feat(api): add audit_only field to executable_deny_list and veto

Author: stainless-app[bot]

.stats.yml

@@ -1,4 +1,4 @@
 configured_endpoints: 175
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-6bfb10e82813fa3415f7ce350424221418b6fde16c3ec547c64ad46b68947277.yml
-openapi_spec_hash: dea4ce60942cfbc15257e7c5dd57ee54
-config_hash: 318f17b933356b2580853e0380080816
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/gitpod%2Fgitpod-cf6d772062952a074c6487c7c272a8dda20a65e238fae2d3163de9b6f4258ae2.yml
+openapi_spec_hash: bc02a056a6ab611247ddacc41e4b98a5
+config_hash: 3a29593d2be08d2e9e818d2ac66ef562

api.md

@@ -455,6 +455,7 @@ from gitpod.types.organizations import (
     AgentPolicy,
     CrowdStrikeConfig,
     ExecutableDenyList,
+    KernelControlsAction,
     OrganizationPolicies,
     SecurityAgentPolicy,
     PolicyRetrieveResponse,

src/gitpod/types/organizations/__init__.py

@@ -19,6 +19,7 @@
 from .custom_domain_provider import CustomDomainProvider as CustomDomainProvider
 from .invite_create_response import InviteCreateResponse as InviteCreateResponse
 from .invite_retrieve_params import InviteRetrieveParams as InviteRetrieveParams
+from .kernel_controls_action import KernelControlsAction as KernelControlsAction
 from .policy_retrieve_params import PolicyRetrieveParams as PolicyRetrieveParams
 from .sso_configuration_state import SSOConfigurationState as SSOConfigurationState
 from .invite_retrieve_response import InviteRetrieveResponse as InviteRetrieveResponse

src/gitpod/types/organizations/executable_deny_list.py

@@ -3,6 +3,7 @@
 from typing import List, Optional
 
 from ..._models import BaseModel
+from .kernel_controls_action import KernelControlsAction
 
 __all__ = ["ExecutableDenyList"]
 
@@ -12,6 +13,9 @@ class ExecutableDenyList(BaseModel):
     ExecutableDenyList contains executables that are blocked from execution in environments.
     """
 
+    action: Optional[KernelControlsAction] = None
+    """action specifies what action kernel-level controls take on policy violations"""
+
     enabled: Optional[bool] = None
     """enabled controls whether executable blocking is active"""
 

src/gitpod/types/organizations/executable_deny_list_param.py

@@ -5,6 +5,7 @@
 from typing_extensions import TypedDict
 
 from ..._types import SequenceNotStr
+from .kernel_controls_action import KernelControlsAction
 
 __all__ = ["ExecutableDenyListParam"]
 
@@ -14,6 +15,9 @@ class ExecutableDenyListParam(TypedDict, total=False):
     ExecutableDenyList contains executables that are blocked from execution in environments.
     """
 
+    action: KernelControlsAction
+    """action specifies what action kernel-level controls take on policy violations"""
+
     enabled: bool
     """enabled controls whether executable blocking is active"""
 

src/gitpod/types/organizations/kernel_controls_action.py

@@ -0,0 +1,9 @@
+# File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+from typing_extensions import Literal, TypeAlias
+
+__all__ = ["KernelControlsAction"]
+
+KernelControlsAction: TypeAlias = Literal[
+    "KERNEL_CONTROLS_ACTION_UNSPECIFIED", "KERNEL_CONTROLS_ACTION_BLOCK", "KERNEL_CONTROLS_ACTION_AUDIT"
+]

src/gitpod/types/veto.py

@@ -3,13 +3,17 @@
 from typing import List, Optional
 
 from .._models import BaseModel
+from .organizations.kernel_controls_action import KernelControlsAction
 
 __all__ = ["Veto", "Exec"]
 
 
 class Exec(BaseModel):
     """exec controls executable blocking"""
 
+    action: Optional[KernelControlsAction] = None
+    """action specifies what action kernel-level controls take on policy violations"""
+
     denylist: Optional[List[str]] = None
     """denylist is the list of executable paths or names to block"""
 

src/gitpod/types/veto_param.py

@@ -5,13 +5,17 @@
 from typing_extensions import TypedDict
 
 from .._types import SequenceNotStr
+from .organizations.kernel_controls_action import KernelControlsAction
 
 __all__ = ["VetoParam", "Exec"]
 
 
 class Exec(TypedDict, total=False):
     """exec controls executable blocking"""
 
+    action: KernelControlsAction
+    """action specifies what action kernel-level controls take on policy violations"""
+
     denylist: SequenceNotStr[str]
     """denylist is the list of executable paths or names to block"""
 

tests/api_resources/organizations/test_policies.py

@@ -79,6 +79,7 @@ def test_method_update_with_all_params(self, client: Gitpod) -> None:
             delete_archived_environments_after="+9125115.360s",
             editor_version_restrictions={"foo": {"allowed_versions": ["string"]}},
             executable_deny_list={
+                "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
                 "enabled": True,
                 "executables": ["string"],
             },
@@ -195,6 +196,7 @@ async def test_method_update_with_all_params(self, async_client: AsyncGitpod) ->
             delete_archived_environments_after="+9125115.360s",
             editor_version_restrictions={"foo": {"allowed_versions": ["string"]}},
             executable_deny_list={
+                "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
                 "enabled": True,
                 "executables": ["string"],
             },

tests/api_resources/test_environments.py

@@ -83,6 +83,7 @@ def test_method_create_with_all_params(self, client: Gitpod) -> None:
                 "kernel_controls_config": {
                     "veto": {
                         "exec": {
+                            "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
                             "denylist": ["string"],
                             "enabled": True,
                         }
@@ -227,6 +228,7 @@ def test_method_update_with_all_params(self, client: Gitpod) -> None:
                 "kernel_controls_config": {
                     "veto": {
                         "exec": {
+                            "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
                             "denylist": ["string"],
                             "enabled": True,
                         }
@@ -453,6 +455,7 @@ def test_method_create_from_project_with_all_params(self, client: Gitpod) -> Non
                 "kernel_controls_config": {
                     "veto": {
                         "exec": {
+                            "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
                             "denylist": ["string"],
                             "enabled": True,
                         }
@@ -767,6 +770,7 @@ async def test_method_create_with_all_params(self, async_client: AsyncGitpod) ->
                 "kernel_controls_config": {
                     "veto": {
                         "exec": {
+                            "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
                             "denylist": ["string"],
                             "enabled": True,
                         }
@@ -911,6 +915,7 @@ async def test_method_update_with_all_params(self, async_client: AsyncGitpod) ->
                 "kernel_controls_config": {
                     "veto": {
                         "exec": {
+                            "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
                             "denylist": ["string"],
                             "enabled": True,
                         }
@@ -1137,6 +1142,7 @@ async def test_method_create_from_project_with_all_params(self, async_client: As
                 "kernel_controls_config": {
                     "veto": {
                         "exec": {
+                            "action": "KERNEL_CONTROLS_ACTION_UNSPECIFIED",
                             "denylist": ["string"],
                             "enabled": True,
                         }