2/instance:Instance::i-1234567890abcdef0')", "in": "path", "name": "resourceTypeAndId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListInsightsResourceStackEdgesResponse" } } }, "description": "successful operation" }, "404": { "description": "Account" } }, "summary": "ListResourceStackEdges", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/versions": { "get": { "description": "Returns the version history for a discovered resource, showing how its configuration has changed over time.", "operationId": "ListResourceVersions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The resource type and cloud provider ID, double-URL-encoded, in the format 'type::id'", "in": "path", "name": "resourceTypeAndId", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of results to return (default: 100, max: 500)", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListInsightsResourceVersionsResponse" } } }, "description": "successful operation" }, "400": { "description": "count must be in the range [1, 500]" }, "404": { "description": "Account" } }, "summary": "ListResourceVersions", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/versions/{resourceVersion}": { "get": { "description": "Returns a discovered resource with its current or specified version details.", "operationId": "ReadResource_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The resource type and cloud provider ID, double-URL-encoded, in the format 'type::id'", "in": "path", "name": "resourceTypeAndId", "required": true, "schema": { "type": "string" } }, { "description": "The specific version number of the discovered resource to retrieve", "in": "path", "name": "resourceVersion", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InsightsResourceWithVersion" } } }, "description": "successful operation" }, "400": { "description": "invalid resource version" }, "404": { "description": "Account" } }, "summary": "ReadResource", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/versions/{resourceVersion}/edges": { "get": { "description": "Returns the relationships (edges) between a discovered resource and other resources in the account.", "operationId": "ListResourceVersionEdges_versions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The resource type and cloud provider ID, double-URL-encoded, in the format 'type::id'", "in": "path", "name": "resourceTypeAndId", "required": true, "schema": { "type": "string" } }, { "description": "The specific version number of the resource to list edges for", "in": "path", "name": "resourceVersion", "required": true, "schema": { "format": "int64", "type": "integer" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of results to return (default: 100, max: 500)", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListInsightsResourceVersionEdgesResponse" } } }, "description": "successful operation" }, "400": { "description": "count must be in the range [1, 500]" }, "404": { "description": "Account" } }, "summary": "ListResourceVersionEdges", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/resources/{resourceTypeAndId}/versions/{resourceVersion}/policy/results": { "put": { "description": "Updates the policy evaluation results for a specific version of a discovered resource.", "operationId": "UpdateResourceVersionPolicyResults", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The resource type and cloud provider ID, double-URL-encoded, in the format 'type::id'", "in": "path", "name": "resourceTypeAndId", "required": true, "schema": { "type": "string" } }, { "description": "The specific version number of the discovered resource to update policy results for", "in": "path", "name": "resourceVersion", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateInsightsResourceVersionPolicyResultsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid resource version" }, "404": { "description": "Account or Resource Version" } }, "summary": "UpdateResourceVersionPolicyResults", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/scan": { "get": { "description": "Returns the status of the most recent scan for an Insights account.", "operationId": "ReadScanStatus", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScanStatusResponse" } } }, "description": "successful operation" }, "404": { "description": "Scan for account" } }, "summary": "ReadScanStatus", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "post": { "description": "Starts a resource discovery scan for an Insights account. For parent accounts, triggers scans across all child accounts.", "operationId": "ScanAccount", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScanInsightsAccountRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WorkflowRun" } } }, "description": "OK. Returns the WorkflowRun representing the scan." }, "204": { "description": "No Content. When scanning parent accounts." }, "400": { "description": "Invalid request or scan already in progress" }, "404": { "description": "WorkflowRun" } }, "summary": "ScanAccount", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/scan/cancel": { "post": { "description": "Cancels a running resource discovery scan for an Insights account.", "operationId": "CancelScan", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Account" } }, "summary": "CancelScan", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/scan/pause": { "post": { "description": "PauseScheduledScans pauses execution of future scheduled scans for an Insights account.", "operationId": "PauseScheduledScans", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "PauseScheduledScans", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/scan/resume": { "post": { "description": "ResumeScheduledScans resumes execution of future scheduled scans for an Insights account.", "operationId": "ResumeScheduledScans", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "ResumeScheduledScans", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/scan/settings": { "get": { "description": "Returns the scheduled scan configuration for an Insights account, including scan frequency and schedule details.", "operationId": "ReadScheduledScanSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledInsightsScanSettingsResponse" } } }, "description": "successful operation" }, "404": { "description": "Scheduled scan for account" } }, "summary": "ReadScheduledScanSettings", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "put": { "description": "Updates the scheduled scan configuration for an Insights account, such as scan frequency and schedule.", "operationId": "UpdateScheduledScanSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledInsightsScanSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid scan schedule" } }, "summary": "UpdateScheduledScanSettings", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/scans": { "get": { "description": "Returns the scan history for an Insights account, including child accounts for parent accounts.", "operationId": "ListScanStatus", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of results per page (default: 100, max: 1000)", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListScanStatusResponse" } } }, "description": "successful operation" }, "400": { "description": "Invalid query params" }, "404": { "description": "Account" } }, "summary": "ListScanStatus", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/scans/{scanId}": { "get": { "description": "Returns details for a specific Insights scan, including its status, timestamps, and resource counts.", "operationId": "GetScan", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The scan identifier", "in": "path", "name": "scanId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScanStatus" } } }, "description": "successful operation" }, "404": { "description": "Scan" } }, "summary": "GetScan", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/scans/{scanId}/logs": { "get": { "description": "Returns log output for a specific Insights scan. Supports two modes: when the 'job' parameter is provided, returns step-level logs with job/step offsets; otherwise, uses continuationToken and count for paginated log retrieval.", "operationId": "GetScanLogs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The scan identifier", "in": "path", "name": "scanId", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results. Used when the 'job' parameter is not provided.", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of log entries to return (must be between 1 and 500). Used when the 'job' parameter is not provided.", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } }, { "description": "When provided, switches to step-based log retrieval. Specifies the job number whose step logs to fetch.", "in": "query", "name": "job", "schema": { "format": "int64", "type": "integer" } }, { "description": "Byte offset within the step's log output. Used with the 'job' and 'step' parameters.", "in": "query", "name": "offset", "schema": { "format": "int64", "type": "integer" } }, { "description": "Step number within the specified job. Used with the 'job' parameter.", "in": "query", "name": "step", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeploymentLogsBase" } } }, "description": "successful operation" }, "400": { "description": "count must be less than 500 and more than 0" }, "404": { "description": "Account or Scan" } }, "summary": "GetScanLogs", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/tags": { "get": { "description": "Returns all tags for an Insights account as a key-value map.", "operationId": "GetInsightAccountTags", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetInsightAccountTagsResponse" } } }, "description": "successful operation" }, "404": { "description": "Account" } }, "summary": "GetInsightAccountTags", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "put": { "description": "Atomically replaces all tags for an Insights account with the provided key-value pairs. For AWS parent accounts, tag changes cascade to all child accounts.", "operationId": "SetInsightAccountTags", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SetInsightAccountTagsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid tag name or value" }, "403": { "description": "Tags on child accounts are managed by the parent account" }, "404": { "description": "Account" } }, "summary": "SetInsightAccountTags", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/teams": { "get": { "description": "Returns the teams that have been granted access to an Insights account.", "operationId": "ListInsightsAccountTeams", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListTeamsByInsightsAccountResponse" } } }, "description": "successful operation" } }, "summary": "ListInsightsAccountTeams", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/accounts/{accountName}/teams/{teamName}": { "patch": { "description": "Updates the permissions that a team has on an Insights account.", "operationId": "UpdateTeamInsightsAccountPermissions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The Insights account name", "in": "path", "name": "accountName", "required": true, "schema": { "type": "string" } }, { "description": "The team name", "in": "path", "name": "teamName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateTeamInsightsAccountPermissionsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "team does not exist on the account" } }, "summary": "UpdateTeamInsightsAccountPermissions", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/discovered-stacks/{projectName}": { "get": { "description": "Returns details for a discovered project, including its discovered stacks. Results are paginated; use the continuationToken from the response to fetch subsequent pages.", "operationId": "GetDiscoveredProject", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "Opaque token for fetching the next page of stacks", "in": "query", "name": "continuationToken", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetDiscoveredProjectResponse" } } }, "description": "OK" }, "404": { "description": "No discovered stacks found for this project" } }, "summary": "GetDiscoveredProject", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/discovered-stacks/{projectName}/{stackName}": { "get": { "description": "Returns details for a single discovered stack.", "operationId": "GetDiscoveredStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetDiscoveredStackResponse" } } }, "description": "OK" }, "404": { "description": "Discovered stack not found" } }, "summary": "GetDiscoveredStack", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/discovered-stacks/{projectName}/{stackName}/migration": { "delete": { "description": "Removes a migration annotation from a discovered resource. The resource is identified by its URN passed as a query parameter.", "operationId": "DeleteResourceMigrationAnnotation", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "URN of the resource to remove the annotation from", "in": "query", "name": "resourceUrn", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Discovered stack or annotation not found" } }, "summary": "DeleteResourceMigrationAnnotation", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "put": { "description": "Creates or updates a migration annotation on a discovered resource. The resource is identified by its URN in the request body. At least one of note or statusOverride must be non-empty; requests with both empty are rejected with 400. The statusOverride, if provided, must be Migrated or NotApplicable.", "operationId": "UpsertResourceMigrationAnnotation", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpsertResourceMigrationAnnotationRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid request" }, "404": { "description": "Discovered stack not found" } }, "summary": "UpsertResourceMigrationAnnotation", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/discovered-stacks/{projectName}/{stackName}/resources": { "get": { "description": "Returns the list of resources in a discovered stack, each annotated with a migrationStatus. When compareTo is provided, resource identities are matched against the target Pulumi stack.", "operationId": "ListDiscoveredStackResources", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The discovered stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "Pulumi stack to compare against in project/stack format. Must be in the same org.", "in": "query", "name": "compareTo", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListDiscoveredStackResourcesResponse" } } }, "description": "OK" }, "404": { "description": "Discovered stack not found" } }, "summary": "ListDiscoveredStackResources", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/import/code/generate": { "post": { "description": "Generates Pulumi code in the specified language to import discovered resources into a Pulumi stack.", "operationId": "GenerateImportCode", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InsightsImportCodeRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/InsightsImportCodeResponse" } } }, "description": "successful operation" }, "400": { "description": "Invalid language or URNs" } }, "summary": "GenerateImportCode", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/insightstrial/accept": { "put": { "description": "Accepts Insights billing charges for the specified organization, enabling metered billing for resource discovery.", "operationId": "AcceptInsightsBilling", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid request" } }, "summary": "AcceptInsightsBilling", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/insightstrial/deny": { "put": { "description": "Terminates the Insights trial for the organization and removes all associated accounts.", "operationId": "TerminateInsightsTrial", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid request" } }, "summary": "TerminateInsightsTrial", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/insightstrial/summary": { "get": { "description": "Returns a summary of the organization's Insights trial usage, including resource counts and remaining trial capacity.", "operationId": "GetInsightsTrialSummary", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TrialUsageSummary" } } }, "description": "successful operation" }, "400": { "description": "Invalid request" } }, "summary": "GetInsightsTrialSummary", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/insights/{orgName}/policy/stacks/{projectName}/{stackName}/updates/{version}/results": { "put": { "description": "Updates the policy evaluation results for a specific stack update version.", "operationId": "UpdateStackPolicyResults", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The stack update version number identifying a specific Pulumi update operation", "in": "path", "name": "version", "required": true, "schema": { "format": "int64", "type": "integer" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateStackPolicyResultsRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid 'version' parameter" }, "404": { "description": "Program Update" } }, "summary": "UpdateStackPolicyResults", "tags": [ "Insights", "InsightsAccounts" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/registry/packages": { "get": { "deprecated": true, "description": "Retrieves all registry packages accessible to the caller, with support for filtering, sorting, and pagination. No authentication is required, but authenticated requests may include additional usage statistics per package. Results can be filtered by package name, publisher, owning organization, sort field, and visibility level. Results are paginated with a default limit of 100 per page; use the continuationToken from the response to retrieve subsequent pages. Each entry in the response contains the full package metadata including name, publisher, source, version, title, description, repository URL, category, featured status, package types, maturity status, readme URL, schema URL, creation timestamp, and visibility.", "operationId": "ListPackages_preview", "parameters": [ { "description": "When true, sort results in ascending order", "in": "query", "name": "asc", "schema": { "type": "boolean" } }, { "description": "Pagination token for retrieving the next page of results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Results per page (default: 100)", "in": "query", "name": "limit", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter by specific package name", "in": "query", "name": "name", "schema": { "type": "string" } }, { "description": "Filter by owning organization", "in": "query", "name": "orgLogin", "schema": { "type": "string" } }, { "description": "Filter by publisher organization", "in": "query", "name": "publisher", "schema": { "type": "string" } }, { "description": "Sort field for results", "in": "query", "name": "sort", "schema": { "type": "string" } }, { "description": "Filter by visibility level", "in": "query", "name": "visibility", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPackagesResponse" } } }, "description": "OK" }, "400": { "description": "Bad continuationToken" } }, "summary": "ListPackages", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/registry/packages/{source}/{publisher}/{name}/versions": { "post": { "deprecated": true, "description": "Initiates the first step of a two-phase package version publish workflow. This creates a publish transaction and returns an operationID along with pre-signed upload URLs for the package artifacts (schema, index, and installationConfiguration). The caller must upload all required artifacts to the provided URLs and then call the PostPublishPackageVersionComplete endpoint with the operationID to finalize the publish. The request body must include the semantic version to publish. Returns 202 Accepted with the operation details, 404 if the source does not exist, or 409 if the specified version already exists.", "operationId": "PostPublishPackageVersion_preview", "parameters": [ { "description": "The package source: 'pulumi', 'opentofu', or 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the package", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The package name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StartPackagePublishRequest" } } }, "x-originalParamName": "body" }, "responses": { "202": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StartPackagePublishResponse" } } }, "description": "Accepted" }, "404": { "description": "Source" }, "409": { "description": "Version already exists" } }, "summary": "PostPublishPackageVersion", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/registry/packages/{source}/{publisher}/{name}/versions/{version}": { "delete": { "deprecated": true, "description": "Removes a specific version of a package from the registry. The package is identified by its source (e.g. 