# Policies

## CreateRunnerPolicy

`client.runners.policies.create(PolicyCreateParamsbody, RequestOptionsoptions?): PolicyCreateResponse`

**post** `/gitpod.v1.RunnerService/CreateRunnerPolicy`

Creates a new policy for a runner.

Use this method to:

- Set up access controls
- Define group permissions
- Configure role-based access

### Examples

- Create admin policy:

  Grants admin access to a group.

  ```yaml
  runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
  groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60"
  role: RUNNER_ROLE_ADMIN
  ```

### Parameters

- `body: PolicyCreateParams`

  - `groupId?: string`

    group_id specifies the group_id identifier

  - `role?: RunnerRole`

    - `"RUNNER_ROLE_UNSPECIFIED"`

    - `"RUNNER_ROLE_ADMIN"`

    - `"RUNNER_ROLE_USER"`

  - `runnerId?: string`

    runner_id specifies the project identifier

### Returns

- `PolicyCreateResponse`

  - `policy: RunnerPolicy`

    - `groupId?: string`

    - `role?: RunnerRole`

      role is the role assigned to the group

      - `"RUNNER_ROLE_UNSPECIFIED"`

      - `"RUNNER_ROLE_ADMIN"`

      - `"RUNNER_ROLE_USER"`

### Example

```typescript
import Gitpod from '@gitpod/sdk';

const client = new Gitpod({
  bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted
});

const policy = await client.runners.policies.create({
  groupId: 'f53d2330-3795-4c5d-a1f3-453121af9c60',
  role: 'RUNNER_ROLE_ADMIN',
  runnerId: 'd2c94c27-3b76-4a42-b88c-95a85e392c68',
});

console.log(policy.policy);
```

#### Response

```json
{
  "policy": {
    "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "role": "RUNNER_ROLE_UNSPECIFIED"
  }
}
```

## DeleteRunnerPolicy

`client.runners.policies.delete(PolicyDeleteParamsbody, RequestOptionsoptions?): PolicyDeleteResponse`

**post** `/gitpod.v1.RunnerService/DeleteRunnerPolicy`

Deletes a runner policy.

Use this method to:

- Remove access controls
- Revoke permissions
- Clean up policies

### Examples

- Delete policy:

  Removes a group's access policy.

  ```yaml
  runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
  groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60"
  ```

### Parameters

- `body: PolicyDeleteParams`

  - `groupId?: string`

    group_id specifies the group_id identifier

  - `runnerId?: string`

    runner_id specifies the project identifier

### Returns

- `PolicyDeleteResponse = unknown`

### Example

```typescript
import Gitpod from '@gitpod/sdk';

const client = new Gitpod({
  bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted
});

const policy = await client.runners.policies.delete({
  groupId: 'f53d2330-3795-4c5d-a1f3-453121af9c60',
  runnerId: 'd2c94c27-3b76-4a42-b88c-95a85e392c68',
});

console.log(policy);
```

#### Response

```json
{}
```

## ListRunnerPolicies

`client.runners.policies.list(PolicyListParamsparams, RequestOptionsoptions?): PoliciesPage<RunnerPolicy>`

**post** `/gitpod.v1.RunnerService/ListRunnerPolicies`

Lists policies for a runner.

Use this method to:

- View access controls
- Check policy configurations
- Audit permissions

### Examples

- List policies:

  Shows all policies for a runner.

  ```yaml
  runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
  pagination:
    pageSize: 20
  ```

### Parameters

- `params: PolicyListParams`

  - `token?: string`

    Query param

  - `pageSize?: number`

    Query param

  - `pagination?: Pagination`

    Body param: pagination contains the pagination options for listing project policies

    - `token?: string`

      Token for the next set of results that was returned as next_token of a
      PaginationResponse

    - `pageSize?: number`

      Page size is the maximum number of results to retrieve per page.
      Defaults to 25. Maximum 100.

