The Sudo Commands API provides operations to manage a set of sudo commands (Sudo Command bundles). You can create any number of bundles, but each bundle can only contain up to 64 commands. You control the order of Sudo Command bundles by the name of each bundle. See Sudo command bundle.
Lists all Sudo Command bundles for your Team
This endpoint requires one of the following roles: resource_admin
, security_admin
, delegated_security_admin
.
OK
{- "list": [
- {
- "id": "3a064d89-2984-47aa-bbda-91d637f09b8c",
- "created_at": "2024-07-29T17:52:05.898261Z",
- "created_by": "some-user",
- "updated_at": "2024-07-29T17:52:05.898261Z",
- "updated_by": "some-user",
- "name": "create_directories",
- "description": null,
- "structured_commands": [
- {
- "command_type": "executable",
- "command": "/bin/mkdir",
- "args_type": "any",
- "args": null,
- "rendered_command": "/bin/mkdir *"
}
], - "run_as": "",
- "no_passwd": true,
- "no_exec": false,
- "set_env": false,
- "add_env": null,
- "sub_env": null
}, - {
- "id": "b4f7622b-f0be-4d62-aa47-1710a6289679",
- "created_at": "2024-07-29T17:52:05.900342Z",
- "created_by": "some-user",
- "updated_at": "2024-07-29T17:52:05.900342Z",
- "updated_by": "some-user",
- "name": "remove_directories",
- "description": null,
- "structured_commands": [
- {
- "command_type": "executable",
- "command": "/bin/rmdir",
- "args_type": "any",
- "args": null,
- "rendered_command": "/bin/rmdir *"
}
], - "run_as": "",
- "no_passwd": true,
- "no_exec": false,
- "set_env": false,
- "add_env": [
- "HOME"
], - "sub_env": null
}
]
}
Creates a Sudo Command bundle
This endpoint requires the following role: resource_admin
.
add_env | Array of strings or null <regex> <= 32 items A list of environment variables to include when running sudo commands. See the sudo documentation. |
description | string [ 1 .. 255 ] characters A description of the Sudo Command bundle |
name required | string <regex> [ 1 .. 255 ] characters ^[\w\-_.]+$ The name of the Sudo Command bundle. This controls the ordering of all bundles within your Team. See Sudo Command Bundle. |
no_exec | boolean or null Whether to allow commands to execute child processes |
no_passwd | boolean or null Default: true Whether to require a password when sudo is run. This should generally not be used as Users don't require a password. |
run_as | string or null <regex> [ 1 .. 64 ] characters ^([%]{0,1})((([#])(\d+))|([\w\-_.]+)|((?i)[A-... A non-root user account used to run the command |
set_env | boolean or null Whether to allow overriding environment variables to commands |
Array of objects or null [ 0 .. 64 ] A list of commands to allow | |
sub_env | Array of strings or null <regex> <= 32 items A list of environment variables to ignore when running the commands. See the sudo documentation. |
Created
{- "name": "create_directories",
- "description": "can be empty",
- "structured_commands": [
- {
- "command_type": "executable",
- "command": "/bin/mkdir",
- "args_type": "any"
}
], - "no_passwd": true,
- "no_exec": false,
- "set_env": false,
- "add_env": null,
- "sub_env": null
}
{- "id": "4c218c35-b8fd-45f5-9e43-1c392c9079b0",
- "created_at": "2024-07-29T23:15:38.203054971Z",
- "created_by": "name.username",
- "updated_at": "2024-07-29T23:15:38.203054971Z",
- "updated_by": "name.username",
- "name": "create_directories",
- "description": "can be empty",
- "structured_commands": [
- {
- "command_type": "executable",
- "command": "/bin/mkdir",
- "args_type": "any",
- "args": null,
- "rendered_command": "/bin/mkdir *"
}
], - "run_as": "",
- "no_passwd": true,
- "no_exec": false,
- "set_env": false,
- "add_env": null,
- "sub_env": null
}
Retrieves a specified Sudo Command bundle
This endpoint requires one of the following roles: resource_admin
, security_admin
, delegated_security_admin
.
OK
{- "id": "3a064d89-2984-47aa-bbda-91d637f09b8c",
- "created_at": "2024-07-29T17:52:05.898261Z",
- "created_by": "some-user",
- "updated_at": "2024-07-29T17:52:05.898261Z",
- "updated_by": "some-user",
- "name": "create_directories",
- "description": null,
- "structured_commands": [
- {
- "command_type": "executable",
- "command": "/bin/mkdir",
- "args_type": "any",
- "args": null,
- "rendered_command": "/bin/mkdir *"
}
], - "run_as": "",
- "no_passwd": true,
- "no_exec": false,
- "set_env": false,
- "add_env": null,
- "sub_env": null
}
Updates a specified Sudo Command bundle. You cannot modify a Sudo Command bundle that is referenced by an OPA Security Policy.
This endpoint requires the following role: resource_admin
.
add_env | Array of strings or null <regex> <= 32 items A list of environment variables to include when running sudo commands. See the sudo documentation. |
description | string [ 1 .. 255 ] characters A description of the Sudo Command bundle |
name required | string <regex> [ 1 .. 255 ] characters ^[\w\-_.]+$ The name of the Sudo Command bundle. This controls the ordering of all bundles within your Team. See Sudo Command Bundle. |
no_exec | boolean or null Whether to allow commands to execute child processes |
no_passwd | boolean or null Default: true Whether to require a password when sudo is run. This should generally not be used as Users don't require a password. |
run_as | string or null <regex> [ 1 .. 64 ] characters ^([%]{0,1})((([#])(\d+))|([\w\-_.]+)|((?i)[A-... A non-root user account used to run the command |
set_env | boolean or null Whether to allow overriding environment variables to commands |
Array of objects or null [ 0 .. 64 ] A list of commands to allow | |
sub_env | Array of strings or null <regex> <= 32 items A list of environment variables to ignore when running the commands. See the sudo documentation. |
No Content
{- "name": "create_directories",
- "description": "can be empty",
- "structured_commands": [
- {
- "command_type": "executable",
- "command": "/bin/mkdir",
- "args_type": "any"
}
], - "no_passwd": true,
- "no_exec": false,
- "set_env": false,
- "add_env": null,
- "sub_env": null
}
Deletes the specified Sudo Command bundle. You cannot delete a Sudo Command bundle that is referenced by an OPA Security Policy.
This endpoint requires the following role: resource_admin
.
No Content