'pulumi', 'opentofu', or 'private'), publisher organization, name, and semantic version. Requires the RegistryPublish permission on the publisher organization. Returns 204 No Content on success.", "operationId": "DeletePublishPackageVersion_preview", "parameters": [ { "description": "The package source: 'pulumi', 'opentofu', or 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the package", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The package name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the package version to delete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeletePublishPackageVersion", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "get": { "deprecated": true, "description": "Retrieves metadata for a specific version of a registry package. The package is identified by its source, publisher organization, and name. The version parameter accepts either a specific semantic version string or the special value 'latest' to retrieve the most recently published version. The response includes the package's name, publisher, version, title, description, repository URL, category, featured status, package types, maturity status, readme URL, schema URL, plugin download URL, creation timestamp, visibility, parameterization details, and usage statistics (when the caller is authenticated). Returns 404 if the specified package version does not exist.", "operationId": "GetPackageVersion_preview", "parameters": [ { "description": "The package source: 'pulumi', 'opentofu', or 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the package", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The package name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string or 'latest'", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PackageMetadata" } } }, "description": "OK" }, "404": { "description": "package version" } }, "summary": "GetPackageVersion", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/registry/packages/{source}/{publisher}/{name}/versions/{version}/complete": { "post": { "deprecated": true, "description": "Finalizes the second step of the two-phase package version publish workflow. After initiating a publish with PostPublishPackageVersion and uploading all required artifacts (schema, index, installationConfiguration) to the pre-signed URLs, call this endpoint with the operationID to complete the publish. The service validates that all artifacts were uploaded successfully before making the version available in the registry. Returns 201 Created on success, 400 for a bad request (e.g. missing artifacts), 404 if the publish operation is not found, or 409 if the version already exists.", "operationId": "PostPublishPackageVersionComplete_preview", "parameters": [ { "description": "The package source: 'pulumi', 'opentofu', or 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the package", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The package name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the package version to complete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublishPackageVersionCompleteRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublishPackageVersionCompleteResponse" } } }, "description": "Created" }, "400": { "description": "Bad request" }, "404": { "description": "Publish Operation" }, "409": { "description": "Version already exists" } }, "summary": "PostPublishPackageVersionComplete", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/registry/policypacks": { "get": { "deprecated": true, "description": "Lists all policy packs accessible to the calling user for a given organization. The orgLogin query parameter is required and restricts results to policy packs owned by that organization. Results can optionally be filtered by access level. No authentication is required. Returns 400 if the policy pack access filter value is invalid. This is the deprecated GET variant; prefer the POST ListPolicyPacks endpoint instead.", "operationId": "ListPolicyPacks_preview_registry", "parameters": [ { "description": "Filter by access level", "in": "query", "name": "access", "schema": { "type": "string" } }, { "description": "Required. Filter by owning organization", "in": "query", "name": "orgLogin", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPolicyPacksResponse" } } }, "description": "OK" }, "400": { "description": "Policy pack access is not valid" } }, "summary": "ListPolicyPacks", "tags": [ "RegistryPreview", "PolicyPacks" ], "x-pulumi-route-property": { "Deprecated": true, "SupersededBy": "ListPolicyPacks_preview_registry_post", "Visibility": "Preview" } }, "post": { "description": "Lists all policy packs accessible to the calling user, with support for filtering by access level, organization, and specific policy pack IDs. The request body accepts an optional orgLogin to scope results to a specific organization, an optional access level filter (defaults to 'enabled'), and an optional list of policy pack IDs to restrict the results to specific packs. No authentication is required. Returns 400 if the access filter value is invalid.", "operationId": "ListPolicyPacks_preview_registry_post", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPolicyPacksRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPolicyPacksResponse" } } }, "description": "OK" }, "400": { "description": "Policy pack access is not valid" } }, "summary": "ListPolicyPacks", "tags": [ "RegistryPreview", "PolicyPacks" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/registry/policypacks/{source}/{publisher}/{name}": { "delete": { "description": "Deletes a policy pack and all of its versions from the registry. The policy pack is identified by its source (currently only 'private'), publisher organization, and name. This is a destructive operation that permanently removes the policy pack and all associated version data. Requires the RegistryPublish permission on the publisher organization. Returns 404 if the policy pack does not exist.", "operationId": "DeletePolicyPack_preview_registry_policypacks", "parameters": [ { "description": "The policy pack source: 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the policy pack", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "responses": { "404": { "description": "Policy pack not found" } }, "summary": "DeletePolicyPack", "tags": [ "RegistryPreview", "PolicyPacks" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/registry/policypacks/{source}/{publisher}/{name}/versions": { "get": { "description": "Lists all versions of a specific policy pack. The policy pack is identified by its source (currently only 'private'), publisher organization, and name. The response includes a list of policy pack version metadata and an optional continuationToken for pagination. Returns 404 if the policy pack does not exist.", "operationId": "ListPolicyPackVersions", "parameters": [ { "description": "The policy pack source: 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the policy pack", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPolicyPacksResponse" } } }, "description": "OK" }, "404": { "description": "error getting Registry Policy Pack" } }, "summary": "ListPolicyPackVersions", "tags": [ "RegistryPreview", "PolicyPacks" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "post": { "description": "Initiates the first step of a two-phase policy pack version publish workflow. The policy pack is identified by its source (currently only 'private'), publisher organization, and name. This creates a publish transaction that must be completed by calling PostPublishPolicyPackVersionComplete. Requires the RegistryPublish permission on the publisher organization. Returns 404 if the policy pack is not found.", "operationId": "PostPublishPolicyPackVersion", "parameters": [ { "description": "The policy pack source: 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the policy pack", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "responses": { "404": { "description": "Policy pack not found" } }, "summary": "PostPublishPolicyPackVersion", "tags": [ "RegistryPreview", "PolicyPacks" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/registry/policypacks/{source}/{publisher}/{name}/versions/{version}": { "delete": { "description": "Deletes a specific version of a policy pack from the registry. The policy pack version is identified by its source (currently only 'private'), publisher organization, name, and semantic version string. Requires the RegistryPublish permission on the publisher organization. Returns 404 if the specified policy pack version does not exist.", "operationId": "DeletePolicyPack_preview_registry_policypacks_versions", "parameters": [ { "description": "The policy pack source: 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the policy pack", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the policy pack version to delete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "404": { "description": "Policy pack not found" } }, "summary": "DeletePolicyPack", "tags": [ "RegistryPreview", "PolicyPacks" ], "x-pulumi-route-property": { "Visibility": "Preview" } }, "get": { "description": "Retrieves detailed information about a specific version of a policy pack, including the individual policy definitions. The policy pack is identified by its source (currently only 'private'), publisher organization, and name. The version parameter accepts either a specific semantic version string or the special value 'latest' to retrieve the most recently published version. The response includes the policy pack metadata and an optional list of policies, where each policy includes its configuration schema and enforcement rules. Returns 404 if the specified policy pack does not exist.", "operationId": "GetPolicyPackVersion", "parameters": [ { "description": "The policy pack source: 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the policy pack", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string or 'latest'", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetRegistryPolicyPackVersionResponse" } } }, "description": "OK" }, "404": { "description": "Policy Pack" } }, "summary": "GetPolicyPackVersion", "tags": [ "RegistryPreview", "PolicyPacks" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/registry/policypacks/{source}/{publisher}/{name}/versions/{version}/complete": { "post": { "description": "Finalizes the second step of the two-phase policy pack version publish workflow. After initiating a publish with PostPublishPolicyPackVersion, call this endpoint with the policy pack source, publisher, name, and version to complete the publish and make the version available in the registry. Requires the RegistryPublish permission on the publisher organization. Returns 404 if the publish operation is not found.", "operationId": "PostPublishPolicyPackVersionComplete", "parameters": [ { "description": "The policy pack source: 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the policy pack", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The policy pack name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the policy pack version to complete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "404": { "description": "Publish operation not found" } }, "summary": "PostPublishPolicyPackVersionComplete", "tags": [ "RegistryPreview", "PolicyPacks" ], "x-pulumi-route-property": { "Visibility": "Preview" } } }, "/api/preview/registry/templates": { "get": { "deprecated": true, "description": "Lists registry-backed templates with optional filtering, search, and pagination. This endpoint returns only registry-backed templates and does not include VCS-backed templates (those sourced from GitHub or GitLab repositories). No authentication is required. Results can be filtered by template name and owning organization (orgLogin). The search parameter performs case-insensitive partial matching against the template name, display name, description, metadata values, and runtime language. Results are paginated with a default limit of 100 per page; use the continuationToken from the response to retrieve subsequent pages. Each entry in the response includes the template's name, publisher, source, display name, description, runtime, language, readme URL, download URL, visibility, and updated timestamp.", "operationId": "ListTemplates_preview", "parameters": [ { "description": "Pagination token for retrieving the next page of results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Maximum number of results to return (default: 100)", "in": "query", "name": "limit", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter by specific template name", "in": "query", "name": "name", "schema": { "type": "string" } }, { "description": "Filter by owning organization", "in": "query", "name": "orgLogin", "schema": { "type": "string" } }, { "description": "Search query matching template name, display name, description, metadata values, or runtime language. Multiple space-separated terms require all terms to match (AND semantics).", "in": "query", "name": "search", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListTemplatesResponse" } } }, "description": "OK" }, "400": { "description": "Bad continuationToken" } }, "summary": "ListTemplates", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/registry/templates/{source}/{publisher}/{name}/versions": { "post": { "deprecated": true, "description": "Initiates the first step of a two-phase template version publish workflow. This creates a publish transaction and returns an operationID along with a pre-signed upload URL for the template archive. The source must be 'private'. The caller must upload the template archive (a gzip-compressed tar file containing a root-level Pulumi.yaml with a template section, and optionally a README.md) to the provided URL, then call PostPublishTemplateVersionComplete with the operationID to finalize the publish. The request body must include the semantic version to publish. Returns 202 Accepted with the operation details, or 404 if the source does not exist.", "operationId": "PostPublishTemplateVersion_preview", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StartTemplatePublishRequest" } } }, "x-originalParamName": "body" }, "responses": { "202": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StartTemplatePublishResponse" } } }, "description": "Accepted" }, "404": { "description": "Source" } }, "summary": "PostPublishTemplateVersion", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/registry/templates/{source}/{publisher}/{name}/versions/{version}": { "delete": { "deprecated": true, "description": "Removes a specific version of a template from the registry. The template is identified by its source (e.g. 'private', 'github', or 'gitlab'), publisher organization, name, and semantic version. If this is the last remaining version of the template, the 'force' query parameter must be set to true; doing so will also delete the template itself. Returns 204 No Content on success, or 400 if an invalid query parameter is provided.", "operationId": "DeleteTemplateVersion_preview", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the template version to delete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "When true, allows deletion of the final remaining template version", "in": "query", "name": "force", "schema": { "type": "boolean" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid query parameter" } }, "summary": "DeleteTemplateVersion", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } }, "get": { "deprecated": true, "description": "Retrieves metadata for a specific version of a registry template. The template is identified by its source (e.g. 'private', 'github', or 'gitlab'), publisher organization, and name. The version parameter accepts either a specific semantic version string or the special value 'latest' to retrieve the most recent version. The response includes the template's name, display name, description, runtime information, language, readme URL, download URL (a pre-signed URL valid for at least 5 minutes for retrieving the .tar.gz archive), repository slug (for VCS-backed templates), visibility, updated timestamp, metadata, and configuration values. Returns 400 if a specific version is provided for VCS-backed templates (which do not support versioning), or 404 if the template version does not exist.", "operationId": "GetTemplateVersion_preview", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string or 'latest'", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetTemplateResponse" } } }, "description": "OK" }, "400": { "description": "version cannot be specified for VCS-backed templates" }, "404": { "description": "template version" } }, "summary": "GetTemplateVersion", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/preview/registry/templates/{source}/{publisher}/{name}/versions/{version}/complete": { "post": { "deprecated": true, "description": "Finalizes the second step of the two-phase template version publish workflow. After initiating a publish with PostPublishTemplateVersion and uploading the template archive (.tar.gz) to the pre-signed URL, call this endpoint with the operationID to complete the publish. The service validates that the archive was uploaded successfully before making the version available in the registry. Once complete, the template becomes available to the publisher's organization. Returns 201 Created on success, 400 for invalid operation state, 404 if the publish operation is not found, or 409 if the version already exists.", "operationId": "PostPublishTemplateVersionComplete_preview", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the template version to complete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublishTemplateVersionCompleteRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublishTemplateVersionCompleteResponse" } } }, "description": "Created" }, "400": { "description": "Operation" }, "404": { "description": "Publish Operation" }, "409": { "description": "Version already exists" } }, "summary": "PostPublishTemplateVersionComplete", "tags": [ "RegistryPreview" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Preview" } } }, "/api/projects/{orgName}/{projectName}/batch-decrypt": { "post": { "description": "BatchDecryptProjectValue works just like BatchDecryptValueHandler, but using the project's encryption key instead of the stack's", "operationId": "BatchDecryptProjectValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "type": "object" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppBatchDecryptResponse" } } }, "description": "OK" }, "404": { "description": "project" } }, "summary": "BatchDecryptProjectValue", "tags": [ "Organizations" ] } }, "/api/projects/{orgName}/{projectName}/decrypt": { "post": { "description": "DecryptProjectValue works just like DecryptValueHandler, but using the project's encryption key instead of the stack's", "operationId": "DecryptProjectValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "type": "object" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppDecryptValueResponse" } } }, "description": "OK" }, "404": { "description": "project" } }, "summary": "DecryptProjectValue", "tags": [ "Organizations" ] } }, "/api/projects/{orgName}/{projectName}/encrypt": { "post": { "description": "EncryptProjectValue encrypts a value using the project's key. The request body contains the base64\nencoded value to be encrypted.", "operationId": "EncryptProjectValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "type": "object" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEncryptValueResponse" } } }, "description": "OK" }, "404": { "description": "project" } }, "summary": "EncryptProjectValue", "tags": [ "Organizations" ] } }, "/api/registry/packages": { "get": { "description": "Retrieves all registry packages accessible to the caller, with support for filtering, sorting, and pagination. No authentication is required, but authenticated requests may include additional usage statistics per package. Results can be filtered by package name, publisher, owning organization, package type, usage, search query, and visibility level. The sort parameter controls the ordering of results, and the asc parameter toggles ascending vs. descending order. Results are paginated with a default limit of 100 per page; use the continuationToken from the response to retrieve subsequent pages. Each entry in the response contains the full package metadata including name, publisher, source, version, title, description, repository URL, category, featured status, package types, maturity status, readme URL, schema URL, creation timestamp, and visibility.", "operationId": "ListPackages", "parameters": [ { "description": "When true, sort results in ascending order", "in": "query", "name": "asc", "schema": { "type": "boolean" } }, { "description": "Pagination token for retrieving the next page of results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Results per page (default: 100)", "in": "query", "name": "limit", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter by specific package name", "in": "query", "name": "name", "schema": { "type": "string" } }, { "description": "Filter by owning organization", "in": "query", "name": "orgLogin", "schema": { "type": "string" } }, { "description": "Filter by package type", "in": "query", "name": "packageType", "schema": { "type": "string" } }, { "description": "Filter by publisher organization", "in": "query", "name": "publisher", "schema": { "type": "string" } }, { "description": "Search query string", "in": "query", "name": "search", "schema": { "type": "string" } }, { "description": "Sort field for results", "in": "query", "name": "sort", "schema": { "type": "string" } }, { "description": "Filter by usage type", "in": "query", "name": "usage", "schema": { "type": "string" } }, { "description": "Filter by visibility level", "in": "query", "name": "visibility", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListPackagesResponse" } } }, "description": "OK" }, "400": { "description": "Bad continuationToken" } }, "summary": "ListPackages", "tags": [ "Registry" ] } }, "/api/registry/packages/{source}/{publisher}/{name}/versions": { "post": { "description": "Initiates the first step of a two-phase package version publish workflow. This creates a publish transaction and returns an operationID along with pre-signed upload URLs for the package artifacts (schema, index, and installationConfiguration). The caller must upload all required artifacts to the provided URLs and then call the PostPublishPackageVersionComplete endpoint with the operationID to finalize the publish. The request body must include the semantic version to publish. Returns 202 Accepted with the operation details, 404 if the source does not exist, or 409 if the specified version already exists.", "operationId": "PostPublishPackageVersion", "parameters": [ { "description": "The package source: 'pulumi', 'opentofu', or 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the package", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The package name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StartPackagePublishRequest" } } }, "x-originalParamName": "body" }, "responses": { "202": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StartPackagePublishResponse" } } }, "description": "Accepted" }, "404": { "description": "Source" }, "409": { "description": "Version already exists" } }, "summary": "PostPublishPackageVersion", "tags": [ "Registry" ] } }, "/api/registry/packages/{source}/{publisher}/{name}/versions/{version}": { "delete": { "description": "Removes a specific version of a package from the registry. The package is identified by its source (e.g. 