> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Update Grant Duration > Update the grant duration for a task. Only applies to grant tasks with a single entitlement that are not in a provision step. The new duration must not exceed the entitlement's maximum allowed provision time. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/tasks/{task_id}/action/update-grant-duration openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/tasks/{task_id}/action/update-grant-duration: post: tags: - Task summary: Update Grant Duration description: >- Update the grant duration for a task. Only applies to grant tasks with a single entitlement that are not in a provision step. The new duration must not exceed the entitlement's maximum allowed provision time. operationId: c1.api.task.v1.TaskActionsService.UpdateGrantDuration parameters: - in: path name: task_id required: true schema: description: The ID of the task to update the grant duration for. readOnly: false type: string requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.task.v1.TaskActionsServiceUpdateGrantDurationRequestInput responses: '200': content: application/json: schema: $ref: '#/components/schemas/c1.api.task.v1.TaskServiceActionResponse' description: >- A generic response for task action endpoints, containing the updated task and the ID of the action that was created. x-codeSamples: - lang: go label: UpdateGrantDuration source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/operations\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.TaskActions.UpdateGrantDuration(ctx, operations.C1APITaskV1TaskActionsServiceUpdateGrantDurationRequest{\n TaskID: \"\",\n })\n if err != nil {\n log.Fatal(err)\n }\n if res.TaskServiceActionResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.taskActions.updateGrantDuration({ taskId: "", }); console.log(result); } run(); components: schemas: c1.api.task.v1.TaskActionsServiceUpdateGrantDurationRequestInput: description: >- The TaskActionsServiceUpdateGrantDurationRequest object lets you change the grant duration on a grant task. properties: duration: format: duration readOnly: false type: string expandMask: $ref: '#/components/schemas/c1.api.task.v1.TaskExpandMask' required: - duration title: Task Actions Service Update Grant Duration Request type: object x-speakeasy-name-override: TaskActionsServiceUpdateGrantDurationRequest c1.api.task.v1.TaskServiceActionResponse: description: >- A generic response for task action endpoints, containing the updated task and the ID of the action that was created. properties: expanded: description: List of serialized related objects. items: additionalProperties: true description: >- Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. properties: '@type': description: The type of the serialized message. type: string readOnly: false type: object nullable: true readOnly: false type: array taskView: $ref: '#/components/schemas/c1.api.task.v1.TaskView' ticketActionId: description: The ID of the task action created by this request. readOnly: false type: string title: Task Service Action Response type: object x-speakeasy-name-override: TaskServiceActionResponse c1.api.task.v1.TaskExpandMask: description: >- The task expand mask is an array of strings that specifes the related objects the requester wishes to have returned when making a request where the expand mask is part of the input. Use '*' to view all possible responses. properties: paths: description: >- A list of paths to expand in the response. May be any combination of "*", "access_review_id", "user_id", "created_by_user_id", "app_id", "app_user_id", "app_entitlement_ids", "step_approver_ids", "approver_ids", "identity_user_id", "insight_ids", "app_user_last_usage", "entitlement_scope_bindings", and "scope_role_resources". items: type: string nullable: true readOnly: false type: array title: Task Expand Mask type: object x-speakeasy-name-override: TaskExpandMask c1.api.task.v1.TaskView: description: >- Contains a task and JSONPATH expressions that describe where in the expanded array related objects are located. This view can be used to display a fully-detailed dashboard of task information. properties: accessReviewPath: description: >- JSONPATH expression indicating the location of the AccessReview object in the expanded array readOnly: true type: string appPath: description: >- JSONPATH expression indicating the location of the App object in the expanded array readOnly: true type: string appUserLastUsagePath: description: >- JSONPATH expression indicating the location of the AppUser last usage timestamp in the expanded array readOnly: true type: string appUserPath: description: >- JSONPATH expression indicating the location of the AppUser object in the expanded array readOnly: true type: string approversPath: description: >- JSONPATH expression indicating the location of the ApproverUsers objects in the expanded array. These are the users who have approved or denied this task. readOnly: true type: string createdByUserPath: description: >- JSONPATH expression indicating the location of the object of the User that created the ticket in the expanded array readOnly: true type: string entitlementsPath: description: >- JSONPATH expression indicating the location of the Entitlements objects in the expanded array readOnly: true type: string identityUserPath: description: >- JSONPATH expression indicating the location of the User object of the User that this task is targeting in the expanded array. This is the user that is the identity when the target of a task is an app user. readOnly: true type: string insightsPath: description: >- JSONPATH expression indicating the location of the Insights objects in the expanded array readOnly: true type: string resourceBindingsPath: description: >- JSONPATH expression indicating the location of the EntitlementScopeBindingList object in the expanded array. readOnly: true type: string roleResourcePath: description: >- JSONPATH expression indicating the location of the role AppResource for a scope-role action task in the expanded array. readOnly: true type: string scopeResourcePath: description: >- JSONPATH expression indicating the location of the scope AppResource for a scope-role action task in the expanded array. readOnly: true type: string stepApproversPath: description: >- JSONPATH expression indicating the location of the StepApproverUsers objects in the expanded array readOnly: true type: string task: $ref: '#/components/schemas/c1.api.task.v1.Task' userPath: description: >- JSONPATH expression indicating the location of the User object in the expanded array. This is the user that is a direct target of the ticket without a specific relationship to a potentially non-existent app user. readOnly: true type: string title: Task View type: object x-speakeasy-name-override: TaskView c1.api.task.v1.Task: description: >- A fully-fleged task object. Includes its policy, references to external apps, its type, its processing history, and more. properties: actions: description: The actions that can be performed on the task by the current user. items: enum: - TASK_ACTION_TYPE_UNSPECIFIED - TASK_ACTION_TYPE_CLOSE - TASK_ACTION_TYPE_APPROVE - TASK_ACTION_TYPE_DENY - TASK_ACTION_TYPE_COMMENT - TASK_ACTION_TYPE_DELETE - TASK_ACTION_TYPE_REASSIGN - TASK_ACTION_TYPE_RESTART - TASK_ACTION_TYPE_SEND_REMINDER - TASK_ACTION_TYPE_PROVISION_COMPLETE - TASK_ACTION_TYPE_PROVISION_CANCELLED - TASK_ACTION_TYPE_PROVISION_ERRORED - TASK_ACTION_TYPE_ROLLBACK_SKIPPED - TASK_ACTION_TYPE_PROVISION_APP_USER_TARGET_CREATED - TASK_ACTION_TYPE_HARD_RESET - TASK_ACTION_TYPE_ESCALATE_TO_EMERGENCY_ACCESS - TASK_ACTION_TYPE_CHANGE_POLICY - TASK_ACTION_TYPE_RECALCULATE_DENIAL_FROM_BASE_POLICY_DECISIONS - TASK_ACTION_TYPE_SET_INSIGHTS_AND_RECOMMENDATION - TASK_ACTION_TYPE_SET_ANALYSIS_ID - TASK_ACTION_TYPE_RECALCULATE_APPROVERS_LIST - TASK_ACTION_TYPE_PROCESS_NOW - TASK_ACTION_TYPE_APPROVE_WITH_STEP_UP - TASK_ACTION_TYPE_SKIP_STEP - TASK_ACTION_TYPE_ROLLBACK_CANCELLED - TASK_ACTION_TYPE_UPDATE_REQUEST_DATA - TASK_ACTION_TYPE_UPDATE_GRANT_DURATION type: string x-speakeasy-unknown-values: allow nullable: true readOnly: true type: array analysisId: description: >- The ID of the analysis object associated with this task created by an analysis workflow if the analysis feature is enabled for your tenant. readOnly: true type: string annotations: description: >- An array of `google.protobuf.Any` annotations with various base64-encoded data. items: additionalProperties: true description: >- Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. properties: '@type': description: The type of the serialized message. type: string readOnly: true type: object nullable: true readOnly: true type: array approverIds: description: >- An array of IDs belonging to Identity Users that have approved or denied any step in this task. items: type: string nullable: true readOnly: true type: array commentCount: description: The count of comments. format: int32 readOnly: true type: integer createdAt: format: date-time readOnly: true type: string createdByUserId: description: >- The ID of the user that is the creator of this task. This may not always match the userId field. readOnly: true type: string data: additionalProperties: true readOnly: true type: object deletedAt: format: date-time readOnly: true type: string description: description: The description of the task. This is also known as justification. readOnly: true type: string displayName: description: The display name of the task. readOnly: true type: string emergencyAccess: description: >- A field indicating whether this task was created using an emergency access flow, or escalated to emergency access. On task creation, it will also use the app entitlement's emergency policy when possible. readOnly: true type: boolean externalRefs: description: >- An array of external references to the task. Historically that has been items like Jira task IDs. This is currently unused, but may come back in the future for integrations. items: $ref: '#/components/schemas/c1.api.task.v1.ExternalRef' nullable: true readOnly: true type: array form: $ref: '#/components/schemas/c1.api.form.v1.Form' id: description: The ID of the task. readOnly: true type: string insightIds: description: The insightIds field. items: type: string nullable: true readOnly: false type: array numericId: description: >- A human-usable numeric ID of a task which can be included in place of the fully qualified task id in path parmeters (but not search queries). format: int64 readOnly: true type: string origin: description: The origin field. enum: - TASK_ORIGIN_UNSPECIFIED - TASK_ORIGIN_PROFILE_MEMBERSHIP_AUTOMATION - TASK_ORIGIN_SLACK - TASK_ORIGIN_API - TASK_ORIGIN_JIRA - TASK_ORIGIN_COPILOT - TASK_ORIGIN_WEBAPP - TASK_ORIGIN_TIME_REVOKE - TASK_ORIGIN_NON_USAGE_REVOKE - TASK_ORIGIN_PROFILE_MEMBERSHIP_MANUAL - TASK_ORIGIN_PROFILE_MEMBERSHIP - TASK_ORIGIN_AUTOMATION - TASK_ORIGIN_ACCESS_REVIEW - TASK_ORIGIN_CASCADE_DELETE readOnly: false type: string x-speakeasy-unknown-values: allow policy: $ref: '#/components/schemas/c1.api.policy.v1.PolicyInstance' policyGenerationId: description: >- The policy generation id refers to the current policy's generation ID. This is changed when the policy is changed on a task. readOnly: true type: string processing: description: The processing state of a task as defined by the `processing_enum` enum: - TASK_PROCESSING_TYPE_UNSPECIFIED - TASK_PROCESSING_TYPE_PROCESSING - TASK_PROCESSING_TYPE_WAITING - TASK_PROCESSING_TYPE_DONE readOnly: true type: string x-speakeasy-unknown-values: allow recommendation: description: The recommendation field. enum: - INSIGHT_RECOMMENDATION_UNSPECIFIED - INSIGHT_RECOMMENDATION_APPROVE - INSIGHT_RECOMMENDATION_DENY - INSIGHT_RECOMMENDATION_REVIEW readOnly: false type: string x-speakeasy-unknown-values: allow revocationTargets: description: >- Ancestor entitlements that will also be revoked when this revoke task is approved. Populated at ticket creation time for inherited grant revocations. items: $ref: '#/components/schemas/c1.api.task.v1.TaskRevocationTarget' nullable: true readOnly: true type: array state: description: The current state of the task as defined by the `state_enum` enum: - TASK_STATE_UNSPECIFIED - TASK_STATE_OPEN - TASK_STATE_CLOSED readOnly: true type: string x-speakeasy-unknown-values: allow stepApproverIds: description: >- An array of IDs belonging to Identity Users that are allowed to review this step in a task. items: type: string nullable: true readOnly: true type: array type: $ref: '#/components/schemas/c1.api.task.v1.TaskType' updatedAt: format: date-time readOnly: true type: string userId: description: >- The ID of the user that is the target of this task. This may be empty if we're targeting a specific app user that has no known identity user. readOnly: true type: string title: Task type: object x-speakeasy-name-override: Task c1.api.task.v1.ExternalRef: description: >- A reference to an external source. This value is unused currently, but may be brought back. properties: externalRefSource: description: The source of the external reference. enum: - UNSPECIFIED - JIRA readOnly: true type: string x-speakeasy-unknown-values: allow name: description: The name of the external reference. readOnly: true type: string url: description: The URL to the external reference. readOnly: true type: string title: External Ref type: object x-speakeasy-name-override: ExternalRef c1.api.form.v1.Form: description: A form is a collection of fields to be filled out by a user properties: description: description: The description field. readOnly: false type: string displayName: description: The displayName field. readOnly: false type: string fieldGroups: description: The fieldGroups field. items: $ref: '#/components/schemas/c1.api.form.v1.FieldGroup' nullable: true readOnly: false type: array fieldRelationships: description: The fieldRelationships field. items: $ref: '#/components/schemas/c1.api.form.v1.FieldRelationship' nullable: true readOnly: false type: array fields: description: The fields field. items: $ref: '#/components/schemas/c1.api.form.v1.Field' nullable: true readOnly: false type: array id: description: The id field. readOnly: false type: string title: Form type: object x-speakeasy-entity: Request_Schema x-speakeasy-name-override: RequestSchemaForm c1.api.policy.v1.PolicyInstance: description: >- A policy instance is an object that contains a reference to the policy it was created from, the currently executing step, the next steps, and the history of previously completed steps. properties: current: $ref: '#/components/schemas/c1.api.policy.v1.PolicyStepInstance' history: description: >- An array of steps that were previously processed by the ticket with their outcomes set, in order. items: $ref: '#/components/schemas/c1.api.policy.v1.PolicyStepInstance' nullable: true readOnly: true type: array next: description: An array of steps that will be processed by the ticket, in order. items: $ref: '#/components/schemas/c1.api.policy.v1.PolicyStep' nullable: true readOnly: true type: array policy: $ref: '#/components/schemas/c1.api.policy.v1.Policy' title: Policy Instance type: object x-speakeasy-name-override: PolicyInstance c1.api.task.v1.TaskRevocationTarget: description: >- An ancestor entitlement that will be revoked as part of an inheritance revocation. properties: entitlementRef: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlementRef' title: Task Revocation Target type: object x-speakeasy-name-override: TaskRevocationTarget c1.api.task.v1.TaskType: description: > Task Type provides configuration for the type of task: certify, grant, or revoke This message contains a oneof named task_type. Only a single field of the following list may be set at a time: - grant - revoke - certify - offboarding - action - finding properties: action: $ref: '#/components/schemas/c1.api.task.v1.TaskTypeAction' certify: $ref: '#/components/schemas/c1.api.task.v1.TaskTypeCertify' finding: $ref: '#/components/schemas/c1.api.task.v1.TaskTypeFinding' grant: $ref: '#/components/schemas/c1.api.task.v1.TaskTypeGrant' offboarding: $ref: '#/components/schemas/c1.api.task.v1.TaskTypeOffboarding' revoke: $ref: '#/components/schemas/c1.api.task.v1.TaskTypeRevoke' title: Task Type type: object x-speakeasy-name-override: TaskType c1.api.form.v1.FieldGroup: description: The FieldGroup message. properties: default: description: The default field. readOnly: false type: boolean displayName: description: The displayName field. readOnly: false type: string fields: description: The fields field. items: type: string nullable: true readOnly: false type: array helpText: description: The helpText field. readOnly: false type: string name: description: The name field. readOnly: false type: string title: Field Group type: object x-speakeasy-name-override: FormFieldGroup c1.api.form.v1.FieldRelationship: description: > FieldRelationships can be used during form validation, or they can represent information that is necessary to when it comes to visually rendering the form This message contains a oneof named kind. Only a single field of the following list may be set at a time: - requiredTogether - atLeastOne - mutuallyExclusive - dependentOn properties: atLeastOne: $ref: '#/components/schemas/c1.api.form.v1.AtLeastOne' dependentOn: $ref: '#/components/schemas/c1.api.form.v1.DependentOn' fieldNames: description: The names of the fields that share this relationship items: type: string nullable: true readOnly: false type: array mutuallyExclusive: $ref: '#/components/schemas/c1.api.form.v1.MutuallyExclusive' requiredTogether: $ref: '#/components/schemas/c1.api.form.v1.RequiredTogether' title: Field Relationship type: object x-speakeasy-name-override: FieldRelationship c1.api.form.v1.Field: description: > A field is a single input meant to collect a piece of data from a user This message contains a oneof named type. Only a single field of the following list may be set at a time: - stringField - boolField - stringSliceField - int64Field - fileField - oauth2Field - stringMapField This message contains a oneof named provider_config. Only a single field of the following list may be set at a time: - userConfig - adminConfig - sharedConfig properties: adminConfig: $ref: '#/components/schemas/c1.api.form.v1.AdminProviderConfig' boolField: $ref: '#/components/schemas/c1.api.form.v1.BoolField' description: description: The description field. readOnly: false type: string displayName: description: The displayName field. readOnly: false type: string fileField: $ref: '#/components/schemas/c1.api.form.v1.FileField' int64Field: $ref: '#/components/schemas/c1.api.form.v1.Int64Field' name: description: The name field. readOnly: false type: string oauth2Field: $ref: '#/components/schemas/c1.api.form.v1.Oauth2Field' required: description: The required field. readOnly: false type: boolean sharedConfig: $ref: '#/components/schemas/c1.api.form.v1.SharedProviderConfig' stringField: $ref: '#/components/schemas/c1.api.form.v1.StringField' stringMapField: $ref: '#/components/schemas/c1.api.form.v1.StringMapField' stringSliceField: $ref: '#/components/schemas/c1.api.form.v1.StringSliceField' userConfig: $ref: '#/components/schemas/c1.api.form.v1.UserProviderConfig' title: Field type: object x-speakeasy-name-override: FormField c1.api.policy.v1.PolicyStepInstance: description: > The policy step instance includes a reference to an instance of a policy step that tracks state and has a unique ID. This message contains a oneof named instance. Only a single field of the following list may be set at a time: - approval - provision - accept - reject - wait - form - action properties: accept: $ref: '#/components/schemas/c1.api.policy.v1.AcceptInstance' action: $ref: '#/components/schemas/c1.api.policy.v1.ActionInstance' approval: $ref: '#/components/schemas/c1.api.policy.v1.ApprovalInstance' form: $ref: '#/components/schemas/c1.api.policy.v1.FormInstance' id: description: >- The ID of the PolicyStepInstance. This is required by many action submission endpoints to indicate what step you're approving. readOnly: true type: string policyGenerationId: description: >- The policy generation id refers to the version of the policy that this step was created from. readOnly: false type: string provision: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionInstance' reject: $ref: '#/components/schemas/c1.api.policy.v1.RejectInstance' state: description: The state of the step, which is either active or done. enum: - POLICY_STEP_STATE_UNSPECIFIED - POLICY_STEP_STATE_ACTIVE - POLICY_STEP_STATE_DONE readOnly: true type: string x-speakeasy-unknown-values: allow wait: $ref: '#/components/schemas/c1.api.policy.v1.WaitInstance' title: Policy Step Instance type: object x-speakeasy-name-override: PolicyStepInstance c1.api.policy.v1.PolicyStep: description: > A single step in a policy workflow. Exactly one step type is set. This message contains a oneof named step. Only a single field of the following list may be set at a time: - approval - provision - accept - reject - wait - form - action properties: accept: $ref: '#/components/schemas/c1.api.policy.v1.Accept' action: $ref: '#/components/schemas/c1.api.policy.v1.Action' approval: $ref: '#/components/schemas/c1.api.policy.v1.Approval' form: $ref: '#/components/schemas/c1.api.policy.v1.Form' provision: $ref: '#/components/schemas/c1.api.policy.v1.Provision' reject: $ref: '#/components/schemas/c1.api.policy.v1.Reject' wait: $ref: '#/components/schemas/c1.api.policy.v1.Wait' title: Policy Step type: object x-speakeasy-name-override: PolicyStep c1.api.policy.v1.Policy: description: >- A policy defines a workflow (sequence of steps) that runs when processing access requests, reviews, or revocations. Policies support conditional routing: different conditions can trigger different step sequences, with a baseline fallback. properties: createdAt: format: date-time readOnly: true type: string deletedAt: format: date-time readOnly: true type: string description: description: The description of the Policy. readOnly: false type: string displayName: description: The display name of the Policy. readOnly: false type: string id: description: The ID of the Policy. readOnly: true type: string policySteps: additionalProperties: $ref: '#/components/schemas/c1.api.policy.v1.PolicySteps' description: >- A map from string keys to step sequences. One entry is always the baseline, keyed by the lowercased policy_type (e.g., "grant", "revoke", "certify"). Additional entries have opaque keys (UUIDs) and are referenced by the rules array for conditional routing. If no conditional rules are configured, only the baseline entry exists. readOnly: false type: object policyType: description: >- The type of this policy (grant, revoke, or certify). The lowercased type name (e.g., "grant") is also the key for the baseline entry in policy_steps. enum: - POLICY_TYPE_UNSPECIFIED - POLICY_TYPE_GRANT - POLICY_TYPE_REVOKE - POLICY_TYPE_CERTIFY - POLICY_TYPE_ACCESS_REQUEST - POLICY_TYPE_PROVISION readOnly: false type: string x-speakeasy-unknown-values: allow postActions: description: Ordered actions to execute after the policy completes processing. items: $ref: '#/components/schemas/c1.api.policy.v1.PolicyPostActions' nullable: true readOnly: false type: array reassignTasksToDelegates: deprecated: true description: >- This field is no longer used. Configure delegate reassignment in the policy step instead. readOnly: false type: boolean rules: description: >- Ordered conditional routing rules. Evaluated top-to-bottom; the first matching rule selects a step sequence from policy_steps. If no rule matches (or if this array is empty), the baseline entry in policy_steps is used. items: $ref: '#/components/schemas/c1.api.policy.v1.Rule' nullable: true readOnly: false type: array systemBuiltin: description: >- Whether this policy is a builtin system policy. Builtin system policies cannot be edited. readOnly: true type: boolean updatedAt: format: date-time readOnly: true type: string title: Policy type: object x-speakeasy-entity: Policy x-speakeasy-name-override: Policy c1.api.app.v1.AppEntitlementRef: description: The AppEntitlementRef message. properties: appId: description: The appId field. readOnly: false type: string id: description: The id field. readOnly: false type: string title: App Entitlement Ref type: object x-speakeasy-name-override: AppEntitlementRef c1.api.task.v1.TaskTypeAction: description: > The TaskTypeAction message. This message contains a oneof named target_object. Only a single field of the following list may be set at a time: - scopeRole nullable: true properties: actionId: description: >- The ID of the admin-authored action to execute. Empty for synthesized action tickets (e.g. scope-role grants) — those carry dispatch configuration on action_instance and target_object instead. readOnly: true type: string actionInstance: $ref: '#/components/schemas/c1.api.task.v1.ActionInstance' displayName: description: >- Display label captured on the action snapshot at ticket-creation time. Stable under admin renames to a referenced Action row and populated for synthesized tickets that have no Action row at all. UI reads this to render the task title without an Action fetch. readOnly: true type: string formValues: additionalProperties: true readOnly: true type: object outcome: description: The outcome field. enum: - ACTION_OUTCOME_UNSPECIFIED - ACTION_OUTCOME_SUCCESS - ACTION_OUTCOME_DENIED - ACTION_OUTCOME_ERROR - ACTION_OUTCOME_CANCELLED readOnly: true type: string x-speakeasy-unknown-values: allow outcomeTime: format: date-time readOnly: true type: string scopeRole: $ref: '#/components/schemas/c1.api.task.v1.ScopeRole' type: description: |- Flavor of action the ticket represents — mirrors the snapshot's target_ref variant. enum: - TYPE_UNSPECIFIED - TYPE_GRANT - TYPE_WORKFLOW - TYPE_RESOURCE_ACTION readOnly: true type: string x-speakeasy-unknown-values: allow title: Task Type Action type: object x-speakeasy-name-override: TaskTypeAction c1.api.task.v1.TaskTypeCertify: description: >- The TaskTypeCertify message indicates that a task is a certify task and all related details. nullable: true properties: accessReviewId: description: The ID of the access review. readOnly: true type: string accessReviewSelection: description: >- The ID of the specific access review object that owns this certify task. This is also set on a revoke task if the revoke task is created from the denied outcome of a certify task. readOnly: true type: string appEntitlementId: description: The ID of the app entitlement. readOnly: true type: string appId: description: The ID of the app. readOnly: true type: string appUserId: description: The ID of the app user. readOnly: true type: string identityUserId: description: The ID of the user. readOnly: true type: string outcome: description: The outcome of the certification. enum: - CERTIFY_OUTCOME_UNSPECIFIED - CERTIFY_OUTCOME_CERTIFIED - CERTIFY_OUTCOME_DECERTIFIED - CERTIFY_OUTCOME_ERROR - CERTIFY_OUTCOME_CANCELLED - CERTIFY_OUTCOME_WAIT_TIMED_OUT readOnly: true type: string x-speakeasy-unknown-values: allow outcomeTime: format: date-time readOnly: true type: string title: Task Type Certify type: object x-speakeasy-name-override: TaskTypeCertify c1.api.task.v1.TaskTypeFinding: description: The TaskTypeFinding message. nullable: true properties: findingId: description: Reference to the source finding. readOnly: true type: string findingType: description: The finding type discriminator. readOnly: true type: string outcome: description: The outcome field. enum: - FINDING_TASK_OUTCOME_UNSPECIFIED - FINDING_TASK_OUTCOME_REMEDIATED - FINDING_TASK_OUTCOME_RISK_ACCEPTED - FINDING_TASK_OUTCOME_CANCELLED readOnly: true type: string x-speakeasy-unknown-values: allow outcomeTime: format: date-time readOnly: true type: string title: Task Type Finding type: object x-speakeasy-name-override: TaskTypeFinding c1.api.task.v1.TaskTypeGrant: description: >- The TaskTypeGrant message indicates that a task is a grant task and all related details. nullable: true properties: appEntitlementId: description: The ID of the app entitlement. readOnly: true type: string appId: description: The ID of the app. readOnly: true type: string appUserId: description: The ID of the app user. readOnly: true type: string grantDuration: format: duration readOnly: true type: string identityUserId: description: The ID of the user. readOnly: true type: string outcome: description: The outcome of the grant. enum: - GRANT_OUTCOME_UNSPECIFIED - GRANT_OUTCOME_GRANTED - GRANT_OUTCOME_DENIED - GRANT_OUTCOME_ERROR - GRANT_OUTCOME_CANCELLED - GRANT_OUTCOME_WAIT_TIMED_OUT readOnly: true type: string x-speakeasy-unknown-values: allow outcomeTime: format: date-time readOnly: true type: string source: $ref: '#/components/schemas/c1.api.task.v1.TaskGrantSource' title: Task Type Grant type: object x-speakeasy-name-override: TaskTypeGrant c1.api.task.v1.TaskTypeOffboarding: description: The TaskTypeOffboarding message. nullable: true properties: outcome: description: The outcome field. enum: - OFFBOARDING_OUTCOME_UNSPECIFIED - OFFBOARDING_OUTCOME_IN_PROGRESS - OFFBOARDING_OUTCOME_DONE - OFFBOARDING_OUTCOME_ERROR - OFFBOARDING_OUTCOME_CANCELLED readOnly: true type: string x-speakeasy-unknown-values: allow outcomeTime: format: date-time readOnly: true type: string subjectUserId: description: The subjectUserId field. readOnly: true type: string title: Task Type Offboarding type: object x-speakeasy-name-override: TaskTypeOffboarding c1.api.task.v1.TaskTypeRevoke: description: >- The TaskTypeRevoke message indicates that a task is a revoke task and all related details. nullable: true properties: appEntitlementId: description: The ID of the app entitlement. readOnly: true type: string appId: description: The ID of the app. readOnly: true type: string appUserId: description: The ID of the app user. readOnly: true type: string identityUserId: description: The ID of the user. readOnly: true type: string outcome: description: The outcome of the revoke. enum: - REVOKE_OUTCOME_UNSPECIFIED - REVOKE_OUTCOME_REVOKED - REVOKE_OUTCOME_DENIED - REVOKE_OUTCOME_ERROR - REVOKE_OUTCOME_CANCELLED - REVOKE_OUTCOME_WAIT_TIMED_OUT readOnly: true type: string x-speakeasy-unknown-values: allow outcomeTime: format: date-time readOnly: true type: string source: $ref: '#/components/schemas/c1.api.task.v1.TaskRevokeSource' title: Task Type Revoke type: object x-speakeasy-name-override: TaskTypeRevoke c1.api.form.v1.AtLeastOne: description: The AtLeastOne message. nullable: true title: At Least One type: object x-speakeasy-name-override: AtLeastOne c1.api.form.v1.DependentOn: description: |- DependentOn means the fields in field_names are only valid if all fields in dependency_field_names are also present nullable: true properties: dependencyFieldNames: description: >- The fields that must be present for the primary field_names to be valid items: type: string nullable: true readOnly: false type: array title: Dependent On type: object x-speakeasy-name-override: DependentOn c1.api.form.v1.MutuallyExclusive: description: The MutuallyExclusive message. nullable: true title: Mutually Exclusive type: object x-speakeasy-name-override: MutuallyExclusive c1.api.form.v1.RequiredTogether: description: The RequiredTogether message. nullable: true title: Required Together type: object x-speakeasy-name-override: RequiredTogether c1.api.form.v1.AdminProviderConfig: description: The AdminProviderConfig message. nullable: true properties: defaultValueCel: description: The defaultValueCel field. readOnly: false type: string showToUser: description: The showToUser field. readOnly: false type: boolean