Qualys Cloud Platform 1.33 (CS) API Notification 1

Prabhas Gupte

A new release of Qualys Cloud Platform 1.33 (CS) includes updated APIs which is targeted for release in May 2024. The specific day will differ depending on the platform. See platform release dates on the Qualys Status page. This API notification provides an early preview into the upcoming APIs, allowing you to identify use cases that can leverage these updated APIs.

What’s New

This release introduces new APIs for Kubernetes Clusters and Admission Controllers, allowing you to manage Clusters and Admission Controllers, view details, and update settings efficiently. Additionally, relevant APIs are updated to support centralized policies for Kubernetes Admission Controllers, enabling the creation and assignment of policies for enhanced control. CRS 1.0 is deprecated in this release, with associated APIs and documentation being phased out.

Kubernetes Admission Controller

In this release, we have introduced new APIs to effectively work with your Kubernetes Clusters and Admission Controllers.

New API: Show a list of Kubernetes Clusters

GET /csapi/v1.3/k8sClusters

This API shows you a list of Kubernetes Clusters in your account.

New API: Show Details of a Kubernetes Cluster

GET /csapi/v1.3/k8sClusters/{clusterUid}

This API helps you see the details of the specified cluster.

New API: Update the Registry UUID of a Kubernetes Cluster

PUT /csapi/v1.3/k8sClusters/{clusterUid}

With this API, you can update the registry details of the specified k8s cluster.

New API: Show Details of a Kubernetes Admission Controller

GET /csapi/v1.3/k8sAdmissionControllers/{uuid}

This API shows you k8s Admission controller details of the specified uuid.

New API: Update Enforcement Action of a Kubernetes Admission Controller

PUT /csapi/v1.3/k8sAdmissionController/{uuid}

With this API, you can validate your action against the policies specified in the Admission Controller. You can update the enforcementAction parameter of the specified k8s admission controller to either allow your action to be passed, irrespective of the assigned policy, or you can validate the action against the assigned policy and based on that either allow or deny your action.

Centralized Policies for Kubernetes Admission Controller

With this release, you can now create and assign Centralized policy to your K8s Admission Controller. The following APIs are updated with this release.

Create a Centralized Policy

POST /csapi/v1.3/centralizedPolicy

With this release, a new policy type called K8S_Admission_Controller is introduced along with k8sFilters in the request to provide cluster and namespace details.

Show a list of Centralized Policies

GET /csapi/v1.3/centralizedPolicy

This API provides a list of all centralized policies present in your account. With this release, you can also see Kubernetes Admission Controller policies. You will see a new policyType called K8S_ADMISSION_CONTROLLER.

Show Details of a Centralized Policy

GET /csapi/v1.3/centralizedPolicy/{policyId}

With this release, a new policy type called K8S_Admission_Controller is introduced along with k8sFilters in the response to provide cluster and namespace details.

Delete a Centralized Policy

DELETE /csapi/v1.3/centralizedPolicy/{policyId}

With this API, now you can delete a Kubernetes Admission Controller type policies as well.

Update a Centralized Policy

PUT /csapi/v1.3/centralizedPolicy/{policyId}

With this API, you can mark a policy as Active or Inactive. You need to provide k8sFilters parameter in the request.

Show Details of the Default Centralized Policy

GET /csapi/v1.3/centralizedPolicy/defaultPolicy/{policyType}

This API shows details of the default centralized policy. It will now also support policies of K8S_ADMISSION_CONTROLLER type.

Update the Policy Mode of a Centralized Policy

PUT /csapi/v1.3/centralizedPolicy/{policyId}/mode

With this API, you can mark a Kubernetes Admission Controller policy as Active or Inactive.

CRS 1.0 Deprecation

With this release, Container Runtime Security (CRS) 1.0 is getting deprecated. Please refer to the CRS 1.0 End of Life Notification for more details.

This deprecation will also result in its associated CRS APIs getting deprecated. The following entities are getting deprecated along with this release.

Please refer the detailed release note here: https://cdn2.qualys.com/docs/release-notes/qualys-container-security-1.33-api-release-notes.pdf

Share your Comments

Comments

Your email address will not be published. Required fields are marked *