'pulumi', 'opentofu', or 'private'), publisher organization, name, and semantic version. Requires the RegistryPublish permission on the publisher organization. Returns 204 No Content on success.", "operationId": "DeletePublishPackageVersion", "parameters": [ { "description": "The package source: 'pulumi', 'opentofu', or 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the package", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The package name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the package version to delete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeletePublishPackageVersion", "tags": [ "Registry" ] }, "get": { "description": "Retrieves metadata for a specific version of a registry package. The package is identified by its source, publisher organization, and name. The version parameter accepts either a specific semantic version string or the special value 'latest' to retrieve the most recently published version. The response includes the package's name, publisher, version, title, description, repository URL, category, featured status, package types, maturity status, readme URL, schema URL, plugin download URL, creation timestamp, visibility, parameterization details, and usage statistics (when the caller is authenticated). Returns 404 if the specified package version does not exist.", "operationId": "GetPackageVersion", "parameters": [ { "description": "The package source: 'pulumi', 'opentofu', or 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the package", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The package name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string or 'latest'", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PackageMetadata" } } }, "description": "OK" }, "404": { "description": "package version" } }, "summary": "GetPackageVersion", "tags": [ "Registry" ] } }, "/api/registry/packages/{source}/{publisher}/{name}/versions/{version}/complete": { "post": { "description": "Finalizes the second step of the two-phase package version publish workflow. After initiating a publish with PostPublishPackageVersion and uploading all required artifacts (schema, index, installationConfiguration) to the pre-signed URLs, call this endpoint with the operationID to complete the publish. The service validates that all artifacts were uploaded successfully before making the version available in the registry. Returns 201 Created on success, 400 for a bad request (e.g. missing artifacts), 404 if the publish operation is not found, or 409 if the version already exists.", "operationId": "PostPublishPackageVersionComplete", "parameters": [ { "description": "The package source: 'pulumi', 'opentofu', or 'private'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the package", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The package name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the package version to complete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublishPackageVersionCompleteRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublishPackageVersionCompleteResponse" } } }, "description": "Created" }, "400": { "description": "Bad request" }, "404": { "description": "Publish Operation" }, "409": { "description": "Version already exists" } }, "summary": "PostPublishPackageVersionComplete", "tags": [ "Registry" ] } }, "/api/registry/templates": { "get": { "description": "Lists registry-backed templates with optional filtering, search, and pagination. This endpoint returns only registry-backed templates and does not include VCS-backed templates (those sourced from GitHub or GitLab repositories). No authentication is required. Results can be filtered by template name and owning organization (orgLogin). The search parameter performs case-insensitive partial matching against the template name, display name, description, metadata values, and runtime language. Results are paginated with a default limit of 100 per page; use the continuationToken from the response to retrieve subsequent pages. Each entry in the response includes the template's name, publisher, source, display name, description, runtime, language, readme URL, download URL, visibility, and updated timestamp.", "operationId": "ListTemplates", "parameters": [ { "description": "Pagination token for retrieving the next page of results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Maximum number of results to return (default: 100)", "in": "query", "name": "limit", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter by specific template name", "in": "query", "name": "name", "schema": { "type": "string" } }, { "description": "Filter by owning organization", "in": "query", "name": "orgLogin", "schema": { "type": "string" } }, { "description": "Search query matching template name, display name, description, metadata values, or runtime language. Multiple space-separated terms require all terms to match (AND semantics).", "in": "query", "name": "search", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListTemplatesResponse" } } }, "description": "OK" }, "400": { "description": "Bad continuationToken" } }, "summary": "ListTemplates", "tags": [ "Registry" ] } }, "/api/registry/templates/{source}/{publisher}/{name}/versions": { "get": { "description": "Lists all versions of a specific template, ordered by version descending (latest first). The template is identified by its source, publisher organization, and name. Results are paginated with a default limit of 100 per page. Use the continuationToken from the response to retrieve subsequent pages. Each entry in the response contains the template version metadata. Returns 400 for an invalid continuationToken or 404 if the template does not exist.", "operationId": "ListTemplateVersions", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Pagination token for retrieving the next page of results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Maximum number of results to return (default: 100)", "in": "query", "name": "limit", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListTemplateVersionsResponse" } } }, "description": "OK" }, "400": { "description": "Bad continuationToken" }, "404": { "description": "template" } }, "summary": "ListTemplateVersions", "tags": [ "Registry" ] }, "post": { "description": "Initiates the first step of a two-phase template version publish workflow. This creates a publish transaction and returns an operationID along with a pre-signed upload URL for the template archive. The source must be 'private'. The caller must upload the template archive (a gzip-compressed tar file containing a root-level Pulumi.yaml with a template section, and optionally a README.md) to the provided URL, then call PostPublishTemplateVersionComplete with the operationID to finalize the publish. The request body must include the semantic version to publish. Returns 202 Accepted with the operation details, or 404 if the source does not exist.", "operationId": "PostPublishTemplateVersion", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StartTemplatePublishRequest" } } }, "x-originalParamName": "body" }, "responses": { "202": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StartTemplatePublishResponse" } } }, "description": "Accepted" }, "404": { "description": "Source" } }, "summary": "PostPublishTemplateVersion", "tags": [ "Registry" ] } }, "/api/registry/templates/{source}/{publisher}/{name}/versions/{version}": { "delete": { "description": "Removes a specific version of a template from the registry. The template is identified by its source (e.g. 'private', 'github', or 'gitlab'), publisher organization, name, and semantic version. If this is the last remaining version of the template, the 'force' query parameter must be set to true; doing so will also delete the template itself. Returns 204 No Content on success, or 400 if an invalid query parameter is provided.", "operationId": "DeleteTemplateVersion", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the template version to delete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } }, { "description": "When true, allows deletion of the final remaining template version", "in": "query", "name": "force", "schema": { "type": "boolean" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid query parameter" } }, "summary": "DeleteTemplateVersion", "tags": [ "Registry" ] }, "get": { "description": "Retrieves metadata for a specific version of a registry template. The template is identified by its source (e.g. 'private', 'github', or 'gitlab'), publisher organization, and name. The version parameter accepts either a specific semantic version string or the special value 'latest' to retrieve the most recent version. The response includes the template's name, display name, description, runtime information, language, readme URL, download URL (a pre-signed URL valid for at least 5 minutes for retrieving the .tar.gz archive), repository slug (for VCS-backed templates), visibility, updated timestamp, metadata, and configuration values. Returns 400 if a specific version is provided for VCS-backed templates (which do not support versioning), or 404 if the template version does not exist.", "operationId": "GetTemplateVersion", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string or 'latest'", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetTemplateResponse" } } }, "description": "OK" }, "400": { "description": "version cannot be specified for VCS-backed templates" }, "404": { "description": "template version" } }, "summary": "GetTemplateVersion", "tags": [ "Registry" ] } }, "/api/registry/templates/{source}/{publisher}/{name}/versions/{version}/complete": { "post": { "description": "Finalizes the second step of the two-phase template version publish workflow. After initiating a publish with PostPublishTemplateVersion and uploading the template archive (.tar.gz) to the pre-signed URL, call this endpoint with the operationID to complete the publish. The service validates that the archive was uploaded successfully before making the version available in the registry. Once complete, the template becomes available to the publisher's organization. Returns 201 Created on success, 400 for invalid operation state, 404 if the publish operation is not found, or 409 if the version already exists.", "operationId": "PostPublishTemplateVersionComplete", "parameters": [ { "description": "The template source: 'private', 'github', or 'gitlab'", "in": "path", "name": "source", "required": true, "schema": { "type": "string" } }, { "description": "Organization that owns the template", "in": "path", "name": "publisher", "required": true, "schema": { "type": "string" } }, { "description": "The template name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } }, { "description": "Semantic version string of the template version to complete", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublishTemplateVersionCompleteRequest" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PublishTemplateVersionCompleteResponse" } } }, "description": "Created" }, "400": { "description": "Operation" }, "404": { "description": "Publish Operation" }, "409": { "description": "Version already exists" } }, "summary": "PostPublishTemplateVersionComplete", "tags": [ "Registry" ] } }, "/api/stacks/{orgName}/{projectName}": { "head": { "description": "Checks whether a project exists within an organization. Returns 200 with the project name if it exists, or 404 if not found. This is a lightweight existence check useful for validating project names before creating stacks or performing other operations.", "operationId": "ProjectExists", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "string" } } }, "description": "OK" }, "404": { "description": "Project" } }, "summary": "ProjectExists", "tags": [ "Organizations" ] }, "post": { "description": "Creates a new stack within a project in the organization. If the project does not exist, it will be created. A stack is an isolated, independently configurable instance of a Pulumi program, typically representing a deployment environment (e.g., development, staging, production). The stack name must be unique within the project.\n\nThe optional `config` object supports:\n- `environment`: reference to an ESC environment for storing stack configuration (must not already exist)\n- `secretsProvider`: the secrets provider for the stack\n- `encryptedKey`: KMS-encrypted ciphertext for the data key (cloud-based secrets providers only)\n- `encryptionSalt`: base64-encoded encryption salt (passphrase-based secrets providers only)", "operationId": "CreateStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCreateStackRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCreateStackResponse" } } }, "description": "OK" } }, "summary": "CreateStack", "tags": [ "Organizations" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}": { "delete": { "description": "Removes a stack from Pulumi Cloud. By default, the stack must have no resources remaining; attempting to delete a stack that still manages resources will fail. Use the 'force' query parameter set to true to override this check and force deletion even when resources remain. The deletion is a soft-delete that hides the stack from normal queries. Returns 204 with no content on success.", "operationId": "DeleteStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "When true, forces deletion even if the stack still has resources", "in": "query", "name": "force", "schema": { "type": "boolean" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "invalid query parameter" } }, "summary": "DeleteStack", "tags": [ "Stacks" ] }, "get": { "description": "Retrieves detailed information about a specific stack, including its organization, project, and stack name, the current version number, all associated tags, any active update operations (with the operation kind, author, and start time), and the active update UUID. This is the primary endpoint for inspecting the current state and metadata of a stack.", "operationId": "GetStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStack" } } }, "description": "OK" } }, "summary": "GetStack", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/activity": { "get": { "description": "Returns the activity history for a stack, including updates, configuration changes, and other operations. Supports pagination via page and pageSize parameters (page 0 returns all results). Returns 400 if the page parameter is invalid.", "operationId": "GetStackActivity", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "Page number for paginated results (0-indexed, where 0 returns all results)", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Number of results per page (must be \u003e= 1 when page \u003e 0)", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackActivityResponse" } } }, "description": "OK" }, "400": { "description": "Invalid 'page' value." } }, "summary": "GetStackActivity", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/annotations/{kind}": { "get": { "description": "Retrieves an annotation for a stack, identified by the annotation kind. Annotations are structured metadata that can be attached to stacks for purposes such as compliance tracking, custom metadata, or integration data. The optional 'source' and 'version' query parameters allow filtering by annotation source and specific version. Returns 404 if the annotation does not exist.", "operationId": "GetStacksAnnotation", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The annotation kind", "in": "path", "name": "kind", "required": true, "schema": { "type": "string" } }, { "description": "The annotation source", "in": "query", "name": "source", "schema": { "type": "string" } }, { "description": "The annotation version number, used for filtering by a specific version", "in": "query", "name": "version", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "404": { "description": "Annotation" } }, "summary": "GetStacksAnnotation", "tags": [ "Stacks" ] }, "patch": { "description": "Creates or updates an annotation for a stack, identified by the annotation kind. Annotations are structured metadata that can be attached to stacks. The 'version' query parameter supports optimistic concurrency control: if provided, the update only succeeds if the current annotation version matches. Returns 409 if the annotation has changed since it was read (version conflict).", "operationId": "UpsertStacksAnnotations", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The annotation kind", "in": "path", "name": "kind", "required": true, "schema": { "type": "string" } }, { "description": "The annotation source", "in": "query", "name": "source", "schema": { "type": "string" } }, { "description": "The expected annotation version for optimistic concurrency control", "in": "query", "name": "version", "schema": { "format": "int64", "type": "integer" } } ], "requestBody": { "content": { "application/json": { "schema": { "type": "object" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "409": { "description": "the annotation has changed since it was read" } }, "summary": "UpsertStacksAnnotations", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/batch-decrypt": { "post": { "description": "Decrypts a set of secret values in a single request using the stack's encryption key. The request body contains an array of base64-encoded ciphertexts. The response maps each ciphertext to its decrypted plaintext value. This is a more efficient alternative to calling the single-value decrypt endpoint multiple times. Returns 400 if the request body is invalid or if message authentication fails. Returns 413 if the request body exceeds the maximum allowed content size.", "operationId": "BatchDecryptValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppBatchDecryptRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppBatchDecryptResponse" } } }, "description": "OK" }, "400": { "description": "body must be a JSON object or only \"ciphertexts\" valid within request body or ciphertexts was not an array or invalid base64 encoding or Message authentication failed" }, "404": { "description": "Not found" }, "413": { "description": "Content Too Large" } }, "summary": "BatchDecryptValue", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/batch-encrypt": { "post": { "description": "Encrypts a set of plaintext values in a single request using the stack's encryption key. This is a more efficient alternative to calling the single-value encrypt endpoint multiple times. The response contains a map of the original plaintext values to their corresponding base64-encoded ciphertexts. Returns 413 if the request body exceeds the maximum allowed content size.", "operationId": "BatchEncryptValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppBatchEncryptRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppBatchEncryptResponse" } } }, "description": "OK" }, "413": { "description": "Request Content Too Large" } }, "summary": "BatchEncryptValue", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/collaborators": { "get": { "deprecated": true, "description": "Lists all collaborators for a stack, including their permission levels. This includes collaborators who have been invited but have not yet accepted their invitations. The response includes each collaborator's username and their permission level for the stack. This endpoint is deprecated.", "operationId": "ListStackPermissions", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListStackCollaboratorsResponse" } } }, "description": "OK" } }, "summary": "ListStackPermissions", "tags": [ "Stacks" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Public" } } }, "/api/stacks/{orgName}/{projectName}/{stackName}/collaborators/{userName}": { "delete": { "description": "Removes a specific user's direct permission to access a stack. This only removes permissions explicitly granted to the user; permissions inherited from team membership or organization-level defaults are not affected. Returns 404 if the user does not exist.", "operationId": "DeleteStackPermission", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The user name", "in": "path", "name": "userName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "User" } }, "summary": "DeleteStackPermission", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/config": { "delete": { "description": "Removes the service-managed configuration for a stack, including the secrets provider settings, encrypted key, encryption salt, and ESC environment reference. If stack configuration is returned by the API, it is used in place of the local stack config file (e.g. Pulumi.[stack].yaml). Deleting the config causes the CLI to fall back to the local config file. Returns 204 with no content on success.", "operationId": "DeleteStackConfig", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeleteStackConfig", "tags": [ "Stacks", "StackConfig" ] }, "get": { "description": "Retrieves the service-managed configuration for a stack. The response includes the ESC environment reference, secrets provider type, encrypted key, and encryption salt. If stack configuration is returned by the API, it is used in place of the local stack config file (e.g. Pulumi.[stack].yaml). Returns 404 if no service-managed configuration exists for the stack.", "operationId": "GetStackConfig", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStackConfig" } } }, "description": "OK" }, "404": { "description": "Stack Config" } }, "summary": "GetStackConfig", "tags": [ "Stacks", "StackConfig" ] }, "put": { "description": "Updates the service-managed configuration for a stack. The request body may include the ESC environment reference, secrets provider type, encrypted key, and encryption salt. If stack configuration is returned by the API, it is used in place of the local stack config file (e.g. Pulumi.