title: Admin Provider Config type: object x-speakeasy-name-override: AdminProviderConfig c1.api.form.v1.BoolField: description: > The BoolField message. This message contains a oneof named view. Only a single field of the following list may be set at a time: - checkboxField - toggleField nullable: true properties: checkboxField: $ref: '#/components/schemas/c1.api.form.v1.CheckboxField' defaultValue: description: The defaultValue field. readOnly: false type: boolean rules: $ref: '#/components/schemas/validate.BoolRules' toggleField: $ref: '#/components/schemas/c1.api.form.v1.ToggleField' title: Bool Field type: object x-speakeasy-name-override: BoolField c1.api.form.v1.FileField: description: > The FileField message. This message contains a oneof named view. Only a single field of the following list may be set at a time: - fileInputField nullable: true properties: acceptedFileTypes: description: The acceptedFileTypes field. items: type: string nullable: true readOnly: false type: array fileInputField: $ref: '#/components/schemas/c1.api.form.v1.FileInputField' maxFileSize: description: The maxFileSize field. format: int64 nullable: true readOnly: false type: string title: File Field type: object x-speakeasy-name-override: FileField c1.api.form.v1.Int64Field: description: > The Int64Field message. This message contains a oneof named view. Only a single field of the following list may be set at a time: - numberField nullable: true properties: defaultValue: description: The defaultValue field. format: int64 nullable: true readOnly: false type: string numberField: $ref: '#/components/schemas/c1.api.form.v1.NumberField' placeholder: description: The placeholder field. readOnly: false type: string rules: $ref: '#/components/schemas/validate.Int64Rules' title: Int 64 Field type: object x-speakeasy-name-override: Int64Field c1.api.form.v1.Oauth2Field: description: > The Oauth2Field message. This message contains a oneof named view. Only a single field of the following list may be set at a time: - oauth2FieldView nullable: true properties: oauth2FieldView: $ref: '#/components/schemas/c1.api.form.v1.Oauth2FieldView' title: Oauth 2 Field type: object x-speakeasy-name-override: Oauth2Field c1.api.form.v1.SharedProviderConfig: description: The SharedProviderConfig message. nullable: true properties: defaultValueCel: description: The defaultValueCel field. readOnly: false type: string inputTransformationCel: description: The inputTransformationCel field. readOnly: false type: string lockDefaultValues: description: The lockDefaultValues field. readOnly: false type: boolean title: Shared Provider Config type: object x-speakeasy-name-override: SharedProviderConfig c1.api.form.v1.StringField: description: > The StringField message. This message contains a oneof named view. Only a single field of the following list may be set at a time: - textField - passwordField - selectField - pickerField nullable: true properties: defaultValue: description: The defaultValue field. readOnly: false type: string passwordField: $ref: '#/components/schemas/c1.api.form.v1.PasswordField' pickerField: $ref: '#/components/schemas/c1.api.form.v1.PickerField' placeholder: description: The placeholder field. readOnly: false type: string rules: $ref: '#/components/schemas/validate.StringRules' selectField: $ref: '#/components/schemas/c1.api.form.v1.SelectField' textField: $ref: '#/components/schemas/c1.api.form.v1.TextField' title: String Field type: object x-speakeasy-name-override: FormStringField c1.api.form.v1.StringMapField: description: The StringMapField message. nullable: true properties: defaultValue: additionalProperties: type: string description: The defaultValue field. readOnly: false type: object rules: $ref: '#/components/schemas/c1.api.form.v1.StringMapRules' title: String Map Field type: object x-speakeasy-name-override: FormStringMapField c1.api.form.v1.StringSliceField: description: > The StringSliceField message. This message contains a oneof named view. Only a single field of the following list may be set at a time: - chipsField - pickerField nullable: true properties: chipsField: $ref: '#/components/schemas/c1.api.form.v1.ChipsField' defaultValues: description: The defaultValues field. items: type: string nullable: true readOnly: false type: array pickerField: $ref: '#/components/schemas/c1.api.form.v1.PickerField' placeholder: description: The placeholder field. readOnly: false type: string rules: $ref: '#/components/schemas/validate.RepeatedRules' title: String Slice Field type: object x-speakeasy-name-override: StringSliceField c1.api.form.v1.UserProviderConfig: description: The UserProviderConfig message. nullable: true properties: inputTransformationCel: description: The inputTransformationCel field. readOnly: false type: string title: User Provider Config type: object x-speakeasy-name-override: UserProviderConfig c1.api.policy.v1.AcceptInstance: description: >- This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps. The instance is just a marker for it being copied into an active policy. nullable: true properties: acceptMessage: description: >- An optional message to include in the comments when a task is automatically accepted. readOnly: false type: string title: Accept Instance type: object x-speakeasy-name-override: AcceptInstance c1.api.policy.v1.ActionInstance: description: > The ActionInstance message. This message contains a oneof named target_instance. Only a single field of the following list may be set at a time: - automation - batonResourceActionInstance - clientIdApprovalInstance This message contains a oneof named outcome. Only a single field of the following list may be set at a time: - success - denied - error - cancelled nullable: true properties: action: $ref: '#/components/schemas/c1.api.policy.v1.Action' automation: $ref: '#/components/schemas/c1.api.policy.v1.ActionTargetAutomationInstance' batonResourceActionInstance: $ref: >- #/components/schemas/c1.api.policy.v1.ActionTargetBatonResourceActionInstance cancelled: $ref: '#/components/schemas/c1.api.policy.v1.ActionOutcomeCancelled' clientIdApprovalInstance: $ref: >- #/components/schemas/c1.api.policy.v1.ActionTargetClientIdApprovalInstance denied: $ref: '#/components/schemas/c1.api.policy.v1.ActionOutcomeDenied' error: $ref: '#/components/schemas/c1.api.policy.v1.ActionOutcomeError' state: description: The current state of the action execution. enum: - ACTION_INSTANCE_STATE_UNSPECIFIED - ACTION_INSTANCE_STATE_INIT - ACTION_INSTANCE_STATE_RUNNING - ACTION_INSTANCE_STATE_DONE - ACTION_INSTANCE_STATE_ERROR readOnly: false type: string x-speakeasy-unknown-values: allow success: $ref: '#/components/schemas/c1.api.policy.v1.ActionOutcomeSuccess' title: Action Instance type: object x-speakeasy-name-override: ActionInstance c1.api.policy.v1.ApprovalInstance: description: > The approval instance object describes the way a policy step should be approved as well as its outcomes and state. This message contains a oneof named outcome. Only a single field of the following list may be set at a time: - approved - denied - reassigned - restarted - reassignedByError - skipped nullable: true properties: approval: $ref: '#/components/schemas/c1.api.policy.v1.Approval' approved: $ref: '#/components/schemas/c1.api.policy.v1.ApprovedAction' assignedAt: format: date-time readOnly: true type: string denied: $ref: '#/components/schemas/c1.api.policy.v1.DeniedAction' escalationInstance: $ref: '#/components/schemas/c1.api.policy.v1.EscalationInstance' reassigned: $ref: '#/components/schemas/c1.api.policy.v1.ReassignedAction' reassignedByError: $ref: '#/components/schemas/c1.api.policy.v1.ReassignedByErrorAction' restarted: $ref: '#/components/schemas/c1.api.policy.v1.RestartAction' skipped: $ref: '#/components/schemas/c1.api.policy.v1.SkippedAction' state: description: The state of the approval instance enum: - APPROVAL_INSTANCE_STATE_UNSPECIFIED - APPROVAL_INSTANCE_STATE_INIT - APPROVAL_INSTANCE_STATE_SENDING_NOTIFICATIONS - APPROVAL_INSTANCE_STATE_WAITING - APPROVAL_INSTANCE_STATE_DONE readOnly: true type: string x-speakeasy-unknown-values: allow title: Approval Instance type: object x-speakeasy-name-override: ApprovalInstance c1.api.policy.v1.FormInstance: description: > The FormInstance message. This message contains a oneof named outcome. Only a single field of the following list may be set at a time: - completed - restarted - reassigned - skipped nullable: true properties: completed: $ref: '#/components/schemas/c1.api.policy.v1.FormCompletedAction' data: additionalProperties: true readOnly: false type: object form: $ref: '#/components/schemas/c1.api.form.v1.Form' reassigned: $ref: '#/components/schemas/c1.api.policy.v1.ReassignedAction' restarted: $ref: '#/components/schemas/c1.api.policy.v1.RestartAction' skipped: $ref: '#/components/schemas/c1.api.policy.v1.SkippedAction' state: description: The state field. enum: - FORM_INSTANCE_STATE_UNSPECIFIED - FORM_INSTANCE_STATE_WAITING - FORM_INSTANCE_STATE_DONE readOnly: false type: string x-speakeasy-unknown-values: allow title: Form Instance type: object x-speakeasy-name-override: FormInstance c1.api.policy.v1.ProvisionInstance: description: > A provision instance describes the specific configuration of an executing provision policy step including actions taken and notification id. This message contains a oneof named outcome. Only a single field of the following list may be set at a time: - completed - cancelled - errored - reassignedByError - skipped nullable: true properties: batonActionInvocationId: description: This indicates the account lifecycle action id for this step. readOnly: false type: string cancelled: $ref: '#/components/schemas/c1.api.policy.v1.CancelledAction' completed: $ref: '#/components/schemas/c1.api.policy.v1.CompletedAction' errored: $ref: '#/components/schemas/c1.api.policy.v1.ErroredAction' externalTicketId: description: This indicates the external ticket id for this step. readOnly: false type: string externalTicketProvisionerConfigId: description: >- This indicates the external ticket provisioner config id for this step. readOnly: false type: string notificationId: description: This indicates the notification id for this step. readOnly: false type: string provision: $ref: '#/components/schemas/c1.api.policy.v1.Provision' reassignedByError: $ref: '#/components/schemas/c1.api.policy.v1.ReassignedByErrorAction' skipped: $ref: '#/components/schemas/c1.api.policy.v1.SkippedAction' state: description: This property indicates the current state of this step. enum: - PROVISION_INSTANCE_STATE_UNSPECIFIED - PROVISION_INSTANCE_STATE_INIT - PROVISION_INSTANCE_STATE_CREATE_CONNECTOR_ACTIONS_FOR_TARGET - PROVISION_INSTANCE_STATE_SENDING_NOTIFICATIONS - PROVISION_INSTANCE_STATE_WAITING - PROVISION_INSTANCE_STATE_WEBHOOK - PROVISION_INSTANCE_STATE_WEBHOOK_WAITING - PROVISION_INSTANCE_STATE_EXTERNAL_TICKET - PROVISION_INSTANCE_STATE_EXTERNAL_TICKET_WAITING - PROVISION_INSTANCE_STATE_ACCOUNT_LIFECYCLE_ACTIONS - PROVISION_INSTANCE_STATE_ACCOUNT_LIFECYCLE_ACTIONS_WAITING - PROVISION_INSTANCE_STATE_DONE readOnly: false type: string x-speakeasy-unknown-values: allow webhookId: description: This indicates the webhook id for this step. readOnly: false type: string webhookInstanceId: description: This indicates the webhook instance id for this step. readOnly: false type: string title: Provision Instance type: object x-speakeasy-name-override: ProvisionInstance c1.api.policy.v1.RejectInstance: description: >- This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps. The instance is just a marker for it being copied into an active policy. nullable: true properties: rejectMessage: description: >- An optional message to include in the comments when a task is automatically rejected. readOnly: false type: string title: Reject Instance type: object x-speakeasy-name-override: RejectInstance c1.api.policy.v1.WaitInstance: description: > Used by the policy engine to describe an instantiated wait step. This message contains a oneof named until. Only a single field of the following list may be set at a time: - condition - untilTime This message contains a oneof named outcome. Only a single field of the following list may be set at a time: - succeeded - timedOut - skipped nullable: true properties: commentOnFirstWait: description: The comment to post on first failed check. readOnly: false type: string commentOnTimeout: description: The comment to post if we timeout. readOnly: false type: string condition: $ref: '#/components/schemas/c1.api.policy.v1.WaitConditionInstance' name: description: The name field. readOnly: false type: string skipped: $ref: '#/components/schemas/c1.api.policy.v1.SkippedAction' startedWaitingAt: format: date-time readOnly: false type: string state: description: The state field. enum: - WAIT_INSTANCE_STATE_UNSPECIFIED - WAIT_INSTANCE_STATE_WAITING - WAIT_INSTANCE_STATE_COMPLETED - WAIT_INSTANCE_STATE_TIMED_OUT readOnly: false type: string x-speakeasy-unknown-values: allow succeeded: $ref: >- #/components/schemas/c1.api.policy.v1.WaitInstance.ConditionSucceeded timedOut: $ref: '#/components/schemas/c1.api.policy.v1.WaitInstance.ConditionTimedOut' timeout: format: date-time readOnly: false type: string timeoutDuration: format: duration readOnly: false type: string untilTime: $ref: '#/components/schemas/c1.api.policy.v1.WaitUntilTimeInstance' title: Wait Instance type: object x-speakeasy-name-override: WaitInstance c1.api.policy.v1.Accept: description: >- This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps. nullable: true properties: acceptMessage: description: >- An optional message to include in the comments when a task is automatically accepted. readOnly: false type: string title: Accept type: object x-speakeasy-name-override: Accept c1.api.policy.v1.Action: description: > The Action message. This message contains a oneof named target. Only a single field of the following list may be set at a time: - automation - batonResourceAction - clientIdApproval nullable: true properties: automation: $ref: '#/components/schemas/c1.api.policy.v1.ActionTargetAutomation' batonResourceAction: $ref: >- #/components/schemas/c1.api.policy.v1.ActionTargetBatonResourceAction clientIdApproval: $ref: '#/components/schemas/c1.api.policy.v1.ActionTargetClientIdApproval' title: Action type: object x-speakeasy-name-override: Action c1.api.policy.v1.Approval: description: > The Approval message. This message contains a oneof named typ. Only a single field of the following list may be set at a time: - users - manager - appOwners - group - self - entitlementOwners - expression - webhook - resourceOwners - agent nullable: true properties: agent: $ref: '#/components/schemas/c1.api.policy.v1.AgentApproval' allowDelegation: description: Whether ticket delegation is allowed for this step. readOnly: false type: boolean allowReassignment: description: Configuration to allow reassignment by reviewers during this step. readOnly: false type: boolean allowedReassignees: description: List of users for whom this step can be reassigned. items: type: string nullable: true readOnly: false type: array appOwners: $ref: '#/components/schemas/c1.api.policy.v1.AppOwnerApproval' assigned: description: A field indicating whether this step is assigned. readOnly: true type: boolean entitlementOwners: $ref: '#/components/schemas/c1.api.policy.v1.EntitlementOwnerApproval' escalation: $ref: '#/components/schemas/c1.api.policy.v1.Escalation' escalationEnabled: description: Whether escalation is enabled for this step. readOnly: false type: boolean expression: $ref: '#/components/schemas/c1.api.policy.v1.ExpressionApproval' group: $ref: '#/components/schemas/c1.api.policy.v1.AppGroupApproval' manager: $ref: '#/components/schemas/c1.api.policy.v1.ManagerApproval' requireApprovalReason: description: Configuration to require a reason when