GuidesAPI Reference
Log In
Guides

Protection Configuration Reference

protection:
  name: ""  # required, unique Protection name
  # exactly one of these is required
  kubernetesConfig:  # Kubernetes config defining a Job
    type: KUBERNETES | KUSTOMIZE
    local:
      path: ""  # relative path to the Job definition or a directory containing the Job definition
      subPath: "" # optional, used in conjunction with path to allow templating `path` to the Job definition. When specified, `path` must be a directory and the entire content of the directory will be uploaded to Prodvana.
  taskConfig:
    program:  # required
      name: ""  # required, container name
      # one of `image` or `imageTag` with `imageRegistryInfo` is required.
      image: ""  # docker image
      imageRegistryInfo:
        containerRegistry: ""  # container registry name on Prodvana
        imageRepository: ""  # image repository (path after the domain)
      imageTag: ""  # image tag, used in conjunction with imageRegistryInfo
      entrypoint:  # optional, override the image entrypoint
      - ""
      cmd:  # optional, override the image command
      - ""
      env:  # optional, env variables
        "key":
           # one of these is required
           value: ""  # string value
           secret:  # reference a secret stored on Prodvana
             key: ""  # required
             version: ""  # required
           kubernetesSecret:  # reference a Kubernetes secret. The secret must already exist on the same namespace as the Service.
             secretName: ""  # required, secret name
             key: ""  # required, map key inside the secret to use (Kubernetes secrets are stored as a map)
      workingDirectory: ""  # optional, override working directory from the image
  builtin:  # builtin Protections
    # exactly one of this is required
    commitDenylist:  # a Protection that prevents known bad commits from going out, requires a repository integration like GitHub setup
      repository: ""  # required, repository name, like github.com/foo/bar
      commits:  # required, commits denylist
      - # one of `commit` or `range` is required
        commit: ""  # commit sha
        range:
        - startCommit:  ""  # older commit sha, exclusive
          endCommit: ""  # newer commit sha, inclusive
  # end of one of
  pollInterval: 60s  # optional, how often to run the Protection
  env:  # optional, additional env to be injected into the running Protection. only supported for Kubernetes.
    "key":
      # one of these is required
      value: ""  # string value
      secret:  # reference a secret stored on Prodvana
        key: ""  # required
        version: ""  # required
      kubernetesSecret:  # reference a Kubernetes secret. The secret must already exist on the same namespace as the Service.
        secretName: ""  # required, secret name
        key: ""  # required, map key inside the secret to use (Kubernetes secrets are stored as a map)
  parameters:  # optional, parameters to pass in when instantiating the Convergence Extension. Available in template variables as {{.Params.*}}
  - name: ""  # required, parameter name, used as the template variable name
    description: ""  # optional
    required: false  # optional, mark parameter as required
    string:  # string parameter
      defaultValue: ""  # optional, default value
    dockerImage:  # docker image parameter, populated from a docker registry integration
      imageRegistryInfo:
        containerRegistry: ""  # container registry name on Prodvana
        imageRepository: ""  # image repository (path after the domain)
      defaultTag: ""  # optional, default value
    int:  # int parameter
      defaultValue: 0  # optional, default value
    commit:  # commit parameter, populated from a repository integration
      repository: ""  # required, e.g. github.com/foo/bar
      branch: ""  # optional, branch to pull commits from when populating parameter textbox in the Prodvana UI
    blob:  # similar to string, but pass a blob ID in the template variable instead of the string content. Useful if the string content is going to be very large.
      defaultValue: ""  # optional, default value
    secret: {}  # secret stored on Prodvana. The content of the secret is passed via the template variable