[stack].yaml). Returns the updated configuration object. Returns 400 if the environment reference is invalid or not found.", "operationId": "UpdateStackConfig", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStackConfig" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStackConfig" } } }, "description": "OK" }, "400": { "description": "invalid environment or invalid environment version or environment not found" } }, "summary": "UpdateStackConfig", "tags": [ "Stacks", "StackConfig" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/decrypt": { "post": { "description": "Decrypts a single secret value using the stack's encryption key. The request body contains the base64-encoded ciphertext. The response contains the decrypted plaintext value. For decrypting multiple values in a single request, use the BatchDecryptValue endpoint instead. Returns 413 if the request body exceeds the maximum allowed content size.", "operationId": "DecryptValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppDecryptValueRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppDecryptValueResponse" } } }, "description": "OK" }, "413": { "description": "Request Content Too Large" } }, "summary": "DecryptValue", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/decrypt/log-batch-decryption": { "post": { "description": "Records an audit log entry for a batch decryption event performed by a third-party secrets provider. When stacks use external secrets providers (such as AWS KMS, Azure Key Vault, or HashiCorp Vault), decryption happens client-side; this endpoint allows the CLI to report that decryption occurred for audit tracking purposes.", "operationId": "LogOnlyBatchDecryptValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppLog3rdPartyDecryptionEvent" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "LogOnlyBatchDecryptValue", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/decrypt/log-decryption": { "post": { "description": "Records an audit log entry for a single-value decryption event performed by a third-party secrets provider. When stacks use external secrets providers (such as AWS KMS, Azure Key Vault, or HashiCorp Vault), decryption happens client-side; this endpoint allows the CLI to report that decryption occurred for audit tracking.", "operationId": "LogOnlyDecryptValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppLog3rdPartyDecryptionEvent" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "LogOnlyDecryptValue", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments": { "get": { "description": "Returns a paginated list of Pulumi Deployments executions for a specific stack. The response includes each deployment's ID, status, version, creation and modification timestamps, the requesting user, Pulumi operation type, job details with step-level progress, and associated stack update results. Use 'page' (minimum 1, default 1) and 'pageSize' (1-100, default 10) for pagination, 'sort' to specify the sort field, and 'asc' to control sort direction (default descending). The response also includes the total count of deployments for the stack.", "operationId": "ListStackDeploymentsHandlerV2", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "Sort in ascending order when true (default false)", "in": "query", "name": "asc", "schema": { "type": "boolean" } }, { "description": "Page number (min 1, default 1)", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Results per page (1-100, default 10)", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } }, { "description": "Field to sort results by", "in": "query", "name": "sort", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListDeploymentResponseV2" } } }, "description": "OK" }, "400": { "description": "Invalid query parameter" }, "404": { "description": "Run" } }, "summary": "ListStackDeploymentsHandlerV2", "tags": [ "Deployments" ] }, "post": { "description": "Initiates a new Pulumi Deployments execution for a stack. Pulumi Deployments is a managed service that executes Pulumi operations (update, preview, refresh, or destroy) in a secure, hosted environment.\n\n**Important:** The stack must already exist before a deployment can be created for it.\n\nThe `operation` field is required and accepts: `update`, `preview`, `refresh`, or `destroy`. Three usage modes are supported:\n1. **Stack settings only:** Send `{\"operation\": \"update\"}` to use the stack's saved deployment settings.\n2. **Merged settings:** Include partial settings in the request body alongside `operation`. When `inheritSettings` is true (the default), request settings are merged with saved stack settings, with request values taking precedence.\n3. **Request settings only:** Set `inheritSettings` to false and provide all settings in the request body.\n\nSettings include source context (git repo, branch, directory), operation context (environment variables, pre-run commands, OIDC configuration), executor context, GitHub integration settings, and cache options.\n\nThis is v2 with breaking changes from CreateAPIDeploymentHandler: inheritSettings defaults to true, and operation is a required top-level field and no longer valid as part of operationContext.", "operationId": "CreateAPIDeploymentHandlerV2", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateDeploymentRequest" } } }, "x-originalParamName": "body" }, "responses": { "202": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateDeploymentResponse" } } }, "description": "Accepted" }, "400": { "description": "Missing top level required field 'operation' or 'operation' must only be set at the top level or the agent pool specified in the deployment settings does not exist" }, "402": { "description": "Drift remediation requires Business Critical subscription" }, "404": { "description": "Stack" } }, "summary": "CreateAPIDeploymentHandlerV2", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/cache": { "delete": { "description": "Clears all cached dependency and build artifacts associated with the project for Pulumi Deployments. The deployment cache stores dependencies and other artifacts between deployment runs to speed up execution. Use this endpoint to force a clean build on the next deployment, for example when cached dependencies become stale or corrupted.", "operationId": "ClearProjectCache", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "403": { "description": "Forbidden" }, "404": { "description": "Stack" } }, "summary": "ClearProjectCache", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/cache/url": { "post": { "description": "Returns a presigned URL for saving or restoring the Pulumi Deployments dependency cache. The cache stores build artifacts and dependencies between deployment runs to speed up execution. The request body must specify a method (PUT to upload a cache archive, or GET to download one) and a non-empty cache key identifying the cached content. The returned presigned URL can be used directly for the corresponding HTTP operation against the object store without additional authentication.", "operationId": "GetPresignedCacheURL", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CacheURLRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CacheURLResponse" } } }, "description": "OK" }, "400": { "description": "Invalid method. Must be PUT or GET. or Invalid key. Must be non-empty." }, "403": { "description": "Forbidden" }, "404": { "description": "Stack" } }, "summary": "GetPresignedCacheURL", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/drift/schedules": { "post": { "description": "Creates a drift detection schedule for a stack using Pulumi Deployments. Drift detection identifies divergence between the declared infrastructure state in your Pulumi program and the actual state of resources in the cloud provider. The 'scheduleCron' field accepts a cron expression defining when drift detection should run (e.g. '0 */4 * * *' for every 4 hours). When 'autoRemediate' is set to true, a remediation update is automatically triggered to bring resources back into alignment with the declared state whenever drift is detected. Auto-remediation requires a Business Critical subscription. The stack must have deployment settings configured before a drift schedule can be created.", "operationId": "CreateScheduledDriftDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateScheduledDriftDeploymentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "400": { "description": "Stack does not have deployment settings configured" }, "402": { "description": "Drift remediation requires Business Critical subscription" }, "404": { "description": "ScheduledAction" } }, "summary": "CreateScheduledDriftDeployment", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/drift/schedules/{scheduleID}": { "post": { "description": "Updates the configuration of an existing drift detection schedule. The request body can modify the cron expression controlling when drift detection runs and the autoRemediate flag that determines whether detected drift is automatically corrected by running an update operation. Auto-remediation requires a Business Critical subscription. Only future executions are affected; past drift detection runs are not modified.", "operationId": "UpdateScheduledDriftDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule identifier", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateScheduledDriftDeploymentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "400": { "description": "Invalid schedule" }, "402": { "description": "Drift remediation requires Business Critical subscription" }, "404": { "description": "ScheduledAction or ScheduledDeployment" } }, "summary": "UpdateScheduledDriftDeployment", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/metadata": { "get": { "description": "Returns metadata about the Pulumi Deployments state for a specific stack. The response distinguishes the source of any pause:\n\n- `paused`: overall pause status (true if either stack or org is paused)\n- `stackPaused`: whether the stack itself is paused\n- `organizationPaused`: whether the containing organization is paused\n\nThis is useful for determining whether new deployments will be processed or held in the queue.", "operationId": "StackDeploymentsMetadata", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StackDeploymentsMetadataResponse" } } }, "description": "OK" } }, "summary": "StackDeploymentsMetadata", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/pause": { "post": { "description": "Pauses all future Pulumi Deployments executions for a specific stack. While paused, new deployments can still be queued and currently executing deployments will continue to run to completion. However, queued deployments will not be picked up for execution until deployments are resumed. The stack must have deployment settings configured before it can be paused. Requires stack deployment create permissions. Use the ResumeStackDeployments endpoint to resume processing.", "operationId": "PauseStackDeployments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "Attempted to pause or resume deployments on stack before it has been configured for deployments" } }, "summary": "PauseStackDeployments", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/resume": { "post": { "description": "Resumes Pulumi Deployments executions for a stack that was previously paused via PauseStackDeployments. Any queued deployments that accumulated while the stack was paused will begin processing. The stack must have deployment settings configured. Requires stack deployment create permissions.", "operationId": "ResumeStackDeployments", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "400": { "description": "Attempted to pause or resume deployments on stack before it has been configured for deployments" } }, "summary": "ResumeStackDeployments", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/schedules": { "get": { "description": "Returns all scheduled deployment actions configured for a stack. The response includes all schedule types: custom deployment schedules (cron-based recurring or one-time), drift detection schedules, and TTL (time-to-live) schedules. Each schedule in the response contains its ID, type, configuration (cron expression or timestamp), current status (active or paused), and the deployment request that will be executed on each run.", "operationId": "ListScheduledDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListScheduledActionsResponse" } } }, "description": "OK" }, "404": { "description": "Organization" } }, "summary": "ListScheduledDeployment", "tags": [ "Deployments", "Schedules" ] }, "post": { "description": "Creates a custom deployment schedule for a stack using Pulumi Deployments. Custom schedules allow you to automate recurring or one-time Pulumi operations on a stack. The request must include exactly one of 'scheduleCron' (a cron expression for recurring executions, e.g. '0 */4 * * *' for every 4 hours) or 'scheduleOnce' (an ISO 8601 timestamp for a one-time execution). The 'request' field contains the deployment configuration that will be executed on each scheduled run, including the Pulumi operation type and any settings overrides. The stack must have deployment settings configured before a schedule can be created.", "operationId": "CreateScheduledDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateScheduledDeploymentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "400": { "description": "Invalid definition for scheduled deployment or stack does not have deployment settings configured" } }, "summary": "CreateScheduledDeployment", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/schedules/{scheduleID}": { "delete": { "description": "Permanently deletes a scheduled deployment action from a stack. This removes the schedule configuration entirely and cannot be undone. The schedule will no longer execute any future runs. This endpoint is used for all schedule types (custom, drift detection, and TTL). To temporarily stop a schedule without deleting it, use the pause endpoint instead.", "operationId": "DeleteScheduledDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule identifier", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "404": { "description": "ScheduledDeployment" } }, "summary": "DeleteScheduledDeployment", "tags": [ "Deployments", "Schedules" ] }, "get": { "description": "Retrieves the full configuration and metadata for a specific scheduled deployment action. The response includes the schedule's ID, type (custom, drift, or TTL), timing configuration (cron expression or one-time timestamp), current status (active or paused), the deployment request that will be executed, and any type-specific fields such as autoRemediate for drift schedules or deleteAfterDestroy for TTL schedules.", "operationId": "ReadScheduledDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule identifier", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "404": { "description": "ScheduledAction" } }, "summary": "ReadScheduledDeployment", "tags": [ "Deployments", "Schedules" ] }, "post": { "description": "Updates the configuration of an existing custom deployment schedule. The request body can modify the timing (cron expression for recurring schedules or ISO 8601 timestamp for one-time schedules) and the deployment request that will be executed on each future run, including the Pulumi operation type and settings overrides. Only future executions are affected; past executions are not modified. The stack must have deployment settings configured.", "operationId": "UpdateScheduledDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule identifier", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateScheduledDeploymentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "400": { "description": "Stack does not have deployment settings configured" }, "404": { "description": "ScheduledDeployment or ScheduledAction" } }, "summary": "UpdateScheduledDeployment", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/schedules/{scheduleID}/history": { "get": { "description": "Returns the execution history for a specific scheduled deployment action. The response includes a chronological list of past schedule invocations and their outcomes, such as whether the triggered deployment succeeded, failed, or was skipped. This is useful for monitoring the reliability and results of recurring deployments, drift detection runs, or TTL schedule executions.", "operationId": "ListScheduledDeploymentHistory", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule identifier", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListScheduledActionHistoryResponse" } } }, "description": "OK" }, "404": { "description": "ScheduledDeployment or ScheduledAction" } }, "summary": "ListScheduledDeploymentHistory", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/schedules/{scheduleID}/pause": { "post": { "description": "Temporarily suspends future executions of a scheduled deployment action without deleting the schedule configuration. The schedule remains configured and can be reactivated at any time using the ResumeScheduledDeployment endpoint. This is useful for temporarily halting recurring schedules (drift detection, TTL, or custom) during maintenance periods or when troubleshooting issues.", "operationId": "PauseScheduledDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule identifier", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "404": { "description": "ScheduledDeployment or ScheduledAction" } }, "summary": "PauseScheduledDeployment", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/schedules/{scheduleID}/resume": { "post": { "description": "Reactivates a previously paused scheduled deployment action. After resuming, the schedule will continue executing according to its configured timing (cron expression for recurring schedules, or at the scheduled timestamp for one-time schedules). This works for all schedule types: custom deployment schedules, drift detection schedules, and TTL schedules.", "operationId": "ResumeScheduledDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule identifier", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "404": { "description": "ScheduledDeployment or ScheduledAction" } }, "summary": "ResumeScheduledDeployment", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/settings": { "delete": { "description": "Removes all Pulumi Deployments settings for a stack, including source context, operation context, executor context, GitHub integration settings, and cache options. After deletion, the stack can no longer run deployments until new settings are configured. Any active schedules (drift detection, TTL, or custom) associated with the stack may also be affected.", "operationId": "DeleteDeploymentSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "boolean" } } }, "description": "OK" }, "404": { "description": "Stack" } }, "summary": "DeleteDeploymentSettings", "tags": [ "Deployments" ] }, "get": { "description": "Retrieves the Pulumi Deployments configuration for a specified stack. The response includes all saved deployment settings: source context (git repository URL, branch, and directory), operation context (environment variables, pre-run commands, OIDC provider configuration), executor context (deployment executor configuration), GitHub integration settings (repository, paths, deployment triggers), and cache options for dependency caching between runs. These settings serve as the baseline configuration for deployments when inheritSettings is true on a deployment request. Returns 404 if the stack has no deployment settings configured.", "operationId": "GetDeploymentSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeploymentSettings" } } }, "description": "OK" }, "404": { "description": "Stack" } }, "summary": "GetDeploymentSettings", "tags": [ "Deployments" ] }, "post": { "description": "Creates or updates Pulumi Deployments settings for a stack using a merge operation. If no settings exist, they are created. If settings already exist, the request body is merged with the current settings using the following logic: for each property, start with the current value, remove it if the patch specifies null, or merge the new non-null value with the existing one. Non-object properties (strings, numbers, booleans) are replaced entirely. Settings include source context (git repository URL, branch, directory), operation context (environment variables, pre-run commands, OIDC configuration), executor context, GitHub integration settings, and cache options. Requires a Team Growth or higher subscription. Cannot be used to configure Pulumi Deployments for Terraform stacks.", "operationId": "PatchDeploymentSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeploymentSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeploymentSettings" } } }, "description": "OK" }, "400": { "description": "Invalid agent pool id or invalid role id or validation error or sourceContext.template.sourceUrl is required when using a template or Pulumi Deployments cannot be configured for Terraform stacks" }, "402": { "description": "Pulumi Deployments requires Team Growth subscription" }, "404": { "description": "Stack or project" } }, "summary": "PatchDeploymentSettings", "tags": [ "Deployments" ] }, "put": { "description": "Fully replaces the Pulumi Deployments settings for a stack. Unlike the PATCH endpoint (PatchDeploymentSettings) which merges changes, this endpoint replaces all settings with the provided values. Any previously configured settings not included in the request body will be removed. Settings include source context (git repository URL, branch, directory), operation context (environment variables, pre-run commands, OIDC configuration), executor context, GitHub integration settings, and cache options. Requires a Team Growth or higher subscription. Cannot be used to configure Pulumi Deployments for Terraform stacks.", "operationId": "ReplaceDeploymentSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeploymentSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeploymentSettings" } } }, "description": "OK" }, "400": { "description": "Invalid agent pool id or invalid role id or validation error or sourceContext.template.sourceUrl is required when using a template or Pulumi Deployments cannot be configured for Terraform stacks" }, "402": { "description": "Pulumi Deployments requires Team Growth subscription" }, "404": { "description": "Stack or project" } }, "summary": "ReplaceDeploymentSettings", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/settings/encrypt": { "post": { "description": "Encrypts a plaintext secret value for secure storage in Pulumi Deployments settings. Use this endpoint to encrypt sensitive values such as cloud provider credentials, API keys, or other secrets before including them in deployment settings (e.g. as environment variables in operationContext). The encrypted value can then be safely stored in the deployment settings and will be decrypted at deployment execution time. The request body must contain a non-empty plaintext value to encrypt.", "operationId": "EncryptDeploymentSettingsSecret", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SecretValue" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SecretValue" } } }, "description": "OK" }, "400": { "description": "Invalid empty value" }, "404": { "description": "Stack" } }, "summary": "EncryptDeploymentSettingsSecret", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/ttl/schedules": { "post": { "description": "Creates a TTL (time-to-live) schedule for a stack using Pulumi Deployments. TTL schedules automatically destroy a stack's cloud resources at a specified expiration time, which is useful for temporary or ephemeral infrastructure that should be cleaned up after a defined period. The 'timestamp' field must be an ISO 8601 formatted date-time (e.g. '2024-12-31T00:00:00.000Z') specifying when the destroy operation should execute. When 'deleteAfterDestroy' is set to true, the stack itself is also removed from Pulumi Cloud after its resources have been successfully destroyed. The stack must have deployment settings configured before a TTL schedule can be created.", "operationId": "CreateScheduledTTLDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateScheduledTTLDeploymentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "400": { "description": "Stack does not have deployment settings configured or timestamp needs to be set" }, "404": { "description": "ScheduledAction" } }, "summary": "CreateScheduledTTLDeployment", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/ttl/schedules/{scheduleID}": { "post": { "description": "Updates the configuration of an existing TTL (time-to-live) schedule. The request body can modify the destruction timestamp (ISO 8601 format) and the deleteAfterDestroy flag that controls whether the stack is also removed from Pulumi Cloud after its resources are successfully destroyed. The timestamp field is required and must be set to a valid future date-time.", "operationId": "UpdateScheduledTTLDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The schedule identifier", "in": "path", "name": "scheduleID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateScheduledTTLDeploymentRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScheduledAction" } } }, "description": "OK" }, "400": { "description": "Timestamp needs to be set" }, "404": { "description": "ScheduledAction or ScheduledDeployment" } }, "summary": "UpdateScheduledTTLDeployment", "tags": [ "Deployments", "Schedules" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/version/{version}": { "get": { "description": "Retrieves detailed information about a specific Pulumi Deployments execution by its version number within the stack. This is an alternative to fetching by deployment ID and returns the same response structure: deployment status, creation and modification timestamps, the user who requested the deployment, the Pulumi operation type, job details with step-level progress, and any associated stack update results.", "operationId": "GetDeployment_version", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The deployment version number", "in": "path", "name": "version", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetDeploymentResponse" } } }, "description": "OK" }, "404": { "description": "Deployment" } }, "summary": "GetDeployment", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/{deploymentId}": { "get": { "description": "Retrieves detailed information about a specific Pulumi Deployments execution by its deployment ID. The response includes the deployment's current status, creation and modification timestamps, version number, the user who requested the deployment, the Pulumi operation type (update, preview, refresh, or destroy), and detailed job information. Each job contains an array of steps with their individual statuses (not-started, running, succeeded, or failed), start times, and last update timestamps. The response also includes any associated stack update results with update IDs, versions, start/end times, and result status.", "operationId": "GetDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The deployment identifier", "in": "path", "name": "deploymentId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetDeploymentResponse" } } }, "description": "OK" }, "404": { "description": "Deployment" } }, "summary": "GetDeployment", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/{deploymentId}/cancel": { "post": { "description": "Terminates an in-progress Pulumi Deployments execution for a specific stack. If the deployment is currently running, it is stopped immediately. If the deployment is queued but has not yet started, it is removed from the queue.