Create - C1 documentation

Create

package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.AccessReviewTemplate.Create(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.AccessReviewTemplateServiceCreateResponse != nil {
        // handle response
    }
}

{
  "accessReviewTemplate": {
    "accessReviewDuration": "<string>",
    "annotations": {},
    "autoCloseCampaign": true,
    "autoGenerateReport": true,
    "autoStartCampaign": true,
    "columnConfig": {
      "columns": []
    },
    "createdAt": "2023-11-07T05:31:56Z",
    "deletedAt": "2023-11-07T05:31:56Z",
    "description": "<string>",
    "displayName": "<string>",
    "exemptCertifiedAccessConflicts": true,
    "id": "<string>",
    "inclusionScope": {
      "appUserStatuses": [],
      "appUserTypes": [],
      "managerIds": [
        "<string>"
      ],
      "multiUserProfileAttributes": {},
      "noAccountOwners": true,
      "userIds": [
        "<string>"
      ],
      "userStatuses": []
    },
    "isCampaignScheduleEnabled": true,
    "nextScheduledCampaignAt": "2023-11-07T05:31:56Z",
    "notificationConfig": {
      "sendClose": true,
      "sendKickoff": true,
      "sendReminders": true
    },
    "occurrences": 123,
    "policyId": "<string>",
    "recurrenceRule": {
      "endDate": "2023-11-07T05:31:56Z",
      "interval": 123,
      "occurrences": 123,
      "startDate": "2023-11-07T05:31:56Z"
    },
    "reviewInstructions": "<string>",
    "reviewerAttributeConfig": {
      "bindings": [
        {
          "appId": "<string>",
          "attributeKey": "<string>"
        }
      ]
    },
    "scope": {
      "accountCelExpression": {
        "expression": "<string>"
      },
      "accountCriteria": {
        "accountTypes": [],
        "appUserStatuses": [],
        "noAccountOwner": true
      },
      "allAccessConflicts": {},
      "allAccounts": {},
      "allGrants": {},
      "allUsers": {},
      "appAccess": {},
      "appSelectionCriteria": {
        "complianceFrameworkAttributeValueIds": [
          "<string>"
        ],
        "riskLevelAttributeValueIds": [
          "<string>"
        ]
      },
      "celExpression": {
        "expression": "<string>"
      },
      "grantsByCriteria": {
        "accessProfileFilter": {
          "excludedAccessProfileIds": [
            "<string>"
          ],
          "includedAccessProfileIds": [
            "<string>"
          ]
        },
        "daysSinceAdded": "<string>",
        "daysSinceLastUsed": "<string>",
        "daysSinceReviewed": "<string>",
        "grantsAddedBetween": {
          "endDate": "2023-11-07T05:31:56Z",
          "startDate": "2023-11-07T05:31:56Z"
        }
      },
      "resourceSelection": {},
      "resourceTypeSelections": {},
      "selectedUsers": {
        "userIds": [
          "<string>"
        ]
      },
      "specificAccessConflicts": {},
      "specificResources": {},
      "userCriteria": {
        "groupAppEntitlementsRef": [
          {
            "appId": "<string>",
            "id": "<string>"
          }
        ],
        "managerUserIds": [
          "<string>"
        ],
        "multiUserProfileAttributes": {},
        "userStatus": []
      }
    },
    "signatureConfig": {
      "meaningOfSignature": "<string>",
      "requireSignature": true,
      "stepUpProviderId": "<string>",
      "tspUrl": "<string>"
    },
    "slackChannel": {
      "description": "<string>",
      "name": "<string>"
    },
    "updatedAt": "2023-11-07T05:31:56Z",
    "usePolicyOverride": true
  }
}

POST

api

access_review_template

Create

package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.AccessReviewTemplate.Create(ctx, nil)
    if err != nil {
        log.Fatal(err)
    }
    if res.AccessReviewTemplateServiceCreateResponse != nil {
        // handle response
    }
}

