# Policies ## CreateRunnerPolicy **post** `/gitpod.v1.RunnerService/CreateRunnerPolicy` Creates a new policy for a runner. Use this method to: - Set up access controls - Define group permissions - Configure role-based access ### Examples - Create admin policy: Grants admin access to a group. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60" role: RUNNER_ROLE_ADMIN ``` ### Body Parameters - `groupId: optional string` group_id specifies the group_id identifier - `role: optional RunnerRole` - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` - `runnerId: optional string` runner_id specifies the project identifier ### Returns - `policy: RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/CreateRunnerPolicy \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "policy": { "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "RUNNER_ROLE_UNSPECIFIED" } } ``` ## DeleteRunnerPolicy **post** `/gitpod.v1.RunnerService/DeleteRunnerPolicy` Deletes a runner policy. Use this method to: - Remove access controls - Revoke permissions - Clean up policies ### Examples - Delete policy: Removes a group's access policy. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60" ``` ### Body Parameters - `groupId: optional string` group_id specifies the group_id identifier - `runnerId: optional string` runner_id specifies the project identifier ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/DeleteRunnerPolicy \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json {} ``` ## ListRunnerPolicies **post** `/gitpod.v1.RunnerService/ListRunnerPolicies` Lists policies for a runner. Use this method to: - View access controls - Check policy configurations - Audit permissions ### Examples - List policies: Shows all policies for a runner. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" pagination: pageSize: 20 ``` ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `pagination: optional object { token, pageSize }` pagination contains the pagination options for listing project policies - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. - `runnerId: optional string` runner_id specifies the project identifier ### Returns - `pagination: optional object { nextToken }` - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results - `policies: optional array of RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/ListRunnerPolicies \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "pagination": { "nextToken": "nextToken" }, "policies": [ { "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "RUNNER_ROLE_UNSPECIFIED" } ] } ``` ## UpdateRunnerPolicy **post** `/gitpod.v1.RunnerService/UpdateRunnerPolicy` Updates an existing runner policy. Use this method to: - Modify access levels - Change group roles - Update permissions ### Examples - Update policy role: Changes a group's access level. ```yaml runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60" role: RUNNER_ROLE_USER ``` ### Body Parameters - `groupId: optional string` group_id specifies the group_id identifier - `role: optional RunnerRole` - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` - `runnerId: optional string` runner_id specifies the project identifier ### Returns - `policy: RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.RunnerService/UpdateRunnerPolicy \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "policy": { "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "role": "RUNNER_ROLE_UNSPECIFIED" } } ``` ## Domain Types ### Runner Policy - `RunnerPolicy object { groupId, role }` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Runner Role - `RunnerRole = "RUNNER_ROLE_UNSPECIFIED" or "RUNNER_ROLE_ADMIN" or "RUNNER_ROLE_USER"` - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Policy Create Response - `PolicyCreateResponse object { policy }` - `policy: RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"` ### Policy Delete Response - `PolicyDeleteResponse = unknown` ### Policy Update Response - `PolicyUpdateResponse object { policy }` - `policy: RunnerPolicy` - `groupId: optional string` - `role: optional RunnerRole` role is the role assigned to the group - `"RUNNER_ROLE_UNSPECIFIED"` - `"RUNNER_ROLE_ADMIN"` - `"RUNNER_ROLE_USER"`