\n\n**Warning:** Canceling a deployment is a dangerous action and may leave the stack in an inconsistent state if the deployment is canceled during the execution of a Pulumi operation.\n\nNote that this serves two endpoints:\n- /{orgName}/{projectName}/{stackName}/deployments/{deploymentId}/cancel\n- /admin/deployments/{deploymentId}/cancel\n\nThe former requires that the requesting user has stack deployment create permissions. The latter requires that the requesting user is a site administrator.", "operationId": "CancelDeployment", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The deployment identifier", "in": "path", "name": "deploymentId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" }, "404": { "description": "Deployment or Queued Deployment" } }, "summary": "CancelDeployment", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/{deploymentId}/logs": { "get": { "description": "Retrieves execution logs for a Pulumi Deployments run. Supports two retrieval modes: streaming mode and step mode. In streaming mode, omit job/step parameters and use the continuationToken to incrementally fetch logs from the beginning through completion. Each response includes a nextToken field; continue requesting with this token until nextToken is absent, indicating all logs have been retrieved. In step mode, specify job and step indices to retrieve logs for a specific step within a specific job, with offset and count parameters for pagination within that step's logs. In step mode, count must be between 1 and 499 (default 100), and the response includes a nextOffset field for fetching subsequent pages. Log lines include timestamps and the log line content.\n\nNote that this serves two endpoints:\n- /{orgName}/{projectName}/{stackName}/deployments/{deploymentId}/logs\n- /admin/deployments/{deploymentId}/logs\n\nThe former requires stack deployment read permissions. The latter requires site administrator privileges.", "operationId": "GetDeploymentLogs", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The deployment identifier", "in": "path", "name": "deploymentId", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for streaming logs; use nextToken from the previous response to fetch subsequent log entries", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Number of log lines to return (1-499, default 100)", "in": "query", "name": "count", "schema": { "format": "int64", "type": "integer" } }, { "description": "Zero-based job index to retrieve logs for", "in": "query", "name": "job", "schema": { "format": "int64", "type": "integer" } }, { "description": "Zero-based line offset within the step logs", "in": "query", "name": "offset", "schema": { "format": "int64", "type": "integer" } }, { "description": "Zero-based step index within the specified job", "in": "query", "name": "step", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/DeploymentLogsBase" } } }, "description": "OK" }, "400": { "description": "Count must be less than 500 and more than 0" }, "404": { "description": "Deployment or Run" } }, "summary": "GetDeploymentLogs", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/deployments/{deploymentId}/updates": { "get": { "description": "Retrieves all stack updates (program updates) associated with a specific Pulumi Deployments execution. A single deployment may produce one or more stack updates depending on the operation performed. Each update in the response includes details such as the update ID, version, start and end times, result status, and resource changes. This is useful for correlating deployment executions with their resulting infrastructure changes.", "operationId": "GetDeploymentUpdates", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The deployment identifier", "in": "path", "name": "deploymentId", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/UpdateInfo" }, "type": "array" } } }, "description": "OK" }, "404": { "description": "Deployment or Program" } }, "summary": "GetDeploymentUpdates", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy": { "post": { "description": "Creates a new destroy update for the given stack. A destroy update tears down all resources managed by the stack. This only creates the update record; the update must subsequently be started via the StartUpdateForDestroy endpoint. Enforces stack update concurrency checks to prevent conflicting simultaneous operations.", "operationId": "CreateUpdateForDestroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateProgramRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateProgramResponse" } } }, "description": "OK" } }, "summary": "CreateUpdateForDestroy", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}": { "get": { "description": "Returns the current status and results of a destroy update, including whether it is still in progress, succeeded, or failed. Supports pagination of results via the continuationToken query parameter.", "operationId": "GetUpdateStatusForDestroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateResults" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" } }, "summary": "GetUpdateStatusForDestroy", "tags": [ "Stacks" ] }, "post": { "description": "Starts execution of a previously created destroy update. The update must have been created via CreateUpdateForDestroy first. Returns a lease token and version number for tracking the update. Returns 404 if the update does not exist, or 409 if another update is already in progress on the stack.", "operationId": "StartUpdateForDestroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStartUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStartUpdateResponse" } } }, "description": "OK" }, "404": { "description": "Update" }, "409": { "description": "Another update is currently in progress." } }, "summary": "StartUpdateForDestroy", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/cancel": { "post": { "description": "Requests cancellation of a service-managed update that is currently in progress. The update must have been started (returns 409 if it has not). Returns 404 if the specified update does not exist. The cancellation is processed asynchronously and the update will transition to a cancelled state.", "operationId": "CancelUpdate_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Update" }, "409": { "description": "The Update has not started" } }, "summary": "CancelUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/checkpoint": { "patch": { "description": "Uploads a new checkpoint (deployment state snapshot) for a service-managed update that is currently in progress. The checkpoint contains the complete current state of all resources. The request must contain a valid checkpoint object. Returns 403 for preview operations since previews do not modify actual state. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateCheckpoint_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateCheckpointRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "request must contain a checkpoint or using the IsInvalid flag is not longer supported" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateCheckpoint", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/checkpointdelta": { "patch": { "description": "Uploads a checkpoint delta for a service-managed update that is currently in progress. Rather than uploading the complete checkpoint state, this endpoint accepts an incremental delta that is applied to the existing checkpoint, reducing the payload size. The delta is persisted in the format as provided. Supports checksum validation for data integrity. Returns 403 for preview operations since previews do not modify actual state. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateCheckpointDelta_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateCheckpointDeltaRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "setting a checkpoint is not allowed because it's marked as already completed or failed to apply checkpoint delta or validating checksum" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateCheckpointDelta", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/checkpointverbatim": { "patch": { "description": "Uploads a checkpoint for a service-managed update as a verbatim byte array, bypassing JSON marshalling. Unlike PatchUpdateCheckpoint which accepts a structured deployment object and re-serializes it (which may compact data), this endpoint preserves the exact bytes provided by the client and uploads them directly to blob storage. This maintains byte-level fidelity of the checkpoint data. Returns 403 for preview operations. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateVerbatimCheckpoint_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateVerbatimCheckpointRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "setting a checkpoint is not allowed because it's marked as already completed" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateVerbatimCheckpoint", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/complete": { "post": { "description": "Marks a service-managed update as complete. The request body must include the final status of the update. Returns 400 if the status is unrecognized. Returns 409 if the update has not started, has been cancelled, has already timed out, or has already completed. Requires update token authentication.", "operationId": "CompleteUpdate_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCompleteUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "unrecognized status" }, "404": { "description": "Update" }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "CompleteUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/events": { "get": { "description": "Returns the engine events for the specified update. Engine events represent individual resource operations and diagnostic messages produced during the update. Supports pagination via continuation tokens and filtering by engine event type codes or resource URN. The include_non_activated parameter controls whether events not yet marked as activated are included.", "operationId": "GetEngineEvents_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "When true, includes events that have not yet been activated; when false or omitted, only activated events are returned", "in": "query", "name": "include_non_activated", "schema": { "type": "boolean" } }, { "description": "Filter results to only include events matching these engine event type codes", "in": "query", "name": "type", "schema": { "items": { "format": "int64", "type": "integer" }, "type": "array" } }, { "description": "Filter results to only include events for the specified resource URN", "in": "query", "name": "urn", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetUpdateEventsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid continuation token." } }, "summary": "GetEngineEvents", "tags": [ "Stacks", "StackUpdates" ] }, "post": { "description": "Records a single engine event sent from the Pulumi CLI during a stack update. Engine events represent individual resource operations or diagnostic messages. For better performance, consider using RecordEngineEventBatch to send multiple events in a single request. Returns 400 if no event data is provided, or 404 if the update does not exist. Requires update token authentication.", "operationId": "RecordEngineEvent_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEngineEvent" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "No events provided." }, "404": { "description": "Update" } }, "summary": "RecordEngineEvent", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/events/batch": { "post": { "description": "Records a batch of engine events sent from the Pulumi CLI during a stack update. Engine events represent individual resource operations (create, update, delete, etc.) and diagnostic messages. Batching events reduces the number of API calls during an update. Returns 400 if no events are provided in the batch, or 404 if the update does not exist. Requires update token authentication.", "operationId": "RecordEngineEventBatch_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEngineEventBatch" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "No events provided." }, "404": { "description": "Update" } }, "summary": "RecordEngineEventBatch", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/journalentries": { "patch": { "description": "Creates new journal entries for the specified update. Journal entries record the progression of resource operations during an update, tracking state transitions for each resource. The include_non_activated query parameter controls whether non-activated events are included. Requires update token authentication.", "operationId": "CreateJournalEntries_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "When true, includes events that have not yet been activated; when false or omitted, only activated events are returned", "in": "query", "name": "include_non_activated", "schema": { "type": "boolean" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppJournalEntries" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "CreateJournalEntries", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/log": { "post": { "description": "Appends a log entry to the specified update's log stream. Log entries are used to record diagnostic messages, status information, and other output generated during a stack update operation. Requires update token authentication.", "operationId": "AppendUpdateLogEntry_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppAppendUpdateLogEntryRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "AppendUpdateLogEntry", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/destroy/{updateID}/renew_lease": { "post": { "description": "Renews the lease for a service-managed update that is currently in progress. Leases prevent concurrent operations on the same stack and must be periodically renewed to indicate the update is still active. The renewal duration must be between 0 and 300 seconds. Returns 409 if the update is not currently in progress.", "operationId": "RenewUpdateLease_destroy", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppRenewUpdateLeaseRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppRenewUpdateLeaseResponse" } } }, "description": "OK" }, "400": { "description": "Renewal duration must be between 0 and 300 seconds" }, "409": { "description": "The Update is not in progress." } }, "summary": "RenewUpdateLease", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/downstreamreferences": { "get": { "description": "Returns all stacks that reference the specified stack as a dependency in their Pulumi programs (via StackReference). This is useful for understanding the impact of changes to a stack, as downstream stacks may consume outputs from this stack. The response includes each referencing stack's organization, project, name, and version.", "operationId": "ListDownstreamStackReferences", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListDownstreamStackReferencesResponse" } } }, "description": "OK" } }, "summary": "ListDownstreamStackReferences", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/drift/runs": { "get": { "description": "Returns a paginated list of all drift detection runs for a stack. Each drift run represents a scheduled or manually triggered drift detection execution and includes details about whether drift was detected and any remediation actions taken. Use the 'page' (minimum 1, default 1) and 'pageSize' (1-100, default 10) query parameters for pagination.", "operationId": "ListDriftRuns", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "Page number (min 1, default 1)", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Results per page (1-100, default 10)", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListDriftRunsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid query parameter" } }, "summary": "ListDriftRuns", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/drift/status": { "get": { "description": "Retrieves the current drift detection status and associated metadata for a stack. Drift occurs when the actual state of cloud resources diverges from the state declared in the Pulumi program. The response indicates whether drift has been detected, when the last drift check was performed, and details about any detected differences. This is used in conjunction with drift detection schedules to monitor infrastructure compliance.", "operationId": "GetStackDriftStatus", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StackDriftStatus" } } }, "description": "OK" } }, "summary": "GetStackDriftStatus", "tags": [ "Deployments" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/encrypt": { "post": { "description": "Encrypts a single plaintext value using the stack's encryption key. The request body contains the plaintext value to encrypt. The response contains the base64-encoded ciphertext. For encrypting multiple values in a single request, use the BatchEncryptValue endpoint instead. Returns 413 if the request body exceeds the maximum allowed content size.", "operationId": "EncryptValue", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEncryptValueRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEncryptValueResponse" } } }, "description": "OK" }, "413": { "description": "Request Content Too Large" } }, "summary": "EncryptValue", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/export": { "get": { "description": "Exports the current, complete state of the stack as an untyped deployment object. The response includes the deployment version, manifest (containing timestamps and plugin information), secrets providers configuration, and the full array of resources with their URNs, types, inputs, outputs, and dependency information. This endpoint is commonly used for stack state backup, migration between backends, or programmatic inspection of resource states.", "operationId": "ExportStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUntypedDeployment" } } }, "description": "OK" } }, "summary": "ExportStack", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/export/{version}": { "get": { "description": "Exports the complete stack state at a specific historical update version, rather than the current version. This allows retrieving the deployment snapshot as it existed after a particular update completed. The response format is identical to the ExportStack endpoint. Returns 400 if the version parameter is invalid, or 404 if the specified version does not exist for this stack.", "operationId": "ExportStackAtVersion", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The stack update version number", "in": "path", "name": "version", "required": true, "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUntypedDeployment" } } }, "description": "OK" }, "400": { "description": "invalid 'version' parameter" }, "404": { "description": "Stack Version" } }, "summary": "ExportStackAtVersion", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/hooks": { "get": { "description": "Returns all webhooks configured for the specified stack. Each webhook in the response includes its name, display name, payload URL, format, filters, and active status.", "operationId": "ListWebhooks_stacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/WebhookResponse" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "ListWebhooks", "tags": [ "Stacks", "Webhooks" ] }, "post": { "description": "Creates a new webhook for the specified stack. The request body must include the webhook name, payload URL, and format.