{
  "accessReviewTemplate": {
    "accessReviewDuration": "<string>",
    "annotations": {},
    "autoCloseCampaign": true,
    "autoGenerateReport": true,
    "autoStartCampaign": true,
    "columnConfig": {
      "columns": []
    },
    "createdAt": "2023-11-07T05:31:56Z",
    "deletedAt": "2023-11-07T05:31:56Z",
    "description": "<string>",
    "displayName": "<string>",
    "exemptCertifiedAccessConflicts": true,
    "id": "<string>",
    "inclusionScope": {
      "appUserStatuses": [],
      "appUserTypes": [],
      "managerIds": [
        "<string>"
      ],
      "multiUserProfileAttributes": {},
      "noAccountOwners": true,
      "userIds": [
        "<string>"
      ],
      "userStatuses": []
    },
    "isCampaignScheduleEnabled": true,
    "nextScheduledCampaignAt": "2023-11-07T05:31:56Z",
    "notificationConfig": {
      "sendClose": true,
      "sendKickoff": true,
      "sendReminders": true
    },
    "occurrences": 123,
    "policyId": "<string>",
    "recurrenceRule": {
      "endDate": "2023-11-07T05:31:56Z",
      "interval": 123,
      "occurrences": 123,
      "startDate": "2023-11-07T05:31:56Z"
    },
    "reviewInstructions": "<string>",
    "reviewerAttributeConfig": {
      "bindings": [
        {
          "appId": "<string>",
          "attributeKey": "<string>"
        }
      ]
    },
    "scope": {
      "accountCelExpression": {
        "expression": "<string>"
      },
      "accountCriteria": {
        "accountTypes": [],
        "appUserStatuses": [],
        "noAccountOwner": true
      },
      "allAccessConflicts": {},
      "allAccounts": {},
      "allGrants": {},
      "allUsers": {},
      "appAccess": {},
      "appSelectionCriteria": {
        "complianceFrameworkAttributeValueIds": [
          "<string>"
        ],
        "riskLevelAttributeValueIds": [
          "<string>"
        ]
      },
      "celExpression": {
        "expression": "<string>"
      },
      "grantsByCriteria": {
        "accessProfileFilter": {
          "excludedAccessProfileIds": [
            "<string>"
          ],
          "includedAccessProfileIds": [
            "<string>"
          ]
        },
        "daysSinceAdded": "<string>",
        "daysSinceLastUsed": "<string>",
        "daysSinceReviewed": "<string>",
        "grantsAddedBetween": {
          "endDate": "2023-11-07T05:31:56Z",
          "startDate": "2023-11-07T05:31:56Z"
        }
      },
      "resourceSelection": {},
      "resourceTypeSelections": {},
      "selectedUsers": {
        "userIds": [
          "<string>"
        ]
      },
      "specificAccessConflicts": {},
      "specificResources": {},
      "userCriteria": {
        "groupAppEntitlementsRef": [
          {
            "appId": "<string>",
            "id": "<string>"
          }
        ],
        "managerUserIds": [
          "<string>"
        ],
        "multiUserProfileAttributes": {},
        "userStatus": []
      }
    },
    "signatureConfig": {
      "meaningOfSignature": "<string>",
      "requireSignature": true,
      "stepUpProviderId": "<string>",
      "tspUrl": "<string>"
    },
    "slackChannel": {
      "description": "<string>",
      "name": "<string>"
    },
    "updatedAt": "2023-11-07T05:31:56Z",
    "usePolicyOverride": true
  }
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization

string

header

required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Body

application/json

The AccessReviewTemplateServiceCreateRequest message.

accessReviewDuration

string<duration> | null

accuracyIssueAction

enum<string> | null

The accuracyIssueAction field.

Available options:

ACCURACY_ISSUE_ACTION_UNSPECIFIED,

ACCURACY_ISSUE_ACTION_CONTINUE,

ACCURACY_ISSUE_ACTION_WAIT

annotations

object

Bounded key/value metadata bag for IaC marking and customer tags. See .rfcs/object-annotations.md §2. Limits: ≤16 entries; keys 1–128 chars matching ^[A-Za-z][A-Za-z0-9._/-]{0,127}$; values 0–256 chars matching URL-safe ASCII; total serialized ≤4096 bytes. Keys starting with c1/ are reserved for server-managed use and rejected on write.