  - `runnerId?: string`

    Body param: runner_id specifies the project identifier

### Returns

- `RunnerPolicy`

  - `groupId?: string`

  - `role?: RunnerRole`

    role is the role assigned to the group

    - `"RUNNER_ROLE_UNSPECIFIED"`

    - `"RUNNER_ROLE_ADMIN"`

    - `"RUNNER_ROLE_USER"`

### Example

```typescript
import Gitpod from '@gitpod/sdk';

const client = new Gitpod({
  bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted
});

// Automatically fetches more pages as needed.
for await (const runnerPolicy of client.runners.policies.list({
  pagination: { pageSize: 20 },
  runnerId: 'd2c94c27-3b76-4a42-b88c-95a85e392c68',
})) {
  console.log(runnerPolicy.groupId);
}
```

#### Response

```json
{
  "pagination": {
    "nextToken": "nextToken"
  },
  "policies": [
    {
      "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
      "role": "RUNNER_ROLE_UNSPECIFIED"
    }
  ]
}
```

## UpdateRunnerPolicy

`client.runners.policies.update(PolicyUpdateParamsbody, RequestOptionsoptions?): PolicyUpdateResponse`

**post** `/gitpod.v1.RunnerService/UpdateRunnerPolicy`

Updates an existing runner policy.

Use this method to:

- Modify access levels
- Change group roles
- Update permissions

### Examples

- Update policy role:

  Changes a group's access level.

  ```yaml
  runnerId: "d2c94c27-3b76-4a42-b88c-95a85e392c68"
  groupId: "f53d2330-3795-4c5d-a1f3-453121af9c60"
  role: RUNNER_ROLE_USER
  ```

### Parameters

- `body: PolicyUpdateParams`

  - `groupId?: string`

    group_id specifies the group_id identifier

  - `role?: RunnerRole`

    - `"RUNNER_ROLE_UNSPECIFIED"`

    - `"RUNNER_ROLE_ADMIN"`

    - `"RUNNER_ROLE_USER"`

  - `runnerId?: string`

    runner_id specifies the project identifier

### Returns

- `PolicyUpdateResponse`

  - `policy: RunnerPolicy`

    - `groupId?: string`

    - `role?: RunnerRole`

      role is the role assigned to the group

      - `"RUNNER_ROLE_UNSPECIFIED"`

      - `"RUNNER_ROLE_ADMIN"`

      - `"RUNNER_ROLE_USER"`

### Example

```typescript
import Gitpod from '@gitpod/sdk';

const client = new Gitpod({
  bearerToken: process.env['GITPOD_API_KEY'], // This is the default and can be omitted
});

const policy = await client.runners.policies.update({
  groupId: 'f53d2330-3795-4c5d-a1f3-453121af9c60',
  role: 'RUNNER_ROLE_USER',
  runnerId: 'd2c94c27-3b76-4a42-b88c-95a85e392c68',
});

console.log(policy.policy);
```

#### Response

```json
{
  "policy": {
    "groupId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e",
    "role": "RUNNER_ROLE_UNSPECIFIED"
  }
}
```

## Domain Types

### Runner Policy

- `RunnerPolicy`

  - `groupId?: string`

  - `role?: RunnerRole`

    role is the role assigned to the group

    - `"RUNNER_ROLE_UNSPECIFIED"`

    - `"RUNNER_ROLE_ADMIN"`

    - `"RUNNER_ROLE_USER"`

### Runner Role

- `RunnerRole = "RUNNER_ROLE_UNSPECIFIED" | "RUNNER_ROLE_ADMIN" | "RUNNER_ROLE_USER"`

  - `"RUNNER_ROLE_UNSPECIFIED"`

  - `"RUNNER_ROLE_ADMIN"`

  - `"RUNNER_ROLE_USER"`

### Policy Create Response

- `PolicyCreateResponse`

  - `policy: RunnerPolicy`

    - `groupId?: string`

    - `role?: RunnerRole`

      role is the role assigned to the group

      - `"RUNNER_ROLE_UNSPECIFIED"`

      - `"RUNNER_ROLE_ADMIN"`

      - `"RUNNER_ROLE_USER"`

### Policy Delete Response

- `PolicyDeleteResponse = unknown`

### Policy Update Response

- `PolicyUpdateResponse`

  - `policy: RunnerPolicy`

    - `groupId?: string`

    - `role?: RunnerRole`

      role is the role assigned to the group

      - `"RUNNER_ROLE_UNSPECIFIED"`

      - `"RUNNER_ROLE_ADMIN"`

      - `"RUNNER_ROLE_USER"`