Path Parameters
The risk id.
Response
OK
Format: risks/{risk}
The source of the operation being assessed for risk.
SOURCE_UNSPECIFIED, DDL, DML, CREATE_DATABASE, DATA_EXPORT, REQUEST_ROLE The title of the risk rule.
The risk level assigned when this rule matches.
RISK_LEVEL_UNSPECIFIED, LOW, MODERATE, HIGH Whether the risk rule is active.
The condition that is associated with the risk. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec
All supported variables: statement.affected_rows: affected row count in the DDL/DML, support "==", "!=", "<", "<=", ">", ">=" operations. statement.table_rows: table row count number, support "==", "!=", "<", "<=", ">", ">=" operations. resource.environment_id: the environment resource id, support "==", "!=", "in [xx]", "!(in [xx])" operations. resource.project_id: the project resource id, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations. resource.db_engine: the database engine type, support "==", "!=", "in [xx]", "!(in [xx])" operations. Check the Engine enum for the values. statement.sql_type: the SQL type, support "==", "!=", "in [xx]", "!(in [xx])" operations. when the risk source is DDL, check https://github.com/bytebase/bytebase/blob/main/frontend/src/plugins/cel/types/values.ts#L70 for supported values. when the risk source is DML, check https://github.com/bytebase/bytebase/blob/main/frontend/src/plugins/cel/types/values.ts#L71 for supported values. resource.database_name: the database name, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations. resource.schema_name: the schema name, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations. resource.table_name: the table name, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations. statement.text: the SQL statement, support "contains()", "matches()", "startsWith()", "endsWith()" operations. request.expiration_days: the role expiration days for the request, support "==", "!=", "<", "<=", ">", ">=" operations. request.role: the request role full name, support "==", "!=", "in [xx]", "!(in [xx])", "contains()", "matches()", "startsWith()", "endsWith()" operations.
When the risk source is DDL/DML, support following variables: statement.affected_rows statement.table_rows resource.environment_id resource.project_id resource.db_engine statement.sql_type resource.database_name resource.schema_name resource.table_name statement.text
When the risk source is CREATE_DATABASE, support following variables: resource.environment_id resource.project_id resource.db_engine resource.database_name
When the risk source is DATA_EXPORT, support following variables: resource.environment_id resource.project_id resource.db_engine resource.database_name resource.schema_name resource.table_name
When the risk source is REQUEST_ROLE, support following variables: resource.project_id request.expiration_days request.role An abstract representation of a common expression.
Expressions are abstractly represented as a collection of identifiers, select statements, function calls, literals, and comprehensions. All operators with the exception of the '.' operator are modelled as function calls. This makes it easy to represent new operators into the existing AST.
All references within expressions must resolve to a
[Decl][google.api.expr.v1alpha1.Decl] provided at type-check for an
expression to be valid. A reference may either be a bare identifier name or
a qualified identifier google.api.name. References may either refer to a
value or a function declaration.
For example, the expression google.api.name.startsWith('expr') references
the declaration google.api.name within a
[Expr.Select][google.api.expr.v1alpha1.Expr.Select] expression, and the
function declaration startsWith.