Task Type: updateApplication

A policy call is made for this type anytime a user attmpts to edit an existing application.
  • Path: tasks
  • Method: Post
  • Package: spinnaker.http.authz

Example Payload

Click to expand
  "input": {
    "body": {
      "application": "aftest2",
      "description": "Update Application: aftest2",
      "job": [
          "application": {
            "cloudProviders": "kubernetes",
            "dataSources": {
              "disabled": [],
              "enabled": []
            "description": "description2",
            "email": "dasdasd@trest.com",
            "instancePort": 80,
            "lastModifiedBy": "myUserName",
            "name": "aftest2",
            "permissions": {
              "EXECUTE": [
              "READ": [
              "WRITE": [
            "repoProjectKey": "project",
            "repoSlug": "name",
            "repoType": "github",
            "trafficGuards": [],
            "updateTs": "1621444448000",
            "user": "myUserName"
          "type": "updateApplication",
          "user": "myUserName"
    "method": "POST",
    "path": [
    "user": {
      "isAdmin": false,
      "roles": [
          "name": "armory-io",
          "source": "GITHUB_TEAMS"
          "name": "productmanagers",
          "source": "GITHUB_TEAMS"
      "username": "myUserName"

Example Policy

This policy disables the ability to create new applications, or update existing applications unless the applications have specified at least 1 role with ‘write’ permissions.

Note: The UI is not currently able to display an error message when this policy denies the action.

package spinnaker.http.authz

allow = message==""

default message=""
message="You must provide at least 1 user with full execute permissions"{

hasWritePermissions(job) {



Key Type Description
input.body.application string The name of the application being created.
input.body.description string The description of the application being created.
input.body.job[].application.cloudProviders string The application’s allowed cloud providers.
input.body.job[].application.email string The email address of the owner of the application.
input.body.job[].application.instancePort number
input.body.job[].application.name string The name of the application being created.
input.body.job[].type string The type of task being run, in this case “createApplication”.
input.body.job[].user string The ID of the user to run the job as.
input.method string The HTTP method by which the API is being called. When creating a task this is POST
input.path[] string The API path of the job. When creating a new task this is the array ["tasks"]
input.user.isAdmin boolean
input.user.roles[].name string
input.user.roles[].source string
input.user.username string
input.body.job[].application.description string The description of the application being created.
input.body.job[].application.permissions.EXECUTE[] string The list of roles that have execute permission to the application.
input.body.job[].application.permissions.READ[] string The list of roles that have read permission to the application.
input.body.job[].application.permissions.WRITE[] string The list of roles that have write permission to the application.
input.body.job[].application.repoProjectKey string What is the unique ID of the project in source control.
input.body.job[].application.repoSlug string What is the slug for the source code repo? Typically the repository’s owner or organization ID.
input.body.job[].application.repoType string With what type of sourcecode repo is this application associated.

Last modified August 18, 2023: (02b163b7)