approving this step. readOnly: false type: boolean requireDenialReason: description: Configuration to require a reason when denying this step. readOnly: false type: boolean requireReassignmentReason: description: Configuration to require a reason when reassigning this step. readOnly: false type: boolean requiresStepUpProviderId: description: >- The ID of a step-up authentication provider that will be required for approvals on this step. If set, approvers must complete the step-up authentication flow before they can approve. readOnly: false type: string resourceOwners: $ref: '#/components/schemas/c1.api.policy.v1.ResourceOwnerApproval' self: $ref: '#/components/schemas/c1.api.policy.v1.SelfApproval' users: $ref: '#/components/schemas/c1.api.policy.v1.UserApproval' webhook: $ref: '#/components/schemas/c1.api.policy.v1.WebhookApproval' title: Approval type: object x-speakeasy-name-override: Approval c1.api.policy.v1.Form: description: The Form message. nullable: true properties: form: $ref: '#/components/schemas/c1.api.form.v1.Form' title: Form type: object x-speakeasy-name-override: Form c1.api.policy.v1.Provision: description: The provision step references a provision policy for this step. nullable: true properties: assigned: description: A field indicating whether this step is assigned. readOnly: false type: boolean provisionPolicy: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionPolicy' provisionTarget: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionTarget' title: Provision type: object x-speakeasy-name-override: Provision c1.api.policy.v1.Reject: description: >- This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps. nullable: true properties: rejectMessage: description: >- An optional message to include in the comments when a task is automatically rejected. readOnly: false type: string title: Reject type: object x-speakeasy-name-override: Reject c1.api.policy.v1.Wait: description: > Define a Wait step for a policy to wait on a condition to be met. This message contains a oneof named until. Only a single field of the following list may be set at a time: - condition - duration - untilTime nullable: true properties: commentOnFirstWait: description: The comment to post on first failed check. readOnly: false type: string commentOnTimeout: description: The comment to post if we timeout. readOnly: false type: string condition: $ref: '#/components/schemas/c1.api.policy.v1.WaitCondition' duration: $ref: '#/components/schemas/c1.api.policy.v1.WaitDuration' name: description: The name of our condition to show on the task details page readOnly: false type: string timeoutDuration: format: duration readOnly: false type: string untilTime: $ref: '#/components/schemas/c1.api.policy.v1.WaitUntilTime' title: Wait type: object x-speakeasy-name-override: Wait c1.api.policy.v1.PolicySteps: description: A named sequence of steps that execute in order within a policy. properties: steps: description: >- Ordered array of steps. Each step is a oneof -- exactly one step type is set per entry. Steps execute sequentially. items: $ref: '#/components/schemas/c1.api.policy.v1.PolicyStep' nullable: true readOnly: false type: array title: Policy Steps type: object x-speakeasy-name-override: PolicySteps c1.api.policy.v1.PolicyPostActions: description: > Actions to execute after a policy finishes processing. This message contains a oneof named action. Only a single field of the following list may be set at a time: - certifyRemediateImmediately properties: certifyRemediateImmediately: description: >- Only valid on certify policies. When true, any revocations resulting from the certification are applied immediately when the campaign task closes. This field is part of the `action` oneof. See the documentation for `c1.api.policy.v1.PolicyPostActions` for more details. nullable: true readOnly: false type: boolean title: Policy Post Actions type: object x-speakeasy-name-override: PolicyPostActions c1.api.policy.v1.Rule: description: >- A conditional routing rule that maps a CEL expression to a step sequence. Rules are evaluated top-to-bottom; the first matching rule's policy_key selects the step sequence from the policy's policy_steps map. If no rule matches, the baseline entry is used. properties: condition: description: >- A CEL expression that is evaluated against the request context. If it returns true, the step sequence identified by policy_key is used. readOnly: false type: string policyKey: description: >- A key into the policy's policy_steps map identifying which step sequence to execute when this rule's condition matches. readOnly: false type: string title: Rule type: object x-speakeasy-name-override: Rule c1.api.task.v1.ActionInstance: description: > ActionInstance is the API mirror of the internal immutable snapshot of an Action captured on a TaskTypeAction at ticket-creation time. This message contains a oneof named target_ref. Only a single field of the following list may be set at a time: - connectorActionRef properties: connectorActionRef: $ref: '#/components/schemas/c1.api.task.v1.ConnectorActionRef' displayName: description: |- Display label at ticket-creation time. Same value as TaskTypeAction.display_name; repeated here so clients that walk the instance see a self-contained view. readOnly: true type: string title: Action Instance type: object x-speakeasy-name-override: TaskActionInstance c1.api.task.v1.ScopeRole: description: |- Scope-role variant of TaskTypeAction.target_object. The UI uses the embedded identifiers to build links and title strings without a separate Action fetch. nullable: true properties: appId: description: The IaaS/sparse-ACL app the (scope, role) pair lives on. readOnly: true type: string grantDuration: format: duration readOnly: true type: string roleResourceId: description: The roleResourceId field. readOnly: true type: string roleResourceTypeId: description: The roleResourceTypeId field. readOnly: true type: string scopeResourceId: description: The scopeResourceId field. readOnly: true type: string scopeResourceTypeId: description: The scopeResourceTypeId field. readOnly: true type: string title: Scope Role type: object x-speakeasy-name-override: ScopeRole c1.api.task.v1.TaskGrantSource: description: >- The TaskGrantSource message tracks which external URL was the source of the specificed grant ticket. properties: conversationId: description: The ID of the conversation that created this ticket readOnly: false type: string externalUrl: description: The external url source of the grant ticket. readOnly: false type: string integrationId: description: The integration id for the source of tickets. readOnly: false type: string isExtension: description: Whether the grant task is an extension task. readOnly: false type: boolean requestId: description: the request id for the grant ticket if the source is external readOnly: false type: string title: Task Grant Source type: object x-speakeasy-name-override: TaskGrantSource c1.api.task.v1.TaskRevokeSource: description: > The TaskRevokeSource message indicates the source of the revoke task is one of expired, nonUsage, request, or review. This message contains a oneof named origin. Only a single field of the following list may be set at a time: - review - request - expired - nonUsage properties: expired: $ref: '#/components/schemas/c1.api.task.v1.TaskRevokeSourceExpired' nonUsage: $ref: '#/components/schemas/c1.api.task.v1.TaskRevokeSourceNonUsage' request: $ref: '#/components/schemas/c1.api.task.v1.TaskRevokeSourceRequest' review: $ref: '#/components/schemas/c1.api.task.v1.TaskRevokeSourceReview' title: Task Revoke Source type: object x-speakeasy-name-override: TaskRevokeSource c1.api.form.v1.CheckboxField: description: The CheckboxField message. nullable: true title: Checkbox Field type: object x-speakeasy-name-override: CheckboxField validate.BoolRules: description: BoolRules describes the constraints applied to `bool` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value readOnly: false type: boolean title: Bool Rules type: object x-speakeasy-name-override: BoolRules c1.api.form.v1.ToggleField: description: The ToggleField message. nullable: true title: Toggle Field type: object x-speakeasy-name-override: ToggleField c1.api.form.v1.FileInputField: description: The FileInputField message. nullable: true title: File Input Field type: object x-speakeasy-name-override: FileInputField c1.api.form.v1.NumberField: description: The NumberField message. nullable: true properties: maxValue: description: The maxValue field. format: int64 readOnly: false type: string minValue: description: The minValue field. format: int64 readOnly: false type: string step: description: The step field. format: int64 readOnly: false type: string title: Number Field type: object x-speakeasy-name-override: NumberField validate.Int64Rules: description: Int64Rules describes the constraints applied to `int64` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: int64 readOnly: false type: string gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: int64 readOnly: false type: string gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: int64 readOnly: false type: string ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: int64 type: string nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: int64 readOnly: false type: string lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: int64 readOnly: false type: string notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: int64 type: string nullable: true readOnly: false type: array title: Int 64 Rules type: object x-speakeasy-name-override: Int64Rules c1.api.form.v1.Oauth2FieldView: description: The Oauth2FieldView message. nullable: true title: Oauth 2 Field View type: object x-speakeasy-name-override: Oauth2FieldView c1.api.form.v1.PasswordField: description: The PasswordField message. nullable: true title: Password Field type: object x-speakeasy-name-override: PasswordField c1.api.form.v1.PickerField: description: > The PickerField message. This message contains a oneof named type. Only a single field of the following list may be set at a time: - appUserPicker - resourcePicker - c1UserPicker nullable: true properties: appUserPicker: $ref: '#/components/schemas/c1.api.form.v1.AppUserFilter' c1UserPicker: $ref: '#/components/schemas/c1.api.form.v1.C1UserFilter' resourcePicker: $ref: '#/components/schemas/c1.api.form.v1.AppResourceFilter' title: Picker Field type: object x-speakeasy-name-override: PickerField validate.StringRules: description: > StringRules describe the constraints applied to `string` values This message contains a oneof named well_known. Only a single field of the following list may be set at a time: - email - hostname - ip - ipv4 - ipv6 - uri - uriRef - address - uuid - wellKnownRegex nullable: true properties: address: description: |- Address specifies that the field must be either a valid hostname as defined by RFC 1034 (which does not support internationalized domain names or IDNs), or it can be a valid IP (v4 or v6). This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean const: description: Const specifies that this field must be exactly the specified value readOnly: false type: string contains: description: |- Contains specifies that this field must have the specified substring anywhere in the string. readOnly: false type: string email: description: |- Email specifies that the field must be a valid email address as defined by RFC 5322 This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean hostname: description: |- Hostname specifies that the field must be a valid hostname as defined by RFC 1034. This constraint does not support internationalized domain names (IDNs). This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: type: string nullable: true readOnly: false type: array ip: description: |- Ip specifies that the field must be a valid IP (v4 or v6) address. Valid IPv6 addresses should not include surrounding square brackets. This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean ipv4: description: |- Ipv4 specifies that the field must be a valid IPv4 address. This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean ipv6: description: |- Ipv6 specifies that the field must be a valid IPv6 address. Valid IPv6 addresses should not include surrounding square brackets. This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean len: description: |- Len specifies that this field must be the specified number of characters (Unicode code points). Note that the number of characters may differ from the number of bytes in the string. format: uint64 readOnly: false type: string lenBytes: description: >- LenBytes specifies that this field must be the specified number of bytes at a minimum format: uint64 readOnly: false type: string maxBytes: description: >- MaxBytes specifies that this field must be the specified number of bytes at a maximum format: uint64 readOnly: false type: string maxLen: description: |- MaxLen specifies that this field must be the specified number of characters (Unicode code points) at a maximum. Note that the number of characters may differ from the number of bytes in the string. format: uint64 readOnly: false type: string minBytes: description: >- MinBytes specifies that this field must be the specified number of bytes at a minimum format: uint64 readOnly: false type: string minLen: description: |- MinLen specifies that this field must be the specified number of characters (Unicode code points) at a minimum. Note that the number of characters may differ from the number of bytes in the string. format: uint64 readOnly: false type: string notContains: description: >- NotContains specifies that this field cannot have the specified substring anywhere in the string. readOnly: false type: string notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: type: string nullable: true readOnly: false type: array pattern: description: |- Pattern specifes that this field must match against the specified regular expression (RE2 syntax). The included expression should elide any delimiters. readOnly: false type: string prefix: description: >- Prefix specifies that this field must have the specified substring at the beginning of the string. readOnly: false type: string strict: description: >- This applies to regexes HTTP_HEADER_NAME and HTTP_HEADER_VALUE to enable strict header validation. By default, this is true, and HTTP header validations are RFC-compliant. Setting to false will enable a looser validations that only disallows \r\n\0 characters, which can be used to bypass header matching rules. readOnly: false type: boolean suffix: description: >- Suffix specifies that this field must have the specified substring at the end of the string. readOnly: false type: string uri: description: >- Uri specifies that the field must be a valid, absolute URI as defined by RFC 3986 This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean uriRef: description: >- UriRef specifies that the field must be a valid URI as defined by RFC 3986 and may be relative or absolute. This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean uuid: description: |- Uuid specifies that the field must be a valid UUID as defined by RFC 4122 This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. nullable: true readOnly: false type: boolean wellKnownRegex: description: >- WellKnownRegex specifies a common well known pattern defined as a regex. This field is part of the `well_known` oneof. See the documentation for `validate.StringRules` for more details. enum: - UNKNOWN - HTTP_HEADER_NAME - HTTP_HEADER_VALUE nullable: true readOnly: false type: string x-speakeasy-unknown-values: allow title: String Rules type: object x-speakeasy-name-override: StringRules c1.api.form.v1.SelectField: description: The SelectField message. nullable: true properties: options: description: The options field. items: $ref: '#/components/schemas/c1.api.form.v1.SelectOption' nullable: true readOnly: false type: array type: description: The type field. enum: - SELECT_TYPE_UNSPECIFIED - SELECT_TYPE_DROPDOWN - SELECT_TYPE_RADIO - SELECT_TYPE_BUTTONS readOnly: false type: string x-speakeasy-unknown-values: allow title: Select Field type: object x-speakeasy-name-override: SelectField c1.api.form.v1.TextField: description: The TextField message. nullable: true properties: multiline: description: The multiline field. readOnly: false type: boolean suffix: description: >- Static text displayed as an end adornment (e.g. ".example.com" for domain fields). nullable: true readOnly: false type: string title: Text Field type: object x-speakeasy-name-override: TextField c1.api.form.v1.StringMapRules: description: The StringMapRules message. nullable: true properties: isRequired: description: The isRequired field. readOnly: false type: boolean validateEmpty: description: The validateEmpty field. readOnly: false type: boolean title: String Map Rules type: object x-speakeasy-name-override: StringMapRules c1.api.form.v1.ChipsField: description: The ChipsField message. nullable: true title: Chips Field type: object x-speakeasy-name-override: ChipsField validate.RepeatedRules: description: RepeatedRules describe the constraints applied to `repeated` values nullable: true properties: ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean items: $ref: '#/components/schemas/validate.FieldRules' maxItems: description: |- MaxItems specifies that this field must have the specified number of items at a maximum format: uint64 readOnly: false type: string minItems: description: |- MinItems specifies that this field must have the specified number of items at a minimum format: uint64 readOnly: false type: string unique: description: >- Unique specifies that all elements in this field must be unique. This contraint is only applicable to scalar and enum types (messages are not supported). readOnly: false type: boolean title: Repeated Rules type: object x-speakeasy-name-override: RepeatedRules c1.api.policy.v1.ActionTargetAutomationInstance: description: The ActionTargetAutomationInstance message. nullable: true properties: automationExecutionId: description: The automationExecutionId field. readOnly: false type: string title: Action Target Automation Instance type: object x-speakeasy-name-override: ActionTargetAutomationInstance c1.api.policy.v1.ActionTargetBatonResourceActionInstance: description: The ActionTargetBatonResourceActionInstance message. nullable: true properties: batonActionInvocationId: description: The batonActionInvocationId field. readOnly: false type: string title: Action Target Baton Resource Action Instance type: object x-speakeasy-name-override: ActionTargetBatonResourceActionInstance c1.api.policy.v1.ActionOutcomeCancelled: description: The ActionOutcomeCancelled message. nullable: true properties: outcomeTime: format: date-time readOnly: false type: string title: Action Outcome Cancelled type: object x-speakeasy-name-override: ActionOutcomeCancelled c1.api.policy.v1.ActionTargetClientIdApprovalInstance: description: |- ActionTargetClientIdApprovalInstance carries the registration key of the external OAuth client that is being reviewed. nullable: true properties: clientIdUrl: description: The clientIdUrl field. readOnly: false type: string title: Action Target Client Id Approval Instance type: object x-speakeasy-name-override: ActionTargetClientIdApprovalInstance c1.api.policy.v1.ActionOutcomeDenied: description: The ActionOutcomeDenied message. nullable: true properties: outcomeTime: format: date-time readOnly: false type: string title: Action Outcome Denied type: object x-speakeasy-name-override: ActionOutcomeDenied c1.api.policy.v1.ActionOutcomeError: description: The ActionOutcomeError message. nullable: true properties: errorCode: description: The errorCode field. readOnly: false type: string errorMessage: description: The errorMessage field. readOnly: false type: string outcomeTime: format: date-time readOnly: false type: string title: Action Outcome Error type: object x-speakeasy-name-override: ActionOutcomeError c1.api.policy.v1.ActionOutcomeSuccess: description: The ActionOutcomeSuccess message. nullable: true properties: outcomeTime: format: date-time readOnly: false type: string title: Action Outcome Success type: object x-speakeasy-name-override: ActionOutcomeSuccess c1.api.policy.v1.ApprovedAction: description: >- The approved action indicates that the approvalinstance had an outcome of approved. nullable: true properties: approvedAt: format: date-time readOnly: true type: string entitlements: description: >- The entitlements that were approved. This will only ever be a list of one entitlement. items: $ref: '#/components/schemas/c1.api.policy.v1.AppEntitlementReference' nullable: true readOnly: true type: array stepUpTransactionId: description: >- The ID of the step-up transaction that was used for this approval, if step-up was required. readOnly: true type: string userId: description: The UserID that approved this step. readOnly: true type: string title: Approved Action type: object x-speakeasy-name-override: ApprovedAction c1.api.policy.v1.DeniedAction: description: >- The denied action indicates that the c1.api.policy.v1.ApprovalInstance had an outcome of denied. nullable: true properties: deniedAt: format: date-time readOnly: true type: string userId: description: The UserID that denied this step. readOnly: true type: string title: Denied Action type: object x-speakeasy-name-override: DeniedAction c1.api.policy.v1.EscalationInstance: description: > The EscalationInstance message. This message contains a oneof named escalation_policy. Only a single field of the following list may be set at a time: - replacePolicy - reassignToApprovers - cancelTicket - skipStep properties: alreadyEscalated: description: The alreadyEscalated field. readOnly: false type: boolean cancelTicket: $ref: >- #/components/schemas/c1.api.policy.v1.EscalationInstance.CancelTicket escalationComment: description: The escalationComment field. readOnly: false type: string expiresAt: format: date-time readOnly: false type: string reassignToApprovers: $ref: >- #/components/schemas/c1.api.policy.v1.EscalationInstance.ReassignToApprovers replacePolicy: $ref: >- #/components/schemas/c1.api.policy.v1.EscalationInstance.ReplacePolicy skipStep: $ref: '#/components/schemas/c1.api.policy.v1.EscalationInstance.SkipStep' title: Escalation Instance type: object x-speakeasy-name-override: EscalationInstance c1.api.policy.v1.ReassignedAction: description: >- The ReassignedAction object describes the outcome of a policy step that has been reassigned. nullable: true properties: newPolicyStepId: description: >- The ID of the policy step that was created as a result of this reassignment. readOnly: true type: string reassignedAt: format: date-time readOnly: true type: string userId: description: The UserID of the person who reassigned this step. readOnly: true type: string title: Reassigned Action type: object x-speakeasy-name-override: ReassignedAction c1.api.policy.v1.ReassignedByErrorAction: description: >- The ReassignedByErrorAction object describes the outcome of a policy step that has been reassigned because it had an error provisioning. nullable: true properties: description: description: >- The description of the error with more details on why this was reassigned. readOnly: true type: string errorCode: description: >- Additional information about the error, like http status codes or error messages from SDKs. readOnly: true type: string errorUserId: description: >- The UserID of the user who reassigned this due to an error. This will exclusively be the System's UserID. readOnly: true type: string erroredAt: format: date-time readOnly: true type: string newPolicyStepId: description: The ID of the policy step that was created by this reassignment. readOnly: true type: string reassignedAt: format: date-time readOnly: true type: string title: Reassigned By Error Action type: object x-speakeasy-name-override: ReassignedByErrorAction c1.api.policy.v1.RestartAction: description: >- The restart action describes the outcome of policy steps for when the task was restarted. This can be applied to multiple steps since restart skips all pending next steps. nullable: true properties: oldPolicyStepId: description: >- The step ID that was restarted. Potentially multiple "history" steps will reference this ID to indicate by what step they were restarted. readOnly: true type: string restartedAt: format: date-time readOnly: true type: string userId: description: The user that submitted the restart action. readOnly: true type: string title: Restart Action type: object x-speakeasy-name-override: RestartAction c1.api.policy.v1.SkippedAction: description: >- The SkippedAction object describes the outcome of a policy step that has been skipped. nullable: true properties: newPolicyStepId: description: >- The ID of the policy step that was created as a result of this skipping. readOnly: true type: string skippedAt: format: date-time readOnly: true type: string userId: description: The UserID of the user who skipped this step. readOnly: true type: string title: Skipped Action type: object x-speakeasy-name-override: SkippedAction c1.api.policy.v1.FormCompletedAction: description: The FormCompletedAction message. nullable: true properties: completedAt: format: date-time readOnly: false type: string userId: description: The userId field. readOnly: false type: string title: Form Completed Action type: object x-speakeasy-name-override: FormCompletedAction c1.api.policy.v1.CancelledAction: description: The outcome of a provision instance that is cancelled. nullable: true properties: cancelledAt: format: date-time readOnly: false type: string cancelledByUserId: description: The userID, usually the system, that cancells a provision instance. readOnly: false type: string title: Cancelled Action type: object x-speakeasy-name-override: CancelledAction c1.api.policy.v1.CompletedAction: description: The outcome of a provision instance that has been completed succesfully. nullable: true properties: completedAt: format: date-time readOnly: false type: string entitlements: description: >- The list of entitlements that were provisioned. This is leftover from an older design, and is only ever going to be a single entitlement. items: $ref: '#/components/schemas/c1.api.policy.v1.AppEntitlementReference' nullable: true readOnly: false type: array userId: description: >- The UserID of who completed provisioning. For connector provisioning this is the system user id, for manual provisioning this is who clicked "provision complete" readOnly: false type: string title: Completed Action type: object x-speakeasy-name-override: CompletedAction c1.api.policy.v1.ErroredAction: description: The outcome of a provision instance that has errored. nullable: true properties: description: description: The description of a provision instance that has errored. readOnly: false type: string errorCode: description: >- The error code of a provision instance that has errored. This is only PEC-1 for now, but more will be added in the future. readOnly: false type: string erroredAt: format: date-time readOnly: false type: string title: Errored Action type: object x-speakeasy-name-override: ErroredAction c1.api.policy.v1.WaitConditionInstance: description: >- Used by the policy engine to describe an instantiated condition to wait on. nullable: true properties: condition: description: >- The condition that has to be true for this wait condition instance to continue. readOnly: false type: string title: Wait Condition Instance type: object x-speakeasy-name-override: WaitConditionInstance c1.api.policy.v1.WaitInstance.ConditionSucceeded: description: The ConditionSucceeded message. nullable: true properties: succeededAt: format: date-time readOnly: false type: string title: Condition Succeeded type: object x-speakeasy-name-override: ConditionSucceeded c1.api.policy.v1.WaitInstance.ConditionTimedOut: description: The ConditionTimedOut message. nullable: true properties: timedOutAt: format: date-time readOnly: false type: string title: Condition Timed Out type: object x-speakeasy-name-override: ConditionTimedOut c1.api.policy.v1.WaitUntilTimeInstance: description: The WaitUntilTimeInstance message. nullable: true properties: durationIfExists: format: duration readOnly: false type: string untilTime: format: date-time readOnly: false type: string title: Wait Until Time Instance type: object x-speakeasy-name-override: WaitUntilTimeInstance c1.api.policy.v1.ActionTargetAutomation: description: ActionTargetAutomation targets automation templates for policy actions. nullable: true properties: automationTemplateId: description: The automationTemplateId field. readOnly: false type: string title: Action Target Automation type: object x-speakeasy-name-override: ActionTargetAutomation c1.api.policy.v1.ActionTargetBatonResourceAction: description: ActionTargetResource targets resource actions for policy actions. nullable: true properties: batonResourceActionId: description: The batonResourceActionId field. readOnly: false type: string title: Action Target Baton Resource Action type: object x-speakeasy-name-override: ActionTargetBatonResourceAction c1.api.policy.v1.ActionTargetClientIdApproval: description: |- ActionTargetClientIdApproval targets administrator review of an external OAuth client registration (CIMD or DCR) for policy actions. nullable: true title: Action Target Client Id Approval type: object x-speakeasy-name-override: ActionTargetClientIdApproval c1.api.policy.v1.AgentApproval: description: The agent to assign the task to. nullable: true properties: agentFailureAction: description: >- The action to take if the agent fails to approve, deny, or reassign the task. enum: - APPROVAL_AGENT_FAILURE_ACTION_UNSPECIFIED - APPROVAL_AGENT_FAILURE_ACTION_REASSIGN_TO_USERS - APPROVAL_AGENT_FAILURE_ACTION_REASSIGN_TO_SUPER_ADMINS - APPROVAL_AGENT_FAILURE_ACTION_SKIP_POLICY_STEP readOnly: false type: string x-speakeasy-unknown-values: allow agentMode: description: >- The mode of the agent, full control, change policy only, or comment only. enum: - APPROVAL_AGENT_MODE_UNSPECIFIED - APPROVAL_AGENT_MODE_FULL_CONTROL - APPROVAL_AGENT_MODE_CHANGE_POLICY_ONLY - APPROVAL_AGENT_MODE_COMMENT_ONLY readOnly: false type: string x-speakeasy-unknown-values: allow agentUserId: description: The agent user ID to assign the task to. readOnly: false type: string instructions: description: Instructions for the agent. readOnly: false type: string policyIds: description: The allow list of policy IDs to re-route the task to. items: type: string nullable: true readOnly: false type: array reassignToUserIds: description: >- The users to reassign the task to if the agent failure action is reassign to users. items: type: string nullable: true readOnly: false type: array title: Agent Approval type: object x-speakeasy-name-override: AgentApproval c1.api.policy.v1.AppOwnerApproval: description: >- App owner approval provides the configuration for an approval step when the app owner is the target. nullable: true properties: allowSelfApproval: description: >- Configuration that allows a user to self approve if they are an app owner during this approval step. readOnly: false type: boolean requireDistinctApprovers: description: >- Configuration to require distinct approvers across approval steps of a rule. readOnly: false type: boolean title: App Owner Approval type: object x-speakeasy-name-override: AppOwnerApproval c1.api.policy.v1.EntitlementOwnerApproval: description: >- The entitlement owner approval allows configuration of the approval step when the target approvers are the entitlement owners. nullable: true properties: allowSelfApproval: description: >- Configuration to allow self approval if the target user is an entitlement owner during this step. readOnly: false type: boolean fallback: description: >- Configuration to allow a fallback if the entitlement owner cannot be identified. readOnly: false type: boolean fallbackGroupIds: description: >- Configuration to specify which groups to fallback to if fallback is enabled and the entitlement owner cannot be identified. items: $ref: '#/components/schemas/c1.api.policy.v1.AppEntitlementReference' nullable: true readOnly: false type: array fallbackUserIds: description: >- Configuration to specific which users to fallback to if fallback is enabled and the entitlement owner cannot be identified. items: type: string nullable: true readOnly: false type: array isGroupFallbackEnabled: description: Configuration to enable fallback for group fallback. readOnly: false type: boolean requireDistinctApprovers: description: >- Configuration to require distinct approvers across approval steps of a rule. readOnly: false type: boolean title: Entitlement Owner Approval type: object x-speakeasy-name-override: EntitlementOwnerApproval c1.api.policy.v1.Escalation: description: > The Escalation message. This message contains a oneof named escalation_policy. Only a single field of the following list may be set at a time: - replacePolicy - reassignToApprovers - cancelTicket - skipStep properties: cancelTicket: $ref: '#/components/schemas/c1.api.policy.v1.Escalation.CancelTicket' escalationComment: description: The escalationComment field. readOnly: false type: string expiration: description: The expiration field. format: int64 readOnly: false type: string reassignToApprovers: $ref: '#/components/schemas/c1.api.policy.v1.Escalation.ReassignToApprovers' replacePolicy: $ref: '#/components/schemas/c1.api.policy.v1.Escalation.ReplacePolicy' skipStep: $ref: '#/components/schemas/c1.api.policy.v1.Escalation.SkipStep' title: Escalation type: object x-speakeasy-name-override: Escalation c1.api.policy.v1.ExpressionApproval: description: The ExpressionApproval message. nullable: true properties: allowSelfApproval: description: >- Configuration to allow self approval of if the user is specified and also the target of the ticket. readOnly: false type: boolean assignedUserIds: description: The assignedUserIds field. items: type: string nullable: true readOnly: true type: array expressions: description: >- Array of dynamic expressions to determine the approvers. The first expression to return a non-empty list of users will be used. items: type: string nullable: true readOnly: false type: array fallback: description: >- Configuration to allow a fallback if the expression does not return a valid list of users. readOnly: false type: boolean fallbackGroupIds: description: >- Configuration to specify which groups to fallback to if fallback is enabled and the expression does not return a valid list of users. items: $ref: '#/components/schemas/c1.api.policy.v1.AppEntitlementReference' nullable: true readOnly: false type: array fallbackUserIds: description: >- Configuration to specific which users to fallback to if and the expression does not return a valid list of users. items: type: string nullable: true readOnly: false type: array isGroupFallbackEnabled: description: Configuration to enable fallback for group fallback. readOnly: false type: boolean requireDistinctApprovers: description: >- Configuration to require distinct approvers across approval steps of a rule. readOnly: false type: boolean title: Expression Approval type: object x-speakeasy-name-override: ExpressionApproval c1.api.policy.v1.AppGroupApproval: description: >- The AppGroupApproval object provides the configuration for setting a group as the approvers of an approval policy step. nullable: true properties: allowSelfApproval: description: >- Configuration to allow self approval if the target user is a member of the group during this step. readOnly: false type: boolean appGroupId: description: The ID of the group specified for approval. readOnly: false type: string appId: description: The ID of the app that contains the group specified for approval. readOnly: false type: string fallback: description: Configuration to allow a fallback if the group is empty. readOnly: false type: boolean fallbackGroupIds: description: >- Configuration to specify which groups to fallback to if fallback is enabled and the group is empty. items: $ref: '#/components/schemas/c1.api.policy.v1.AppEntitlementReference' nullable: true readOnly: false type: array fallbackUserIds: description: >- Configuration to specific which users to fallback to if fallback is enabled and the group is empty. items: type: string nullable: true readOnly: false type: array isGroupFallbackEnabled: description: Configuration to enable fallback for group fallback. readOnly: false type: boolean requireDistinctApprovers: description: >- Configuration to require distinct approvers across approval steps of a rule. readOnly: false type: boolean title: App Group Approval type: object x-speakeasy-name-override: AppGroupApproval c1.api.policy.v1.ManagerApproval: description: >- The manager approval object provides configuration options for approval when the target of the approval is the manager of the user in the task. nullable: true properties: allowSelfApproval: description: >- Configuration to allow self approval if the target user is their own manager. This may occur if a service account has an identity user and manager specified as the same person. readOnly: false type: boolean assignedUserIds: description: >- The array of users determined to be the manager during processing time. items: type: string nullable: true readOnly: true type: array fallback: description: Configuration to allow a fallback if no manager is found. readOnly: false type: boolean fallbackGroupIds: description: >- Configuration to specify which groups to fallback to if fallback is enabled and no manager is found. items: $ref: '#/components/schemas/c1.api.policy.v1.AppEntitlementReference' nullable: true readOnly: false type: array fallbackUserIds: description: >- Configuration to specific which users to fallback to if fallback is enabled and no manager is found. items: type: string nullable: true readOnly: false type: array isGroupFallbackEnabled: description: Configuration to enable fallback for group fallback. readOnly: false type: boolean requireDistinctApprovers: description: >- Configuration to require distinct approvers across approval steps of a rule. readOnly: false type: boolean title: Manager Approval type: object x-speakeasy-name-override: ManagerApproval c1.api.policy.v1.ResourceOwnerApproval: description: >- The resource owner approval allows configuration of the approval step when the target approvers are the resource owners. nullable: true properties: allowSelfApproval: description: >- Configuration to allow self approval if the target user is an resource owner during this step. readOnly: false type: boolean fallback: description: >- Configuration to allow a fallback if the resource owner cannot be identified. readOnly: false type: boolean fallbackGroupIds: description: >- Configuration to specify which groups to fallback to if fallback is enabled and the resource owner cannot be identified. items: $ref: '#/components/schemas/c1.api.policy.v1.AppEntitlementReference' nullable: true readOnly: false type: array fallbackUserIds: description: >- Configuration to specific which users to fallback to if fallback is enabled and the resource owner cannot be identified. items: type: string nullable: true readOnly: false type: array isGroupFallbackEnabled: description: Configuration to enable fallback for group fallback. readOnly: false type: boolean requireDistinctApprovers: description: >- Configuration to require distinct approvers across approval steps of a rule. readOnly: false type: boolean title: Resource Owner Approval type: object x-speakeasy-name-override: ResourceOwnerApproval c1.api.policy.v1.SelfApproval: description: >- The self approval object describes the configuration of a policy step that needs to be approved by the target of the request. nullable: true properties: assignedUserIds: description: >- The array of users determined to be themselves during approval. This should only ever be one person, but is saved because it may change if the owner of an app user changes while the ticket is open. items: type: string nullable: true readOnly: true type: array fallback: description: >- Configuration to allow a fallback if the identity user of the target app user cannot be determined. readOnly: false type: boolean fallbackGroupIds: description: >- Configuration to specify which groups to fallback to if fallback is enabled and the identity user of the target app user cannot be determined. items: $ref: '#/components/schemas/c1.api.policy.v1.AppEntitlementReference' nullable: true readOnly: false type: array fallbackUserIds: description: >- Configuration to specific which users to fallback to if fallback is enabled and the identity user of the target app user cannot be determined. items: type: string nullable: true readOnly: false type: array isGroupFallbackEnabled: description: Configuration to enable fallback for group fallback. readOnly: false type: boolean title: Self Approval type: object x-speakeasy-name-override: SelfApproval c1.api.policy.v1.UserApproval: description: >- The user approval object describes the approval configuration of a policy step that needs to be approved by a specific list of users. nullable: true properties: allowSelfApproval: description: >- Configuration to allow self approval of if the user is specified and also the target of the ticket. readOnly: false type: boolean requireDistinctApprovers: description: >- Configuration to require distinct approvers across approval steps of a rule. readOnly: false type: boolean userIds: description: Array of users configured for approval. items: type: string nullable: true readOnly: false type: array title: User Approval type: object x-speakeasy-name-override: UserApproval c1.api.policy.v1.WebhookApproval: description: The WebhookApproval message. nullable: true properties: webhookId: description: The ID of the webhook to call for approval. readOnly: false type: string title: Webhook Approval type: object x-speakeasy-name-override: WebhookApproval c1.api.policy.v1.ProvisionPolicy: description: > ProvisionPolicy is a oneOf that indicates how a provision step should be processed. This message contains a oneof named typ. Only a single field of the following list may be set at a time: - connector - manual - delegated - webhook - multiStep - externalTicket - unconfigured - action properties: action: $ref: '#/components/schemas/c1.api.policy.v1.ActionProvision' connector: $ref: '#/components/schemas/c1.api.policy.v1.ConnectorProvision' delegated: $ref: '#/components/schemas/c1.api.policy.v1.DelegatedProvision' externalTicket: $ref: '#/components/schemas/c1.api.policy.v1.ExternalTicketProvision' manual: $ref: '#/components/schemas/c1.api.policy.v1.ManualProvision' multiStep: $ref: '#/components/schemas/c1.api.policy.v1.MultiStep' unconfigured: $ref: '#/components/schemas/c1.api.policy.v1.UnconfiguredProvision' webhook: $ref: '#/components/schemas/c1.api.policy.v1.WebhookProvision' title: Provision Policy type: object x-speakeasy-name-override: ProvisionPolicy c1.api.policy.v1.ProvisionTarget: description: >- ProvisionTarget indicates the specific app, app entitlement, and if known, the app user and grant duration of this provision step properties: appEntitlementId: description: The app entitlement that should be provisioned. readOnly: false type: string appId: description: The app in which the entitlement should be provisioned readOnly: false type: string appUserId: description: >- The app user that should be provisioned. May be unset if the app user is unknown readOnly: false type: string grantDuration: format: duration readOnly: false type: string title: Provision Target type: object x-speakeasy-name-override: ProvisionTarget c1.api.policy.v1.WaitCondition: description: The WaitCondition message. nullable: true properties: condition: description: >- The condition that has to be true for this wait condition to continue. readOnly: false type: string title: Wait Condition type: object x-speakeasy-name-override: WaitCondition c1.api.policy.v1.WaitDuration: description: The WaitDuration message. nullable: true properties: duration: format: duration readOnly: false type: string title: Wait Duration type: object x-speakeasy-name-override: WaitDuration c1.api.policy.v1.WaitUntilTime: description: Waits until a specific time of the day (UTC) nullable: true properties: hours: description: The hours field. format: uint32 readOnly: false type: integer minutes: description: The minutes field. format: uint32 readOnly: false type: integer timezone: description: The timezone field. readOnly: false type: string title: Wait Until Time type: object x-speakeasy-name-override: WaitUntilTime c1.api.task.v1.ConnectorActionRef: description: |- ConnectorActionRef describes dispatch through a connector's built-in GrantManagerService Grant / Revoke RPC — i.e. the default connector operation, used for synthesized tickets like scope-role requests. nullable: true properties: appId: description: The app whose connector handles the operation. readOnly: true type: string connectorId: description: The connector that will execute the Grant / Revoke. readOnly: true type: string operation: description: Which connector RPC this dispatches to. enum: - OPERATION_UNSPECIFIED - OPERATION_GRANT readOnly: true type: string x-speakeasy-unknown-values: allow title: Connector Action Ref type: object x-speakeasy-name-override: ConnectorActionRef c1.api.task.v1.TaskRevokeSourceExpired: description: >- The TaskRevokeSourceExpired message indicates that the source of the revoke task is due to a grant expiring. nullable: true properties: expiredAt: format: date-time readOnly: false type: string title: Task Revoke Source Expired type: object x-speakeasy-name-override: TaskRevokeSourceExpired c1.api.task.v1.TaskRevokeSourceNonUsage: description: >- The TaskRevokeSourceNonUsage message indicates that the source of the revoke task is due to the grant not being used. nullable: true properties: expiresAt: format: date-time readOnly: false type: string lastLogin: format: date-time readOnly: false type: string title: Task Revoke Source Non Usage type: object x-speakeasy-name-override: TaskRevokeSourceNonUsage c1.api.task.v1.TaskRevokeSourceRequest: description: >- The TaskRevokeSourceRequest message indicates that the source of the revoke task was a request. nullable: true properties: requestUserId: description: The ID of the user who initiated the revoke request. readOnly: false type: string title: Task Revoke Source Request type: object x-speakeasy-name-override: TaskRevokeSourceRequest c1.api.task.v1.TaskRevokeSourceReview: description: >- The TaskRevokeSourceReview message tracks which access review was the source of the specificed revoke ticket. nullable: true properties: accessReviewId: description: The ID of the access review associated with the revoke task. readOnly: false type: string certTicketId: description: >- The ID of the certify ticket that was denied and created this revoke task. readOnly: false type: string title: Task Revoke Source Review type: object x-speakeasy-name-override: TaskRevokeSourceReview c1.api.form.v1.AppUserFilter: description: The AppUserFilter message. nullable: true properties: appId: description: The appId field. readOnly: false type: string title: App User Filter type: object x-speakeasy-name-override: AppUserFilter c1.api.form.v1.C1UserFilter: description: >- C1UserFilter is used to configure a picker for selecting ConductorOne users. This is distinct