\n\nThe `format` field accepts: `raw` (default), `slack`, `ms_teams`, or `pulumi_deployments`.\n\nThe `filters` field accepts a list of event types to subscribe to. See the [webhook event filtering documentation](https://www.pulumi.com/docs/pulumi-cloud/webhooks/#event-filtering) for available filters.\n\nThe optional `secret` field sets the HMAC key for signature verification. See the [webhook headers documentation](https://www.pulumi.com/docs/pulumi-cloud/webhooks/#headers) for details.\n\nReturns 409 if a webhook with the same name already exists. Returns 400 if the organization or stack name in the request body does not match the URL path parameters.", "operationId": "CreateWebhook_stacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } }, "x-originalParamName": "body" }, "responses": { "201": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "Created" }, "400": { "description": "Organization name from request body doesn't match URL or Stack name from request body doesn't match URL or invalid webhook name, display name, format, payload URL, groups, or filters." }, "409": { "description": "Webhook with name {name} already exists." } }, "summary": "CreateWebhook", "tags": [ "Stacks", "Webhooks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/hooks/{hookName}": { "delete": { "description": "Deletes a webhook from the specified stack. Returns 204 with no content on success.", "operationId": "DeleteWebhook_stacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "DeleteWebhook", "tags": [ "Stacks", "Webhooks" ] }, "get": { "description": "Returns the details of a single webhook identified by its name, including its configuration, filters, groups, and active status. Returns 404 if the webhook does not exist.", "operationId": "GetWebhook_stacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "GetWebhook", "tags": [ "Stacks", "Webhooks" ] }, "patch": { "description": "Updates an existing webhook's configuration. Supports modifying the display name, payload URL, format, groups, filters, and active status. The 'pulumi_deployments' format can only be used on stack or environment webhooks. Returns 404 if the webhook does not exist.", "operationId": "UpdateWebhook_stacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Webhook" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookResponse" } } }, "description": "OK" }, "400": { "description": "'pulumi_deployments' format can only be used on stack or environment webhooks or Invalid display name, format, payload URL, groups, or filters." }, "404": { "description": "Webhook" } }, "summary": "UpdateWebhook", "tags": [ "Stacks", "Webhooks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/hooks/{hookName}/deliveries": { "get": { "description": "Returns the recent delivery history for a specific webhook. Each delivery includes the timestamp, HTTP status code, request and response details, and whether the delivery was successful.", "operationId": "GetWebhookDeliveries_stacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/WebhookDelivery" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "GetWebhookDeliveries", "tags": [ "Stacks", "Webhooks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/hooks/{hookName}/deliveries/{event}/redeliver": { "post": { "description": "Triggers the Pulumi Service to redeliver a specific event to a webhook. This is useful for resending an event that the webhook endpoint failed to process on the initial delivery attempt. Returns the delivery result with HTTP status and response details. Returns 404 if the webhook or event does not exist.", "operationId": "RedeliverWebhookEvent_stacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook delivery event identifier to redeliver", "in": "path", "name": "event", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookDelivery" } } }, "description": "OK" }, "404": { "description": "Webhook or WebhookEvent" } }, "summary": "RedeliverWebhookEvent", "tags": [ "Stacks", "Webhooks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/hooks/{hookName}/ping": { "post": { "description": "Issues a test ping event to the specified webhook to verify it is properly configured and reachable. Unlike normal webhook deliveries, this bypasses the message queue and sends the request directly to the webhook endpoint. The response includes the delivery result with HTTP status and response details. Returns 404 if the webhook does not exist.", "operationId": "PingWebhook_stacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The webhook name", "in": "path", "name": "hookName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/WebhookDelivery" } } }, "description": "OK" }, "404": { "description": "Webhook" } }, "summary": "PingWebhook", "tags": [ "Stacks", "Webhooks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/import": { "post": { "description": "Imports a deployment state snapshot into the specified stack, replacing the current state. The request body must contain a complete untyped deployment object with the same format returned by the ExportStack endpoint. This is commonly used for state migration between backends, state repair, or restoring from backup. Returns 400 if the deployment contains encrypted secrets from a different stack. Returns 409 if another update is currently in progress on the stack.", "operationId": "ImportStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppImportStackRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppImportStackResponse" } } }, "description": "OK" }, "400": { "description": "cannot import deployment with encrypted secrets from a different stack" }, "409": { "description": "Another update is currently in progress." } }, "summary": "ImportStack", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/metadata": { "get": { "description": "Returns metadata about a stack including the requesting user's permission level and the stack's notification settings (such as whether to notify on update success or failure). This endpoint provides access control and configuration metadata without returning the full stack details.", "operationId": "GetStackMetadata", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StackMetadata" } } }, "description": "OK" } }, "summary": "GetStackMetadata", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/notifications/settings": { "patch": { "description": "Updates the notification settings for a stack, controlling whether notifications are sent on update success or failure. The request body specifies the notification preferences. Returns the updated stack metadata including the new notification settings.", "operationId": "UpdateStackNotificationSettings", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateStackNotificationSettingsRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StackMetadata" } } }, "description": "OK" } }, "summary": "UpdateStackNotificationSettings", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/ownership": { "post": { "description": "Changes the ownership of the specified stack to the provided user. Returns the identity of the previous owner.", "operationId": "ReassignStackOwnership", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserInfo" } } }, "description": "The new owner's identity", "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UserInfo" } } }, "description": "OK" } }, "summary": "ReassignStackOwnership", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/policygroups": { "get": { "description": "Returns the list of policy groups that include the specified stack. Policy groups define which policy packs are enforced on a set of stacks. The response includes each group's name, the stacks it applies to, and the policy packs configured within it.", "operationId": "GetStackPolicyGroups", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppListPolicyGroupsResponse" } } }, "description": "OK" } }, "summary": "GetStackPolicyGroups", "tags": [ "Stacks", "StackPolicy" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/policypacks": { "get": { "description": "Returns the policy packs currently enforced on the specified stack through its policy group memberships. The optional 'mode' query parameter filters results by enforcement mode: 'audit' (violations are logged but allowed) or 'preventative' (violations block the update). Returns 400 if the mode parameter is invalid.", "operationId": "GetStackPolicyPacks", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "Filter by policy group enforcement mode ('audit' or 'preventative')", "in": "query", "name": "mode", "schema": { "enum": [ "audit", "preventative" ], "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppGetStackPolicyPacksResponse" } } }, "description": "OK" }, "400": { "description": "Invalid mode parameter value" } }, "summary": "GetStackPolicyPacks", "tags": [ "Stacks", "StackPolicy" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview": { "post": { "description": "Creates a new preview update for the given stack. A preview shows what changes would be made without actually applying them, similar to a dry run. This only creates the update record; the update must subsequently be started via the StartUpdateForPreview endpoint. Enforces stack update concurrency checks.", "operationId": "CreateUpdateForPreview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateProgramRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateProgramResponse" } } }, "description": "OK" } }, "summary": "CreateUpdateForPreview", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview/{updateID}": { "get": { "description": "Returns the current status and results of a preview update, including whether it is still in progress, succeeded, or failed. Supports pagination of results via the continuationToken query parameter.", "operationId": "GetUpdateStatusForPreview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateResults" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" } }, "summary": "GetUpdateStatusForPreview", "tags": [ "Stacks" ] }, "post": { "description": "Starts execution of a previously created preview update. The update must have been created via CreateUpdateForPreview first. Returns a lease token and version number for tracking the update. Returns 404 if the update does not exist, or 409 if another update is already in progress on the stack.", "operationId": "StartUpdateForPreview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStartUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStartUpdateResponse" } } }, "description": "OK" }, "404": { "description": "Update" }, "409": { "description": "Another update is currently in progress." } }, "summary": "StartUpdateForPreview", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview/{updateID}/cancel": { "post": { "description": "Requests cancellation of a service-managed update that is currently in progress. The update must have been started (returns 409 if it has not). Returns 404 if the specified update does not exist. The cancellation is processed asynchronously and the update will transition to a cancelled state.", "operationId": "CancelUpdate_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Update" }, "409": { "description": "The Update has not started" } }, "summary": "CancelUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview/{updateID}/complete": { "post": { "description": "Marks a service-managed update as complete. The request body must include the final status of the update. Returns 400 if the status is unrecognized. Returns 409 if the update has not started, has been cancelled, has already timed out, or has already completed. Requires update token authentication.", "operationId": "CompleteUpdate_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCompleteUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "unrecognized status" }, "404": { "description": "Update" }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "CompleteUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview/{updateID}/events": { "get": { "description": "Returns the engine events for the specified update. Engine events represent individual resource operations and diagnostic messages produced during the update. Supports pagination via continuation tokens and filtering by engine event type codes or resource URN. The include_non_activated parameter controls whether events not yet marked as activated are included.", "operationId": "GetEngineEvents_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "When true, includes events that have not yet been activated; when false or omitted, only activated events are returned", "in": "query", "name": "include_non_activated", "schema": { "type": "boolean" } }, { "description": "Filter results to only include events matching these engine event type codes", "in": "query", "name": "type", "schema": { "items": { "format": "int64", "type": "integer" }, "type": "array" } }, { "description": "Filter results to only include events for the specified resource URN", "in": "query", "name": "urn", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetUpdateEventsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid continuation token." } }, "summary": "GetEngineEvents", "tags": [ "Stacks" ] }, "post": { "description": "Records a single engine event sent from the Pulumi CLI during a stack update. Engine events represent individual resource operations or diagnostic messages. For better performance, consider using RecordEngineEventBatch to send multiple events in a single request. Returns 400 if no event data is provided, or 404 if the update does not exist. Requires update token authentication.", "operationId": "RecordEngineEvent_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEngineEvent" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "No events provided." }, "404": { "description": "Update" } }, "summary": "RecordEngineEvent", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview/{updateID}/events/batch": { "post": { "description": "Records a batch of engine events sent from the Pulumi CLI during a stack update. Engine events represent individual resource operations (create, update, delete, etc.) and diagnostic messages. Batching events reduces the number of API calls during an update. Returns 400 if no events are provided in the batch, or 404 if the update does not exist. Requires update token authentication.", "operationId": "RecordEngineEventBatch_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEngineEventBatch" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "No events provided." }, "404": { "description": "Update" } }, "summary": "RecordEngineEventBatch", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview/{updateID}/journalentries": { "patch": { "description": "Creates new journal entries for the specified update. Journal entries record the progression of resource operations during an update, tracking state transitions for each resource. The include_non_activated query parameter controls whether non-activated events are included. Requires update token authentication.", "operationId": "CreateJournalEntries_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "When true, includes events that have not yet been activated; when false or omitted, only activated events are returned", "in": "query", "name": "include_non_activated", "schema": { "type": "boolean" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppJournalEntries" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "CreateJournalEntries", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview/{updateID}/log": { "post": { "description": "Appends a log entry to the specified update's log stream. Log entries are used to record diagnostic messages, status information, and other output generated during a stack update operation. Requires update token authentication.", "operationId": "AppendUpdateLogEntry_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppAppendUpdateLogEntryRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "AppendUpdateLogEntry", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/preview/{updateID}/renew_lease": { "post": { "description": "Renews the lease for a service-managed update that is currently in progress. Leases prevent concurrent operations on the same stack and must be periodically renewed to indicate the update is still active. The renewal duration must be between 0 and 300 seconds. Returns 409 if the update is not currently in progress.", "operationId": "RenewUpdateLease_preview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppRenewUpdateLeaseRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppRenewUpdateLeaseResponse" } } }, "description": "OK" }, "400": { "description": "Renewal duration must be between 0 and 300 seconds" }, "409": { "description": "The Update is not in progress." } }, "summary": "RenewUpdateLease", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/previews/{updateID}": { "get": { "description": "Returns details of a specific preview operation identified by its update ID. The response includes the preview's kind, start and end times, result status, resource changes summary, configuration, and environment details. Returns 404 if the specified update does not exist.", "operationId": "GetStackPreview", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateInfo" } } }, "description": "OK" }, "404": { "description": "Update" } }, "summary": "GetStackPreview", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/previews/{updateID}/summary": { "get": { "description": "Returns a concise summary of a specific preview operation, including the update kind, result status, start and end times, and resource change counts. This is a lighter-weight alternative to GetStackPreview when full update details are not needed. Returns 404 if the specified update does not exist.", "operationId": "GetStackPreviewSummary", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateSummary" } } }, "description": "OK" }, "404": { "description": "Update" } }, "summary": "GetStackPreviewSummary", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh": { "post": { "description": "Creates a new refresh update for the given stack. A refresh synchronizes the stack's state with the actual state of the cloud resources, detecting any drift. This only creates the update record; the update must subsequently be started via the StartUpdateForRefresh endpoint. Enforces stack update concurrency checks.", "operationId": "CreateUpdateForRefresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateProgramRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateProgramResponse" } } }, "description": "OK" } }, "summary": "CreateUpdateForRefresh", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}": { "get": { "description": "Returns the current status and results of a refresh update, including whether it is still in progress, succeeded, or failed. Supports pagination of results via the continuationToken query parameter.", "operationId": "GetUpdateStatusForRefresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateResults" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" } }, "summary": "GetUpdateStatusForRefresh", "tags": [ "Stacks" ] }, "post": { "description": "Starts execution of a previously created refresh update. The update must have been created via CreateUpdateForRefresh first. Returns a lease token and version number for tracking the update. Returns 404 if the update does not exist, or 409 if another update is already in progress on the stack.", "operationId": "StartUpdateForRefresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStartUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStartUpdateResponse" } } }, "description": "OK" }, "404": { "description": "Update" }, "409": { "description": "Another update is currently in progress." } }, "summary": "StartUpdateForRefresh", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/cancel": { "post": { "description": "Requests cancellation of a service-managed update that is currently in progress. The update must have been started (returns 409 if it has not). Returns 404 if the specified update does not exist. The cancellation is processed asynchronously and the update will transition to a cancelled state.", "operationId": "CancelUpdate_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Update" }, "409": { "description": "The Update has not started" } }, "summary": "CancelUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/checkpoint": { "patch": { "description": "Uploads a new checkpoint (deployment state snapshot) for a service-managed update that is currently in progress. The checkpoint contains the complete current state of all resources. The request must contain a valid checkpoint object. Returns 403 for preview operations since previews do not modify actual state. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateCheckpoint_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateCheckpointRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "request must contain a checkpoint or using the IsInvalid flag is not longer supported" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateCheckpoint", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/checkpointdelta": { "patch": { "description": "Uploads a checkpoint delta for a service-managed update that is currently in progress. Rather than uploading the complete checkpoint state, this endpoint accepts an incremental delta that is applied to the existing checkpoint, reducing the payload size. The delta is persisted in the format as provided. Supports checksum validation for data integrity. Returns 403 for preview operations since previews do not modify actual state. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateCheckpointDelta_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateCheckpointDeltaRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "setting a checkpoint is not allowed because it's marked as already completed or failed to apply checkpoint delta or validating checksum" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateCheckpointDelta", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/checkpointverbatim": { "patch": { "description": "Uploads a checkpoint for a service-managed update as a verbatim byte array, bypassing JSON marshalling. Unlike PatchUpdateCheckpoint which accepts a structured deployment object and re-serializes it (which may compact data), this endpoint preserves the exact bytes provided by the client and uploads them directly to blob storage. This maintains byte-level fidelity of the checkpoint data. Returns 403 for preview operations. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateVerbatimCheckpoint_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateVerbatimCheckpointRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "setting a checkpoint is not allowed because it's marked as already completed" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateVerbatimCheckpoint", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/complete": { "post": { "description": "Marks a service-managed update as complete. The request body must include the final status of the update. Returns 400 if the status is unrecognized. Returns 409 if the update has not started, has been cancelled, has already timed out, or has already completed. Requires update token authentication.", "operationId": "CompleteUpdate_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCompleteUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "unrecognized status" }, "404": { "description": "Update" }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "CompleteUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/events": { "get": { "description": "Returns the engine events for the specified update. Engine events represent individual resource operations and diagnostic messages produced during the update. Supports pagination via continuation tokens and filtering by engine event type codes or resource URN. The include_non_activated parameter controls whether events not yet marked as activated are included.", "operationId": "GetEngineEvents_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "When true, includes events that have not yet been activated; when false or omitted, only activated events are returned", "in": "query", "name": "include_non_activated", "schema": { "type": "boolean" } }, { "description": "Filter results to only include events matching these engine event type codes", "in": "query", "name": "type", "schema": { "items": { "format": "int64", "type": "integer" }, "type": "array" } }, { "description": "Filter results to only include events for the specified resource URN", "in": "query", "name": "urn", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetUpdateEventsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid continuation token." } }, "summary": "GetEngineEvents", "tags": [ "Stacks" ] }, "post": { "description": "Records a single engine event sent from the Pulumi CLI during a stack update. Engine events represent individual resource operations or diagnostic messages. For better performance, consider using RecordEngineEventBatch to send multiple events in a single request. Returns 400 if no event data is provided, or 404 if the update does not exist. Requires update token authentication.", "operationId": "RecordEngineEvent_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEngineEvent" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "No events provided." }, "404": { "description": "Update" } }, "summary": "RecordEngineEvent", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/events/batch": { "post": { "description": "Records a batch of engine events sent from the Pulumi CLI during a stack update. Engine events represent individual resource operations (create, update, delete, etc.) and diagnostic messages. Batching events reduces the number of API calls during an update. Returns 400 if no events are provided in the batch, or 404 if the update does not exist. Requires update token authentication.", "operationId": "RecordEngineEventBatch_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEngineEventBatch" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "No events provided." }, "404": { "description": "Update" } }, "summary": "RecordEngineEventBatch", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/journalentries": { "patch": { "description": "Creates new journal entries for the specified update. Journal entries record the progression of resource operations during an update, tracking state transitions for each resource. The include_non_activated query parameter controls whether non-activated events are included. Requires update token authentication.", "operationId": "CreateJournalEntries_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "When true, includes events that have not yet been activated; when false or omitted, only activated events are returned", "in": "query", "name": "include_non_activated", "schema": { "type": "boolean" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppJournalEntries" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "CreateJournalEntries", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/log": { "post": { "description": "Appends a log entry to the specified update's log stream. Log entries are used to record diagnostic messages, status information, and other output generated during a stack update operation. Requires update token authentication.", "operationId": "AppendUpdateLogEntry_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppAppendUpdateLogEntryRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "AppendUpdateLogEntry", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/refresh/{updateID}/renew_lease": { "post": { "description": "Renews the lease for a service-managed update that is currently in progress. Leases prevent concurrent operations on the same stack and must be periodically renewed to indicate the update is still active. The renewal duration must be between 0 and 300 seconds. Returns 409 if the update is not currently in progress.", "operationId": "RenewUpdateLease_refresh", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppRenewUpdateLeaseRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppRenewUpdateLeaseResponse" } } }, "description": "OK" }, "400": { "description": "Renewal duration must be between 0 and 300 seconds" }, "409": { "description": "The Update is not in progress." } }, "summary": "RenewUpdateLease", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/rename": { "post": { "description": "Changes an existing stack's name to a new value. The request body must include the desired new name. The rename may also change the project name. Returns 400 if the request body does not specify a rename. Returns 409 if another update is currently in progress on the stack, since renaming requires exclusive access.", "operationId": "RenameStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStackRenameRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppImportStackResponse" } } }, "description": "OK" }, "400": { "description": "No rename to apply." }, "409": { "description": "Another update is currently in progress." } }, "summary": "RenameStack", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/resources/count": { "get": { "description": "Returns the total number of resources currently managed by the stack, based on the most recent update. The response includes the resource count and the stack version number. This is a lightweight endpoint for checking stack size without retrieving full resource details.", "operationId": "GetStackResourceCount", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackResourceCountResponse" } } }, "description": "OK" } }, "summary": "GetStackResourceCount", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/resources/latest": { "get": { "description": "Retrieves all resources currently managed by the stack from the most recent update. Each resource in the response includes its type, URN, provider, inputs, outputs, parent, and dependencies. This is equivalent to calling GetStackResources with the latest version number.", "operationId": "GetLatestStackResources", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackResourcesResponse" } } }, "description": "OK" } }, "summary": "GetLatestStackResources", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/resources/latest/{urn}": { "get": { "description": "Returns detailed information about a specific resource identified by its URN from the most recent stack update. The response includes the resource type, provider, inputs, outputs, and dependency information. Returns 404 if no resource with the given URN exists in the latest state.", "operationId": "GetLatestStackResource", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The resource URN", "in": "path", "name": "urn", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackResourceResponse" } } }, "description": "OK" }, "404": { "description": "Resource" } }, "summary": "GetLatestStackResource", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/resources/{version}": { "get": { "description": "Retrieves all resources as they existed at a specific historical stack update version. Each resource includes its type, URN, provider, inputs, outputs, parent, and dependencies. Returns 404 if the specified version does not exist for this stack.", "operationId": "GetStackResources", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The stack update version number", "in": "path", "name": "version", "required": true, "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackResourcesResponse" } } }, "description": "OK" }, "404": { "description": "Version" } }, "summary": "GetStackResources", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/resources/{version}/{urn}": { "get": { "description": "Returns detailed information about a specific resource identified by its URN at a specific historical update version. The response includes the resource type, provider, inputs, outputs, and dependency information as they existed at that version. Returns 404 if the resource or version does not exist.", "operationId": "GetStackResource", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The stack update version number", "in": "path", "name": "version", "required": true, "schema": { "format": "int64", "type": "integer" } }, { "description": "The resource URN", "in": "path", "name": "urn", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackResourceResponse" } } }, "description": "OK" }, "404": { "description": "Resource or Version" } }, "summary": "GetStackResource", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/tags": { "patch": { "description": "Replaces all tags on the specified stack with the tags provided in the request body. This is a wholesale replacement operation: any existing tags not included in the request will be removed. The request body is a JSON map of tag name-value pairs. Returns 400 if the operation would change the project name tag or if any tags are invalid.", "operationId": "UpdateStackTags", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "additionalProperties": { "type": "string" }, "type": "object" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Cannot change project's name or tags are invalid" } }, "summary": "UpdateStackTags", "tags": [ "Stacks", "StackTags" ] }, "post": { "description": "Creates a new tag on the specified stack. Tags are key-value metadata pairs that can be used for organization, filtering, and storing additional information about stacks. The request body must include both a tag name and value. Returns 400 if the tag name is invalid or the tag already exists. Built-in tags (such as those automatically set by the Pulumi CLI) follow specific naming conventions.", "operationId": "AddStackTag", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StackTag" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "Invalid tag name or tag already exists." } }, "summary": "AddStackTag", "tags": [ "Stacks", "StackTags" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/tags/{tagName}": { "delete": { "description": "Removes a specific tag from the stack, identified by the tag name in the URL path. Built-in tags (those automatically managed by the Pulumi CLI) cannot be deleted and will return a 400 error. Returns 404 if the specified tag does not exist on the stack. Returns 204 with no content on success.", "operationId": "DeleteStackTag", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "400": { "description": "built-in tags cannot be deleted" }, "404": { "description": "Tag not found" } }, "summary": "DeleteStackTag", "tags": [ "Stacks", "StackTags" ] }, "patch": { "description": "Updates the value of an existing tag on the specified stack. The tag is identified by its name in the URL path. Built-in tags (those automatically managed by the Pulumi CLI, such as project name tags) cannot be updated and will return a 400 error. Returns 404 if the specified tag does not exist on the stack.", "operationId": "UpdateStackTag", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/StackTag" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "built-in tags cannot be updated or invalid tag name" }, "404": { "description": "tag not found" } }, "summary": "UpdateStackTag", "tags": [ "Stacks", "StackTags" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/teams": { "get": { "description": "Lists all teams within the organization that have been granted access to the specified stack. The response includes each team's name and the permission level granted to it for this stack.", "operationId": "ListStackTeams", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListTeamsByStackResponse" } } }, "description": "OK" } }, "summary": "ListStackTeams", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/transfer": { "post": { "description": "Transfers a stack from one organization to another. The request body must specify the destination organization name via the 'toOrg' field. The requesting user must be a member of both the source and destination organizations to prevent accidental disclosure of organization existence. The stack must not have any active updates in progress (returns 409 if an update is running). Returns 204 with no content on success.", "operationId": "TransferStack", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TransferStackRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "409": { "description": "Another update is currently in progress." } }, "summary": "TransferStack", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update": { "post": { "description": "Creates a new standard update (pulumi up) for the given stack. A standard update deploys changes to the stack's infrastructure by creating, updating, or deleting resources as needed. This only creates the update record; the update must subsequently be started via the StartUpdateForUpdate endpoint. Enforces stack update concurrency checks to prevent conflicting simultaneous operations.", "operationId": "CreateUpdateForUpdate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateProgramRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateProgramResponse" } } }, "description": "OK" } }, "summary": "CreateUpdateForUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}": { "get": { "description": "Returns the current status and results of a standard (pulumi up) update, including whether it is still in progress, succeeded, or failed. Supports pagination of results via the continuationToken query parameter.", "operationId": "GetUpdateStatusForUpdate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppUpdateResults" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" } }, "summary": "GetUpdateStatusForUpdate", "tags": [ "Stacks", "StackUpdates" ] }, "post": { "description": "Starts execution of a previously created standard (pulumi up) update. The update must have been created via CreateUpdateForUpdate first. Returns a lease token and version number for tracking the update. Returns 404 if the update does not exist, or 409 if another update is already in progress on the stack.", "operationId": "StartUpdateForUpdate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStartUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppStartUpdateResponse" } } }, "description": "OK" }, "404": { "description": "Update" }, "409": { "description": "Another update is currently in progress." } }, "summary": "StartUpdateForUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/cancel": { "post": { "description": "Requests cancellation of a service-managed update that is currently in progress. The update must have been started (returns 409 if it has not). Returns 404 if the specified update does not exist. The cancellation is processed asynchronously and the update will transition to a cancelled state.", "operationId": "CancelUpdate_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Update" }, "409": { "description": "The Update has not started" } }, "summary": "CancelUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/checkpoint": { "patch": { "description": "Uploads a new checkpoint (deployment state snapshot) for a service-managed update that is currently in progress. The checkpoint contains the complete current state of all resources. The request must contain a valid checkpoint object. Returns 403 for preview operations since previews do not modify actual state. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateCheckpoint_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateCheckpointRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "request must contain a checkpoint or using the IsInvalid flag is not longer supported" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateCheckpoint", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/checkpointdelta": { "patch": { "description": "Uploads a checkpoint delta for a service-managed update that is currently in progress. Rather than uploading the complete checkpoint state, this endpoint accepts an incremental delta that is applied to the existing checkpoint, reducing the payload size. The delta is persisted in the format as provided. Supports checksum validation for data integrity. Returns 403 for preview operations since previews do not modify actual state. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateCheckpointDelta_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateCheckpointDeltaRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "setting a checkpoint is not allowed because it's marked as already completed or failed to apply checkpoint delta or validating checksum" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateCheckpointDelta", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/checkpointverbatim": { "patch": { "description": "Uploads a checkpoint for a service-managed update as a verbatim byte array, bypassing JSON marshalling. Unlike PatchUpdateCheckpoint which accepts a structured deployment object and re-serializes it (which may compact data), this endpoint preserves the exact bytes provided by the client and uploads them directly to blob storage. This maintains byte-level fidelity of the checkpoint data. Returns 403 for preview operations. Returns 409 if the update has not started, has been cancelled, timed out, or already completed. Requires update token authentication.", "operationId": "PatchUpdateVerbatimCheckpoint_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppPatchUpdateVerbatimCheckpointRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "setting a checkpoint is not allowed because it's marked as already completed" }, "403": { "description": "Updating the checkpoint is not permitted for preview operations." }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "PatchUpdateVerbatimCheckpoint", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/complete": { "post": { "description": "Marks a service-managed update as complete. The request body must include the final status of the update. Returns 400 if the status is unrecognized. Returns 409 if the update has not started, has been cancelled, has already timed out, or has already completed. Requires update token authentication.", "operationId": "CompleteUpdate_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppCompleteUpdateRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" }, "400": { "description": "unrecognized status" }, "404": { "description": "Update" }, "409": { "description": "The Update has not started or The Update has been cancelled or The Update has already timed out or The Update has already completed" } }, "summary": "CompleteUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/events": { "get": { "description": "Returns the engine events for the specified update. Engine events represent individual resource operations and diagnostic messages produced during the update. Supports pagination via continuation tokens and filtering by engine event type codes or resource URN. The include_non_activated parameter controls whether events not yet marked as activated are included.", "operationId": "GetEngineEvents_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "Continuation token for paginated results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "When true, includes events that have not yet been activated; when false or omitted, only activated events are returned", "in": "query", "name": "include_non_activated", "schema": { "type": "boolean" } }, { "description": "Filter results to only include events matching these engine event type codes", "in": "query", "name": "type", "schema": { "items": { "format": "int64", "type": "integer" }, "type": "array" } }, { "description": "Filter results to only include events for the specified resource URN", "in": "query", "name": "urn", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetUpdateEventsResponse" } } }, "description": "OK" }, "400": { "description": "Invalid continuation token." } }, "summary": "GetEngineEvents", "tags": [ "Stacks" ] }, "post": { "description": "Records a single engine event sent from the Pulumi CLI during a stack update. Engine events represent individual resource operations or diagnostic messages. For better performance, consider using RecordEngineEventBatch to send multiple events in a single request. Returns 400 if no event data is provided, or 404 if the update does not exist. Requires update token authentication.", "operationId": "RecordEngineEvent_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEngineEvent" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "No events provided." }, "404": { "description": "Update" } }, "summary": "RecordEngineEvent", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/events/batch": { "post": { "description": "Records a batch of engine events sent from the Pulumi CLI during a stack update. Engine events represent individual resource operations (create, update, delete, etc.) and diagnostic messages. Batching events reduces the number of API calls during an update. Returns 400 if no events are provided in the batch, or 404 if the update does not exist. Requires update token