Well-known keys: managed_by, iac_workspace, iac_resource_address, iac_tool_version.

Show child attributes

autoCloseCampaign

boolean | null

The autoCloseCampaign field.

autoCloseDecision

enum<string> | null

The autoCloseDecision field.

Available options:

CLOSE_DECISION_UNSPECIFIED,

CLOSE_DECISION_REVOKED,

CLOSE_DECISION_SKIP,

CLOSE_DECISION_NO_ACTION

autoGenerateReport

boolean | null

auto generate report when campaign is closed

autoStartCampaign

boolean | null

The autoStartCampaign field.

columnConfig

Access Review Column Config · object

Configuration for which columns are visible in the reviewer task list.

Show child attributes

defaultView

enum<string> | null

The defaultView field.

Available options:

ACCESS_REVIEW_VIEW_TYPE_UNSPECIFIED,

ACCESS_REVIEW_VIEW_TYPE_BY_APP,

ACCESS_REVIEW_VIEW_TYPE_BY_USER,

ACCESS_REVIEW_VIEW_TYPE_UNSTRUCTURED,

ACCESS_REVIEW_VIEW_TYPE_BY_RESOURCE

description

string | null

An optional description providing context about the template.

displayName

string | null

The display name for the new template.

exemptCertifiedAccessConflicts

boolean | null

The exemptCertifiedAccessConflicts field.

isCampaignScheduleEnabled

boolean | null

The isCampaignScheduleEnabled field.

notificationConfig

Notification Config · object

Controls which email notifications are sent during the access review lifecycle.

Show child attributes

ownerIds

string[] | null

The IDs of the users who own this template. At least one owner is required.

policyId

string | null

The ID of the default review policy for campaigns created from this template.

recurrenceRule

Recurrence Rule · object

The RecurrenceRule message.

This message contains a oneof named end_condition. Only a single field of the following list may be set at a time:

endDate
occurrences

Show child attributes

reviewInstructions

string | null

The reviewInstructions field.

reviewerAttributeConfig

Reviewer Attribute Config · object

Allowlist of AppUser.profile keys visible to reviewers, scoped per app. Empty = reviewers see no profile attributes in the AppUser tooltip.

Show child attributes

scope

Access Review Scope V 2 · object

The AccessReviewScopeV2 message.

This message contains a oneof named apps_and_resources_scope. Only a single field of the following list may be set at a time:

appAccess
specificResources
appSelectionCriteria
resourceTypeSelections

This message contains a oneof named users_scope. Only a single field of the following list may be set at a time:

allUsers
selectedUsers
userCriteria
celExpression

This message contains a oneof named accounts_scope. Only a single field of the following list may be set at a time:

allAccounts
accountCriteria
accountCelExpression

This message contains a oneof named grants_scope. Only a single field of the following list may be set at a time:

allGrants
grantsByCriteria

This message contains a oneof named access_conflicts_scope. Only a single field of the following list may be set at a time:

allAccessConflicts
specificAccessConflicts

This message contains a oneof named resource_scope. Only a single field of the following list may be set at a time:

resourceSelection

Show child attributes

scopeType

enum<string> | null

The scopeType field.

Available options:

ACCESS_REVIEW_SCOPE_TYPE_UNSPECIFIED,

ACCESS_REVIEW_SCOPE_TYPE_BY_ENTITLEMENTS,

ACCESS_REVIEW_SCOPE_TYPE_BY_ACCESS_CONFLICTS,

ACCESS_REVIEW_SCOPE_TYPE_BY_RESOURCE,

ACCESS_REVIEW_SCOPE_TYPE_BY_INHERITANCE

signatureConfig

Review Signature Config · object

Signature configuration for access review submissions

Show child attributes

usePolicyOverride

boolean | null

The usePolicyOverride field.

Response

200 - application/json

Successful response

The AccessReviewTemplateServiceCreateResponse message.

accessReviewTemplate

Access Review Template · object

A reusable template that defines the configuration for creating access review campaigns. Templates can optionally be scheduled to automatically create campaigns on a recurring basis.

This message contains a oneof named slack_channel_details. Only a single field of the following list may be set at a time:

slackChannel

Show child attributes

List

Get

⌘I