Creates a new policy.
Parameter | Mandatory/Optional | Data Type | Description |
---|---|---|---|
k8sFilters | Mandatory | ---- | Specify cluster and namespace details. Not required while creating Organization level policy (k8sFilters: null). |
cluster | Mandatory | string | Applicable for Cluster level policy. Provides cluster details. |
clusterUid | Mandatory | string | Applicable for Cluster level policy. Specify UID of the cluster. For example: a455f902-7e5a-6ccb-447cb0b18fa5ec94 |
clusterName | Mandatory | string | Applicable for Cluster level policy. Specify name of the cluster. |
namespace | Mandatory | ------ | Applicable for Namespace level policy. Provides details of the namespace. |
namespaceUuid | Mandatory | string | Specify UUID of the namespace. |
namespaceValue | Mandatory | string | Specify value of the namespace. For example: acmecorp_qa |
clusterUid | Mandatory | string | Applicable for Namespace level policy. Specify UID of the cluster. |
policyName | Mandatory | string | Enter a policy name of up to 150 characters. |
description | Mandatory | string | Enter a description for the policy of up to 250 characters. |
policyType | Mandatory | string | Specify the policy type. Valid values: CICD, or K8S_Admission_Controller |
policyMode | Mandatory | string | Specify the policy mode as active to enforce the policy or inactive to keep the policy deactivated. |
assetType | Mandatory | string | Specify the asset type. Currently, only "CICD" is supported. |
isDefault | Mandatory | string | Specify whether to make it a default policy. The valid values are: true or false. |
centralizedPolicyRules | At least one active rule is mandatory | - |
Provide rules as part of the policy evaluation.
This rule reads: If the count of vulnerabilities with severity level 1 is greater than 1, deny/fail the CICD build. Where,
|
API Request
curl -X "POST"
"<qualys_base_url>/csapi/v1.3/centralizedPolicy"
-H "accept: application/json"
-H "Authorization: Bearer <Token>"
-H "Content-Type: application/json"
Request Body for creating cluster level policy
'{
"policyName": "k8sACP",
"description": "Create a policy through API",
"policyType": "K8S_ADMISSION_CONTROLLER",
"centralizedPolicyRules":
[
{
"name": "rule23",
"type": "IMAGESCAN_VULN_SEVERITYCOUNT",
"action": "ALLOW",
"isEnabled": true,
"stopProcessing": true,
"sortOrder": 0,
"metaData":
{
"operator": "GREATER_THAN",
"threshold": 1,
"severityLevel": 2
}
}
],
"policyMode": "ACTIVE",
"isDefault": false,
"tagIds": [],
"k8sFilters":
[
{
"cluster": {
"clusterUid": "a455f902-9c93-450e-901c-b0b18fa5ec94",
"clusterName": "kubernetes-admin@kubernetes"
},
"namespace":null
}
]
}'
Response
{
"uuid": "d967073a-28d8-414d-b96d-3d19eaa20935"
}