authentication.", "operationId": "RecordEngineEventBatch_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppEngineEventBatch" } } }, "x-originalParamName": "body" }, "responses": { "200": { "description": "OK" }, "400": { "description": "No events provided." }, "404": { "description": "Update" } }, "summary": "RecordEngineEventBatch", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/journalentries": { "patch": { "description": "Creates new journal entries for the specified update. Journal entries record the progression of resource operations during an update, tracking state transitions for each resource. The include_non_activated query parameter controls whether non-activated events are included. Requires update token authentication.", "operationId": "CreateJournalEntries_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } }, { "description": "When true, includes events that have not yet been activated; when false or omitted, only activated events are returned", "in": "query", "name": "include_non_activated", "schema": { "type": "boolean" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppJournalEntries" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "CreateJournalEntries", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/log": { "post": { "description": "Appends a log entry to the specified update's log stream. Log entries are used to record diagnostic messages, status information, and other output generated during a stack update operation. Requires update token authentication.", "operationId": "AppendUpdateLogEntry_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppAppendUpdateLogEntryRequest" } } }, "x-originalParamName": "body" }, "responses": { "204": { "description": "No Content" } }, "summary": "AppendUpdateLogEntry", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/update/{updateID}/renew_lease": { "post": { "description": "Renews the lease for a service-managed update that is currently in progress. Leases prevent concurrent operations on the same stack and must be periodically renewed to indicate the update is still active. The renewal duration must be between 0 and 300 seconds. Returns 409 if the update is not currently in progress.", "operationId": "RenewUpdateLease_update", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The update ID", "in": "path", "name": "updateID", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppRenewUpdateLeaseRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppRenewUpdateLeaseResponse" } } }, "description": "OK" }, "400": { "description": "Renewal duration must be between 0 and 300 seconds" }, "409": { "description": "The Update is not in progress." } }, "summary": "RenewUpdateLease", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/updates": { "get": { "description": "Returns the update history for a stack. Each update includes its kind (update, preview, refresh, destroy, import), start and end times, result status, resource changes summary, and resource count. Supports pagination via 'page' and 'pageSize' query parameters (page 0 returns all results, pageSize=1 with page=1 returns only the most recent update). The 'output-type' parameter controls the response format: when unset, returns a legacy format; when set, returns a paginated response.", "operationId": "GetStackUpdates", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "Controls the response format; when unset returns the legacy format, otherwise returns the paginated format", "in": "query", "name": "output-type", "schema": { "type": "string" } }, { "description": "Page number for paginated results (0-indexed, where 0 returns all results)", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Number of results per page (must be \u003e= 1 when page \u003e 0)", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "OK" }, "400": { "description": "Invalid 'page' value. or Invalid 'pageSize' value." } }, "summary": "GetStackUpdates", "tags": [ "Stacks", "StackUpdates" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/updates/latest": { "get": { "description": "Returns information about the most recent update to the stack, including the update kind (update, preview, refresh, destroy, import), start and end times, result status, resource changes summary, configuration, and environment details. Returns 404 if the stack has never been updated.", "operationId": "GetLatestStackUpdate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateInfo" } } }, "description": "OK" }, "404": { "description": "Version" } }, "summary": "GetLatestStackUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/updates/latest/previews": { "get": { "description": "Returns all preview operations associated with the latest stack update version. Previews are dry-run operations that show what changes would be made. Supports pagination via page and pageSize parameters (page 0 returns all results). The asc parameter controls sort order (ascending or descending by chronological order).", "operationId": "GetLatestStackPreviews", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "When true, sorts results in ascending chronological order; when false or omitted, sorts in descending order", "in": "query", "name": "asc", "schema": { "type": "boolean" } }, { "description": "Page number for paginated results (0-indexed, where 0 returns all results)", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Number of results per page (must be \u003e= 1 when page \u003e 0)", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackUpdatesResponse" } } }, "description": "OK" }, "400": { "description": "Invalid 'page' value. Must be \u003e= 0. or Invalid 'pageSize' value. Must be \u003e= 1. or Invalid 'pageSize' value. Must be 0 or unset when 'page' is 0." } }, "summary": "GetLatestStackPreviews", "tags": [ "Stacks", "StackUpdates" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/updates/latest/timeline": { "get": { "description": "Returns the timeline of all relevant events culminating with the most recent stack update. The timeline includes workflow events such as deployment triggers, previews, and the final update operation, providing a complete view of the sequence of actions that led to the current stack state. Returns 404 if no update exists.", "operationId": "GetLatestUpdateTimeline", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetUpdateTimelineResponse" } } }, "description": "OK" }, "404": { "description": "Stack Update" } }, "summary": "GetLatestUpdateTimeline", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/updates/{version}": { "get": { "description": "Returns detailed information about a specific stack update identified by its version number. The response includes the update kind (update, preview, refresh, destroy, import), start and end times, result status (succeeded, failed, etc.), resource changes summary (creates, updates, deletes, same), configuration, and environment details. Returns 404 if the specified version does not exist.", "operationId": "GetStackUpdate", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The stack update version number", "in": "path", "name": "version", "required": true, "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateInfo" } } }, "description": "OK" }, "404": { "description": "Version" } }, "summary": "GetStackUpdate", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/updates/{version}/previews": { "get": { "description": "Returns all preview operations associated with a specific stack update version. Multiple previews may be associated with a single update version when a stack is previewed multiple times before an update is applied. Supports pagination via page and pageSize parameters and chronological sorting via the asc parameter.", "operationId": "GetStackPreviews", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The stack update version number", "in": "path", "name": "version", "required": true, "schema": { "format": "int64", "type": "integer" } }, { "description": "When true, sorts results in ascending chronological order; when false or omitted, sorts in descending order", "in": "query", "name": "asc", "schema": { "type": "boolean" } }, { "description": "Page number for paginated results (0-indexed, where 0 returns all results)", "in": "query", "name": "page", "schema": { "format": "int64", "type": "integer" } }, { "description": "Number of results per page (must be \u003e= 1 when page \u003e 0)", "in": "query", "name": "pageSize", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackUpdatesResponse" } } }, "description": "OK" }, "400": { "description": "Invalid 'page' value. Must be \u003e= 0. or Invalid 'pageSize' value. Must be \u003e= 1. or Invalid 'pageSize' value. Must be 0 or unset when 'page' is 0." } }, "summary": "GetStackPreviews", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/updates/{version}/summary": { "get": { "description": "Returns a concise summary of a specific stack update by version number, including the update kind, result status, start and end times, and resource change counts. This is a lighter-weight alternative to GetStackUpdate when full update details are not needed. Returns 404 if the specified version does not exist.", "operationId": "GetStackUpdateSummary", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The stack update version number", "in": "path", "name": "version", "required": true, "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpdateSummary" } } }, "description": "OK" }, "404": { "description": "Version" } }, "summary": "GetStackUpdateSummary", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/updates/{version}/timeline": { "get": { "description": "Returns the timeline of all relevant events culminating with a specific stack update version. The timeline includes workflow events such as deployment triggers, previews, and the update operation itself, providing a complete view of the sequence of actions. Returns 404 if the specified update version does not exist.", "operationId": "GetUpdateTimeline", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } }, { "description": "The stack update version number", "in": "path", "name": "version", "required": true, "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetUpdateTimelineResponse" } } }, "description": "OK" }, "404": { "description": "Stack Update" } }, "summary": "GetUpdateTimeline", "tags": [ "Stacks" ] } }, "/api/stacks/{orgName}/{projectName}/{stackName}/workflow": { "post": { "description": "Generates a customized CI/CD workflow template for the specified stack. The request body must specify the target CI system (e.g. GitHub Actions, GitLab CI). The generated template is tailored to the stack's runtime and configuration. Returns 400 if the CI system is not specified or the stack does not have a runtime tag. Returns 404 if no matching workflow template is found.", "operationId": "GetStackStarterWorkflow", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } }, { "description": "The project name", "in": "path", "name": "projectName", "required": true, "schema": { "type": "string" } }, { "description": "The stack name", "in": "path", "name": "stackName", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStarterWorkflowRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetStackStarterWorkflowResponse" } } }, "description": "OK" }, "400": { "description": "CISystem must be specified or Stack does not have a runtime tag" }, "404": { "description": "WorkflowTemplate" } }, "summary": "GetStackStarterWorkflow", "tags": [ "Stacks" ] } }, "/api/user": { "get": { "description": "Returns the authenticated user's profile information, including login name, display name, email, avatar URL, and organization memberships.", "operationId": "GetCurrentUser", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } }, "description": "OK" } }, "summary": "GetCurrentUser", "tags": [ "Users" ] } }, "/api/user/ai/usage": { "get": { "description": "Returns the number of AI messages sent by the authenticated user. An optional lookback duration can be specified to limit the count to a recent time window.", "operationId": "GetSentMessageCountForUser", "parameters": [ { "description": "Duration in seconds to look back for messages. Must be positive if provided.", "in": "query", "name": "lookbackDuration", "schema": { "format": "int64", "type": "integer" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetMessageCountResponse" } } }, "description": "OK" }, "400": { "description": "lookbackDuration must be positive" } }, "summary": "GetSentMessageCountForUser", "tags": [ "AI" ] } }, "/api/user/github/{ghOrgName}/teams": { "get": { "description": "ListGitHubOrganizationTeams returns all GitHub teams the requesting user has access to see.", "operationId": "ListGitHubOrganizationTeams", "parameters": [ { "description": "The GitHub organization name", "in": "path", "name": "ghOrgName", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListGitHubOrganizationTeamsResponse" } } }, "description": "OK" }, "400": { "description": "operation only supported for GitHub-backed users" }, "404": { "description": "Organization" } }, "summary": "ListGitHubOrganizationTeams", "tags": [ "Users" ] } }, "/api/user/gitlab-app/organizations": { "get": { "deprecated": true, "description": "Gets a list of GitLab groups available to be used with the Pulumi GitLab app.\nThis endpoint explicitly denotes which groups can be used based on the\nuser's permissions within each group.", "operationId": "GetGroupsForGitLabApp", "responses": { "200": { "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/GitLabAppOrganization" }, "type": "array" } } }, "description": "successful operation" } }, "summary": "GetGroupsForGitLabApp", "tags": [ "Users" ], "x-pulumi-route-property": { "Deprecated": true, "Visibility": "Public" } } }, "/api/user/organizations/default": { "get": { "description": "GetDefaultOrganization returns the default organization for the current user.", "operationId": "GetDefaultOrganization", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppGetDefaultOrganizationResponse" } } }, "description": "OK" }, "400": { "description": "User is not a member of any organizations." } }, "summary": "GetDefaultOrganization", "tags": [ "Users" ] } }, "/api/user/organizations/{orgName}/default": { "post": { "description": "UpdateDefaultOrganization sets the default organization for the current user.", "operationId": "UpdateDefaultOrganization", "parameters": [ { "description": "The organization name", "in": "path", "name": "orgName", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" } }, "summary": "UpdateDefaultOrganization", "tags": [ "Users" ] } }, "/api/user/pending-emails": { "delete": { "description": "DeletePendingEmailChange removes the pending email change for the currently logged-in user.\nDeletes the pending verification only if it isn't a verification record for the current primary email itself.", "operationId": "DeletePendingEmailChange", "responses": { "204": { "description": "No Content" }, "400": { "description": "Cannot delete the pending verification for primary email." } }, "summary": "DeletePendingEmailChange", "tags": [ "Users" ] }, "get": { "description": "GetLatestPendingEmailChange returns only the latest email change,\nthat is pending. Returns a 204 if no pending email change requests exist.", "operationId": "GetLatestPendingEmailChange", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GetPendingEmailVerificationResponse" } } }, "description": "OK" }, "204": { "description": "No Content" } }, "summary": "GetLatestPendingEmailChange", "tags": [ "Users" ] } }, "/api/user/pending-invites": { "get": { "description": "ListUserOrgInvites lists the pending invites for the requesting user.", "operationId": "ListUserOrgInvites", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListOrganizationInvitesResponse" } } }, "description": "OK" } }, "summary": "ListUserOrgInvites", "tags": [ "Users" ] } }, "/api/user/stacks": { "get": { "description": "Lists all stacks accessible to the authenticated user. Results can be filtered by organization, project, and stack tags (tagName/tagValue). Supports pagination via continuationToken and maxResults parameters. Returns stack summary information including name, project, last update status, and resource count.", "operationId": "ListUserStacks", "parameters": [ { "description": "Token from a previous response to fetch the next page of results", "in": "query", "name": "continuationToken", "schema": { "type": "string" } }, { "description": "Maximum number of stacks to return per page", "in": "query", "name": "maxResults", "schema": { "format": "int64", "type": "integer" } }, { "description": "Filter stacks to those owned by this organization", "in": "query", "name": "organization", "schema": { "type": "string" } }, { "description": "Filter stacks to those in this project", "in": "query", "name": "project", "schema": { "type": "string" } }, { "description": "List stacks only using this custom role", "in": "query", "name": "roleID", "schema": { "type": "string" } }, { "description": "Filter stacks by tag name (use with tagValue for exact match)", "in": "query", "name": "tagName", "schema": { "type": "string" } }, { "description": "Filter stacks by tag value (requires tagName)", "in": "query", "name": "tagValue", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AppListStacksResponse" } } }, "description": "OK" }, "400": { "description": "Invalid continuation token" } }, "summary": "ListUserStacks", "tags": [ "Users" ] } }, "/api/user/tokens": { "get": { "description": "Returns all personal access tokens for the authenticated user. Web-session generated tokens (type 'web') are excluded from the results. Each token in the response includes its ID, description, and lastUsed timestamp. Use the filter query parameter to search tokens by name or description.", "operationId": "ListPersonalTokens", "parameters": [ { "description": "Filter tokens by name or description", "in": "query", "name": "filter", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListAccessTokensResponse" } } }, "description": "OK" } }, "summary": "ListPersonalTokens", "tags": [ "Users", "AccessTokens" ] }, "post": { "description": "Creates a new personal access token for the authenticated user. The request body includes a description for the token and an optional expiration time. The response includes the token ID and the tokenValue (prefixed with 'pul-'). The token value is only returned once at creation time and cannot be retrieved later.", "operationId": "CreatePersonalToken", "parameters": [ { "description": "Tracks the context that triggered token creation (e.g., redirect URL or referral source)", "in": "query", "name": "reason", "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreatePersonalAccessTokenRequest" } } }, "x-originalParamName": "body" }, "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateAccessTokenResponse" } } }, "description": "OK" } }, "summary": "CreatePersonalToken", "tags": [ "Users", "AccessTokens" ] } }, "/api/user/tokens/{tokenId}": { "delete": { "description": "Permanently deletes a personal access token by its identifier. The token is immediately invalidated and can no longer be used for authentication. Returns 204 on success or 404 if the token does not exist.", "operationId": "DeletePersonalToken", "parameters": [ { "description": "The access token identifier", "in": "path", "name": "tokenId", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Token" } }, "summary": "DeletePersonalToken", "tags": [ "Users", "AccessTokens" ] } }, "/api/user/vcs": { "delete": { "description": "DeleteIdentityProvider removes a VCS identity provider from the current user's account.", "operationId": "DeleteIdentityProvider", "parameters": [ { "description": "The VCS identity provider to disconnect (e.g., github, gitlab, bitbucket)", "in": "query", "name": "identity", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } }, "description": "OK" }, "400": { "description": "must have more than one identity provider" }, "404": { "description": "organizations" } }, "summary": "DeleteIdentityProvider", "tags": [ "Users" ] } }, "/api/user/vcs/organizations": { "get": { "description": "ListIdentityProviderOrganizations lists all of the organizations from a backing VCS visible to the Pulumi Service\nfor the requesting user. Ignores errors if this user doesn't have a specific backing identity.", "operationId": "ListIdentityProviderOrganizations", "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ListGitHubOrganizationsResponse" } } }, "description": "OK" } }, "summary": "ListIdentityProviderOrganizations", "tags": [ "Users" ] } }, "/api/user/vcs/sync": { "post": { "description": "SyncWithIdentityProvider contacts the requesting user's identity provider,\nand updates their profile information (display name, avatar URL, etc.)\nThis is required since we don't get update events from the identity provider\nwhen changes are made in the identity provider's system.", "operationId": "SyncWithIdentityProvider", "parameters": [ { "description": "The VCS identity provider to sync profile data from (e.g., github, gitlab)", "in": "query", "name": "identity", "schema": { "type": "string" } } ], "responses": { "200": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/User" } } }, "description": "OK" }, "400": { "description": "invalid query parameter" } }, "summary": "SyncWithIdentityProvider", "tags": [ "Users" ] } }, "/api/user/verified-email": { "get": { "description": "GetUserHasVerifiedEmail returns a success response if the user has a verified email,\n404 not found if they are not verified", "operationId": "GetUserHasVerifiedEmail", "responses": { "200": { "content": { "application/json": { "schema": { "type": "boolean" } } }, "description": "OK" } }, "summary": "GetUserHasVerifiedEmail", "tags": [ "Users" ] } } }, "tags": [ { "name": "AI" }, { "name": "AI Agents" }, { "name": "AccessTokens" }, { "name": "AuditLogs" }, { "name": "CloudSetup" }, { "name": "DataExport" }, { "name": "DeploymentRunners" }, { "name": "Deployments" }, { "name": "Environments" }, { "name": "Insights" }, { "name": "InsightsAccounts" }, { "name": "Miscellaneous" }, { "name": "Neo" }, { "name": "OAuthTokenExchange" }, { "name": "OidcIssuers" }, { "name": "Organizations" }, { "name": "PolicyGroups" }, { "name": "PolicyPacks" }, { "name": "PolicyResults" }, { "name": "Registry" }, { "name": "RegistryPreview" }, { "name": "ResourceSearch" }, { "name": "ResourcesUnderManagement" }, { "name": "Schedules" }, { "name": "Services" }, { "name": "StackConfig" }, { "name": "StackPolicy" }, { "name": "StackTags" }, { "name": "StackUpdates" }, { "name": "Stacks" }, { "name": "Users" }, { "name": "VCS Integrations" }, { "name": "Webhooks" }, { "name": "Workflows" } ] }