from AppUserFilter which selects accounts within a connected app. nullable: true title: C 1 User Filter type: object x-speakeasy-name-override: C1UserFilter c1.api.form.v1.AppResourceFilter: description: The AppResourceFilter message. nullable: true properties: appId: description: The appId field. readOnly: false type: string resourceTypeId: description: The resourceTypeId field. readOnly: false type: string title: App Resource Filter type: object x-speakeasy-name-override: AppResourceFilter c1.api.form.v1.SelectOption: description: The SelectOption message. properties: description: description: Used for type BUTTONS readOnly: false type: string displayName: description: The displayName field. readOnly: false type: string value: description: The value field. readOnly: false type: string title: Select Option type: object x-speakeasy-name-override: SelectOption validate.FieldRules: description: > FieldRules encapsulates the rules for each type of field. Depending on the field, the correct set should be used to ensure proper validations. This message contains a oneof named type. Only a single field of the following list may be set at a time: - float - double - int32 - int64 - uint32 - uint64 - sint32 - sint64 - fixed32 - fixed64 - sfixed32 - sfixed64 - bool - string - bytes - enum - repeated - map - any - duration - timestamp properties: any: $ref: '#/components/schemas/validate.AnyRules' bool: $ref: '#/components/schemas/validate.BoolRules' bytes: $ref: '#/components/schemas/validate.BytesRules' double: $ref: '#/components/schemas/validate.DoubleRules' duration: $ref: '#/components/schemas/validate.DurationRules' enum: $ref: '#/components/schemas/validate.EnumRules' fixed32: $ref: '#/components/schemas/validate.Fixed32Rules' fixed64: $ref: '#/components/schemas/validate.Fixed64Rules' float: $ref: '#/components/schemas/validate.FloatRules' int32: $ref: '#/components/schemas/validate.Int32Rules' int64: $ref: '#/components/schemas/validate.Int64Rules' map: $ref: '#/components/schemas/validate.MapRules' message: $ref: '#/components/schemas/validate.MessageRules' repeated: $ref: '#/components/schemas/validate.RepeatedRules' sfixed32: $ref: '#/components/schemas/validate.SFixed32Rules' sfixed64: $ref: '#/components/schemas/validate.SFixed64Rules' sint32: $ref: '#/components/schemas/validate.SInt32Rules' sint64: $ref: '#/components/schemas/validate.SInt64Rules' string: $ref: '#/components/schemas/validate.StringRules' timestamp: $ref: '#/components/schemas/validate.TimestampRules' uint32: $ref: '#/components/schemas/validate.UInt32Rules' uint64: $ref: '#/components/schemas/validate.UInt64Rules' title: Field Rules type: object x-speakeasy-name-override: FieldRules c1.api.policy.v1.AppEntitlementReference: description: This object references an app entitlement's ID and AppID. properties: appEntitlementId: description: The ID of the Entitlement. readOnly: false type: string appId: description: The ID of the App this entitlement belongs to. readOnly: false type: string title: App Entitlement Reference type: object x-speakeasy-name-override: AppEntitlementReference c1.api.policy.v1.EscalationInstance.CancelTicket: description: The CancelTicket message. nullable: true title: Cancel Ticket type: object x-speakeasy-name-override: EscalationInstanceCancelTicket c1.api.policy.v1.EscalationInstance.ReassignToApprovers: description: The ReassignToApprovers message. nullable: true properties: approverIds: description: The approverIds field. items: type: string nullable: true readOnly: false type: array title: Reassign To Approvers type: object x-speakeasy-name-override: EscalationInstanceReassignToApprovers c1.api.policy.v1.EscalationInstance.ReplacePolicy: description: The ReplacePolicy message. nullable: true properties: policyId: description: The policyId field. readOnly: false type: string title: Replace Policy type: object x-speakeasy-name-override: EscalationInstanceReplacePolicy c1.api.policy.v1.EscalationInstance.SkipStep: description: The SkipStep message. nullable: true title: Skip Step type: object x-speakeasy-name-override: EscalationInstanceSkipStep c1.api.policy.v1.Escalation.CancelTicket: description: The CancelTicket message. nullable: true title: Cancel Ticket type: object x-speakeasy-name-override: CancelTicket c1.api.policy.v1.Escalation.ReassignToApprovers: description: The ReassignToApprovers message. nullable: true properties: approverIds: description: The approverIds field. items: type: string nullable: true readOnly: false type: array title: Reassign To Approvers type: object x-speakeasy-name-override: ReassignToApprovers c1.api.policy.v1.Escalation.ReplacePolicy: description: The ReplacePolicy message. nullable: true properties: policyId: description: The policyId field. readOnly: false type: string title: Replace Policy type: object x-speakeasy-name-override: ReplacePolicy c1.api.policy.v1.Escalation.SkipStep: description: The SkipStep message. nullable: true title: Skip Step type: object x-speakeasy-name-override: SkipStep c1.api.policy.v1.ActionProvision: description: >- This provision step indicates that account lifecycle action should be called to provision this entitlement. nullable: true properties: actionName: description: The actionName field. readOnly: false type: string appId: description: The appId field. readOnly: false type: string connectorId: description: The connectorId field. readOnly: false type: string displayName: description: The displayName field. readOnly: false type: string title: Action Provision type: object x-speakeasy-name-override: ActionProvision c1.api.policy.v1.ConnectorProvision: description: > Indicates that a connector should perform the provisioning. This object has no fields. This message contains a oneof named provision_type. Only a single field of the following list may be set at a time: - defaultBehavior - account - deleteAccount nullable: true properties: account: $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.AccountProvision defaultBehavior: $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.DefaultBehavior deleteAccount: $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.DeleteAccount title: Connector Provision type: object x-speakeasy-name-override: ConnectorProvision c1.api.policy.v1.DelegatedProvision: description: >- This provision step indicates that we should delegate provisioning to the configuration of another app entitlement. This app entitlement does not have to be one from the same app, but MUST be configured as a proxy binding leading into this entitlement. nullable: true properties: appId: description: The AppID of the entitlement to delegate provisioning to. readOnly: false type: string entitlementId: description: The ID of the entitlement we are delegating provisioning to. readOnly: false type: string implicit: description: >- If true, a binding will be automatically created from the entitlement of the parent app. readOnly: false type: boolean title: Delegated Provision type: object x-speakeasy-name-override: DelegatedProvision c1.api.policy.v1.ExternalTicketProvision: description: >- This provision step indicates that we should check an external ticket to provision this entitlement nullable: true properties: appId: description: The appId field. readOnly: false type: string connectorId: description: The connectorId field. readOnly: false type: string externalTicketProvisionerConfigId: description: The externalTicketProvisionerConfigId field. readOnly: false type: string instructions: description: >- This field indicates a text body of instructions for the provisioner to indicate. readOnly: false type: string title: External Ticket Provision type: object x-speakeasy-name-override: ExternalTicketProvision c1.api.policy.v1.ManualProvision: description: >- Manual provisioning indicates that a human must intervene for the provisioning of this step. nullable: true properties: assignee: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionerAssignment' instructions: description: >- This field indicates a text body of instructions for the provisioner to indicate. readOnly: false type: string userIds: description: |- An array of users that are required to provision during this step. Deprecated: Use assignee field instead for dynamic provisioner assignment. items: type: string nullable: true readOnly: false type: array title: Manual Provision type: object x-speakeasy-name-override: ManualProvision c1.api.policy.v1.MultiStep: description: >- MultiStep indicates that this provision step has multiple steps to process. nullable: true properties: provisionSteps: description: The array of provision steps to process. items: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionPolicy' nullable: true readOnly: false type: array title: Multi Step type: object x-speakeasy-name-override: MultiStep c1.api.policy.v1.UnconfiguredProvision: description: The UnconfiguredProvision message. nullable: true title: Unconfigured Provision type: object x-speakeasy-name-override: UnconfiguredProvision c1.api.policy.v1.WebhookProvision: description: >- This provision step indicates that a webhook should be called to provision this entitlement. nullable: true properties: webhookId: description: The ID of the webhook to call for provisioning. readOnly: false type: string title: Webhook Provision type: object x-speakeasy-name-override: WebhookProvision validate.AnyRules: description: |- AnyRules describe constraints applied exclusively to the `google.protobuf.Any` well-known type nullable: true properties: in: description: >- In specifies that this field's `type_url` must be equal to one of the specified values. items: type: string nullable: true readOnly: false type: array notIn: description: >- NotIn specifies that this field's `type_url` must not be equal to any of the specified values. items: type: string nullable: true readOnly: false type: array required: description: Required specifies that this field must be set readOnly: false type: boolean title: Any Rules type: object x-speakeasy-name-override: AnyRules validate.BytesRules: description: > BytesRules describe the constraints applied to `bytes` values This message contains a oneof named well_known. Only a single field of the following list may be set at a time: - ip - ipv4 - ipv6 nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: base64 readOnly: false type: string contains: description: |- Contains specifies that this field must have the specified bytes anywhere in the string. format: base64 readOnly: false type: string ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: base64 type: string nullable: true readOnly: false type: array ip: description: |- Ip specifies that the field must be a valid IP (v4 or v6) address in byte format This field is part of the `well_known` oneof. See the documentation for `validate.BytesRules` for more details. nullable: true readOnly: false type: boolean ipv4: description: |- Ipv4 specifies that the field must be a valid IPv4 address in byte format This field is part of the `well_known` oneof. See the documentation for `validate.BytesRules` for more details. nullable: true readOnly: false type: boolean ipv6: description: |- Ipv6 specifies that the field must be a valid IPv6 address in byte format This field is part of the `well_known` oneof. See the documentation for `validate.BytesRules` for more details. nullable: true readOnly: false type: boolean len: description: Len specifies that this field must be the specified number of bytes format: uint64 readOnly: false type: string maxLen: description: >- MaxLen specifies that this field must be the specified number of bytes at a maximum format: uint64 readOnly: false type: string minLen: description: >- MinLen specifies that this field must be the specified number of bytes at a minimum format: uint64 readOnly: false type: string notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: base64 type: string nullable: true readOnly: false type: array pattern: description: |- Pattern specifes that this field must match against the specified regular expression (RE2 syntax). The included expression should elide any delimiters. readOnly: false type: string prefix: description: >- Prefix specifies that this field must have the specified bytes at the beginning of the string. format: base64 readOnly: false type: string suffix: description: >- Suffix specifies that this field must have the specified bytes at the end of the string. format: base64 readOnly: false type: string title: Bytes Rules type: object x-speakeasy-name-override: BytesRules validate.DoubleRules: description: DoubleRules describes the constraints applied to `double` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value readOnly: false type: number gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. readOnly: false type: number gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. readOnly: false type: number ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: type: number nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive readOnly: false type: number lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive readOnly: false type: number notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: type: number nullable: true readOnly: false type: array title: Double Rules type: object x-speakeasy-name-override: DoubleRules validate.DurationRules: description: |- DurationRules describe the constraints applied exclusively to the `google.protobuf.Duration` well-known type nullable: true properties: const: format: duration readOnly: false type: string gt: format: duration readOnly: false type: string gte: format: duration readOnly: false type: string in: description: |- In specifies that this field must be equal to one of the specified values items: format: duration readOnly: false type: string nullable: true readOnly: false type: array lt: format: duration readOnly: false type: string lte: format: duration readOnly: false type: string notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: duration readOnly: false type: string nullable: true readOnly: false type: array required: description: Required specifies that this field must be set readOnly: false type: boolean title: Duration Rules type: object x-speakeasy-name-override: DurationRules validate.EnumRules: description: EnumRules describe the constraints applied to enum values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: int32 readOnly: false type: integer definedOnly: description: >- DefinedOnly specifies that this field must be only one of the defined values for this enum, failing on any undefined value. readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: int32 type: integer nullable: true readOnly: false type: array notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: int32 type: integer nullable: true readOnly: false type: array title: Enum Rules type: object x-speakeasy-name-override: EnumRules validate.Fixed32Rules: description: Fixed32Rules describes the constraints applied to `fixed32` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: uint32 readOnly: false type: integer gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: uint32 readOnly: false type: integer gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: uint32 readOnly: false type: integer ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: uint32 type: integer nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: uint32 readOnly: false type: integer lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: uint32 readOnly: false type: integer notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: uint32 type: integer nullable: true readOnly: false type: array title: Fixed 32 Rules type: object x-speakeasy-name-override: Fixed32Rules validate.Fixed64Rules: description: Fixed64Rules describes the constraints applied to `fixed64` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: uint64 readOnly: false type: string gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: uint64 readOnly: false type: string gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: uint64 readOnly: false type: string ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: uint64 type: string nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: uint64 readOnly: false type: string lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: uint64 readOnly: false type: string notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: uint64 type: string nullable: true readOnly: false type: array title: Fixed 64 Rules type: object x-speakeasy-name-override: Fixed64Rules validate.FloatRules: description: FloatRules describes the constraints applied to `float` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value readOnly: false type: number gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. readOnly: false type: number gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. readOnly: false type: number ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: type: number nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive readOnly: false type: number lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive readOnly: false type: number notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: type: number nullable: true readOnly: false type: array title: Float Rules type: object x-speakeasy-name-override: FloatRules validate.Int32Rules: description: Int32Rules describes the constraints applied to `int32` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: int32 readOnly: false type: integer gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: int32 readOnly: false type: integer gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: int32 readOnly: false type: integer ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: int32 type: integer nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: int32 readOnly: false type: integer lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: int32 readOnly: false type: integer notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: int32 type: integer nullable: true readOnly: false type: array title: Int 32 Rules type: object x-speakeasy-name-override: Int32Rules validate.MapRules: description: MapRules describe the constraints applied to `map` values nullable: true properties: ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean keys: $ref: '#/components/schemas/validate.FieldRules' maxPairs: description: |- MaxPairs specifies that this field must have the specified number of KVs at a maximum format: uint64 readOnly: false type: string minPairs: description: |- MinPairs specifies that this field must have the specified number of KVs at a minimum format: uint64 readOnly: false type: string noSparse: description: |- NoSparse specifies values in this field cannot be unset. This only applies to map's with message value types. readOnly: false type: boolean values: $ref: '#/components/schemas/validate.FieldRules' title: Map Rules type: object x-speakeasy-name-override: MapRules validate.MessageRules: description: >- MessageRules describe the constraints applied to embedded message values. For message-type fields, validation is performed recursively. properties: required: description: Required specifies that this field must be set readOnly: false type: boolean skip: description: |- Skip specifies that the validation rules of this field should not be evaluated readOnly: false type: boolean title: Message Rules type: object x-speakeasy-name-override: MessageRules validate.SFixed32Rules: description: SFixed32Rules describes the constraints applied to `sfixed32` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: int32 readOnly: false type: integer gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: int32 readOnly: false type: integer gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: int32 readOnly: false type: integer ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: int32 type: integer nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: int32 readOnly: false type: integer lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: int32 readOnly: false type: integer notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: int32 type: integer nullable: true readOnly: false type: array title: S Fixed 32 Rules type: object x-speakeasy-name-override: SFixed32Rules validate.SFixed64Rules: description: SFixed64Rules describes the constraints applied to `sfixed64` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: int64 readOnly: false type: string gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: int64 readOnly: false type: string gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: int64 readOnly: false type: string ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: int64 type: string nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: int64 readOnly: false type: string lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: int64 readOnly: false type: string notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: int64 type: string nullable: true readOnly: false type: array title: S Fixed 64 Rules type: object x-speakeasy-name-override: SFixed64Rules validate.SInt32Rules: description: SInt32Rules describes the constraints applied to `sint32` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: int32 readOnly: false type: integer gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: int32 readOnly: false type: integer gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: int32 readOnly: false type: integer ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: int32 type: integer nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: int32 readOnly: false type: integer lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: int32 readOnly: false type: integer notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: int32 type: integer nullable: true readOnly: false type: array title: S Int 32 Rules type: object x-speakeasy-name-override: SInt32Rules validate.SInt64Rules: description: SInt64Rules describes the constraints applied to `sint64` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: int64 readOnly: false type: string gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: int64 readOnly: false type: string gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: int64 readOnly: false type: string ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: int64 type: string nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: int64 readOnly: false type: string lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: int64 readOnly: false type: string notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: int64 type: string nullable: true readOnly: false type: array title: S Int 64 Rules type: object x-speakeasy-name-override: SInt64Rules validate.TimestampRules: description: |- TimestampRules describe the constraints applied exclusively to the `google.protobuf.Timestamp` well-known type nullable: true properties: const: format: date-time readOnly: false type: string gt: format: date-time readOnly: false type: string gtNow: description: >- GtNow specifies that this must be greater than the current time. GtNow can only be used with the Within rule. readOnly: false type: boolean gte: format: date-time readOnly: false type: string lt: format: date-time readOnly: false type: string ltNow: description: |- LtNow specifies that this must be less than the current time. LtNow can only be used with the Within rule. readOnly: false type: boolean lte: format: date-time readOnly: false type: string required: description: Required specifies that this field must be set readOnly: false type: boolean within: format: duration readOnly: false type: string title: Timestamp Rules type: object x-speakeasy-name-override: TimestampRules validate.UInt32Rules: description: UInt32Rules describes the constraints applied to `uint32` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: uint32 readOnly: false type: integer gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: uint32 readOnly: false type: integer gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: uint32 readOnly: false type: integer ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: uint32 type: integer nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: uint32 readOnly: false type: integer lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: uint32 readOnly: false type: integer notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: uint32 type: integer nullable: true readOnly: false type: array title: U Int 32 Rules type: object x-speakeasy-name-override: UInt32Rules validate.UInt64Rules: description: UInt64Rules describes the constraints applied to `uint64` values nullable: true properties: const: description: Const specifies that this field must be exactly the specified value format: uint64 readOnly: false type: string gt: description: >- Gt specifies that this field must be greater than the specified value, exclusive. If the value of Gt is larger than a specified Lt or Lte, the range is reversed. format: uint64 readOnly: false type: string gte: description: |- Gte specifies that this field must be greater than or equal to the specified value, inclusive. If the value of Gte is larger than a specified Lt or Lte, the range is reversed. format: uint64 readOnly: false type: string ignoreEmpty: description: >- IgnoreEmpty specifies that the validation rules of this field should be evaluated only if the field is not empty readOnly: false type: boolean in: description: |- In specifies that this field must be equal to one of the specified values items: format: uint64 type: string nullable: true readOnly: false type: array lt: description: |- Lt specifies that this field must be less than the specified value, exclusive format: uint64 readOnly: false type: string lte: description: |- Lte specifies that this field must be less than or equal to the specified value, inclusive format: uint64 readOnly: false type: string notIn: description: >- NotIn specifies that this field cannot be equal to one of the specified values items: format: uint64 type: string nullable: true readOnly: false type: array title: U Int 64 Rules type: object x-speakeasy-name-override: UInt64Rules c1.api.policy.v1.ConnectorProvision.AccountProvision: description: > The AccountProvision message. This message contains a oneof named storage_type. Only a single field of the following list may be set at a time: - saveToVault - doNotSave nullable: true properties: config: additionalProperties: true readOnly: false type: object connectorId: description: The connectorId field. readOnly: false type: string doNotSave: $ref: '#/components/schemas/c1.api.policy.v1.ConnectorProvision.DoNotSave' saveToVault: $ref: '#/components/schemas/c1.api.policy.v1.ConnectorProvision.SaveToVault' schemaId: description: The schemaId field. readOnly: false type: string title: Account Provision type: object x-speakeasy-name-override: AccountProvision c1.api.policy.v1.ConnectorProvision.DefaultBehavior: description: The DefaultBehavior message. nullable: true properties: connectorId: description: >- this checks if the entitlement is enabled by provisioning in a specific connector this can happen automatically and doesn't need any extra info readOnly: false type: string title: Default Behavior type: object x-speakeasy-name-override: DefaultBehavior c1.api.policy.v1.ConnectorProvision.DeleteAccount: description: The DeleteAccount message. nullable: true properties: connectorId: description: The connectorId field. readOnly: false type: string title: Delete Account type: object x-speakeasy-name-override: DeleteAccount c1.api.policy.v1.ProvisionerAssignment: description: > ProvisionerAssignment defines how a provisioner is dynamically assigned. This message contains a oneof named typ. Only a single field of the following list may be set at a time: - users - appOwners - group - manager - expression - entitlementOwners properties: appOwners: $ref: '#/components/schemas/c1.api.policy.v1.AppOwnerProvisioner' entitlementOwners: $ref: '#/components/schemas/c1.api.policy.v1.EntitlementOwnerProvisioner' expression: $ref: '#/components/schemas/c1.api.policy.v1.ExpressionProvisioner' group: $ref: '#/components/schemas/c1.api.policy.v1.GroupProvisioner' manager: $ref: '#/components/schemas/c1.api.policy.v1.ManagerProvisioner' users: $ref: '#/components/schemas/c1.api.policy.v1.UserProvisioner' title: Provisioner Assignment type: object x-speakeasy-name-override: ProvisionerAssignment c1.api.policy.v1.ConnectorProvision.DoNotSave: description: The DoNotSave message. nullable: true title: Do Not Save type: object x-speakeasy-name-override: DoNotSave c1.api.policy.v1.ConnectorProvision.SaveToVault: description: The SaveToVault message. nullable: true properties: vaultIds: description: The vaultIds field. items: type: string nullable: true readOnly: false type: array title: Save To Vault type: object x-speakeasy-name-override: SaveToVault c1.api.policy.v1.AppOwnerProvisioner: description: AppOwnerProvisioner resolves to app owners. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean fallbackUserIds: description: Fallback user IDs if no app owners are found. items: type: string nullable: true readOnly: false type: array title: App Owner Provisioner type: object x-speakeasy-name-override: AppOwnerProvisioner c1.api.policy.v1.EntitlementOwnerProvisioner: description: EntitlementOwnerProvisioner resolves to entitlement owners. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean fallbackUserIds: description: Fallback user IDs if no entitlement owners are found. items: type: string nullable: true readOnly: false type: array title: Entitlement Owner Provisioner type: object x-speakeasy-name-override: EntitlementOwnerProvisioner c1.api.policy.v1.ExpressionProvisioner: description: >- ExpressionProvisioner evaluates CEL expressions to determine provisioners. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean expressions: description: The CEL expressions to evaluate. items: type: string nullable: true readOnly: false type: array fallbackUserIds: description: Fallback user IDs if expression evaluation yields no users. items: type: string nullable: true readOnly: false type: array title: Expression Provisioner type: object x-speakeasy-name-override: ExpressionProvisioner c1.api.policy.v1.GroupProvisioner: description: GroupProvisioner resolves to members of a specific group. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean appGroupId: description: The app group ID (entitlement ID). readOnly: false type: string appId: description: The app ID containing the group. readOnly: false type: string fallbackUserIds: description: Fallback user IDs if no group members are found. items: type: string nullable: true readOnly: false type: array title: Group Provisioner type: object x-speakeasy-name-override: GroupProvisioner c1.api.policy.v1.ManagerProvisioner: description: ManagerProvisioner resolves to the user's manager. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean fallbackUserIds: description: Fallback user IDs if no manager is found. items: type: string nullable: true readOnly: false type: array title: Manager Provisioner type: object x-speakeasy-name-override: ManagerProvisioner c1.api.policy.v1.UserProvisioner: description: UserProvisioner assigns specific users as provisioners. nullable: true properties: allowReassignment: description: Whether the provisioner can reassign the task. readOnly: false type: boolean userIds: description: The user IDs to assign as provisioners. items: type: string nullable: true readOnly: false type: array title: User Provisioner type: object x-speakeasy-name-override: UserProvisioner securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````