Tetrate Service Bridge API (1.10.x)
Download OpenAPI specification:Download
Tetrate Service Bridge API.
Callback endpoint for OAuth2 Authorization Code grant flows as part of the OIDC spec.
query Parameters
code | string OAuth2 Authorization Code. When present this indicates the user authorized the request. TSB will use this code to acquire a token from the OIDC token endpoint and complete the login flow. |
error | string OAuth2 Error Code. When present this indicates that either the authorization request has an error, the OIDC provider encountered an error or the user failed to log in. When set TSB will display information to the user indicating what went wrong. Standard error codes can be found found here. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#AuthError |
state required | string The state parameter sent to the OIDC provider on the authorization request. |
errorDescription | string Optional error description sent by the OIDC provider when an error occurs. |
errorUri | string Optional error URI of a web page that includes additional information about the error. |
Responses
Response samples
- 200
- default
{ }
List all existing applications for the given tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "applications": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
]
}
Creates a new Application in TSB.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
required | object (v2Application) An Application represents a set of logical groupings of services that are related to each other and expose a set of APIs that implement a complete set of business logic. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "application": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
]
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
Get the details of an existing application.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
Modify an existing application.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
gatewayGroup | string Optional FQN of the Gateway Group to be used by the application.
If configured, this gateway group will be used by the application. If
no namespaces are configured and no existing gateway group is set, a new gateway group claiming all
namespaces in the workspace ( |
object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) | |
services | Array of strings Optional list of services that are part of the application. This is a list of FQNs of services in the service registry. If omitted, the application is assumed to own all the services in the workspace. Note that a service can only be part of one application. If any of the services in the list is already in use by an existing application, application creation/modification will fail. If the list of services is not explicitly set and any service in the workspace is already in use by another application, application creation/modification will fail. |
workspace required | string FQN of the workspace this application is part of. The application will configure IngressGateways for the attached APIs in the different namespaces exposed by this workspace. |
Responses
Request samples
- Payload
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "gatewayGroup": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "services": [
- "string"
], - "workspace": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
Delete an existing Application. Note that deleting resources in TSB is a recursive operation. Deleting a application will delete all API objects that exist in it.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
query Parameters
forceDeleteProtectedGroups | boolean Force the deletion of internal groups even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
List all APIs attached to the given application.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Responses
Response samples
- 200
- default
{- "apis": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
], - "fromCookies": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": null,
- "headers": { }
}
], - "modify": {
- "rewrite": {
- "uri": null,
- "authority": null
}, - "headers": {
- "request": null,
- "response": null
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": null,
- "bytes": null
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string",
- "exposedBy": {
- "service": "string",
- "clusterGroup": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": null,
- "property2": null
}, - "weight": 0
}
]
}
}
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
], - "httpServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
], - "fromCookies": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": null,
- "headers": { }
}
], - "modify": {
- "rewrite": {
- "uri": null,
- "authority": null
}, - "headers": {
- "request": null,
- "response": null
}
}, - "route": {
- "clusterDestination": {
- "clusters": [ ]
}, - "serviceDestination": {
- "host": null,
- "port": null,
- "tls": null
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": null,
- "bytes": null
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO",
- "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
]
}
]
}
Attach a new API to the given application.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
required | object (v2API) An API configuring a set of servers and endpoints that expose the Application business logic. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "api": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string",
- "exposedBy": {
- "service": "string",
- "clusterGroup": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0
}
]
}
}
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
], - "httpServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": null,
- "labels": { },
- "network": null,
- "weight": null
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO",
- "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
]
}
Get the details of an API.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string",
- "exposedBy": {
- "service": "string",
- "clusterGroup": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0
}
]
}
}
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
], - "httpServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
], - "fromCookies": [
- "string"
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": null,
- "labels": { },
- "network": null,
- "weight": null
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO",
- "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
]
}
List the WASM extensions that are defined for the Organization.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "extensions": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
]
}
Creates a new WasmExtension object in TSB. This is needed to let the extensions run. Once a WasmExtension has been created, it can be assigned to IngressGateway and SecuritySetting. This method returns the created extension.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2WasmExtension) |
Responses
Request samples
- Payload
{- "name": "string",
- "wasmExtension": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
Get a WASM extension
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
Modify an existing WasmExtension. When modifying the details of an extension in use, such as the image property, enabled flag, phase, or default configuration, a redeploy or reconfiguration of the extension may be triggered, affecting live traffic in all those places that reference the extension. Similarly, changes to the allowed_in property may trigger the removal of the extension from all places where the extension was in use that are not allowed to use it anymore, affecting live traffic on the relevant namespaces as well.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
allowedIn | Array of strings List of fqns where this extension is allowed to run. If it is empty, the extension can be used across the entire organization. Currently only Tenant resources are considered. |
config | object Configuration parameters sent to the WASM plugin execution The configuration can be overwritten when instantiating the extensions in IngressGateways or Security groups. The config is serialized using proto3 JSON marshaling and passed to proxy_on_configure when the host environment starts the plugin. |
description | string (A description of the extension.
$hide_from_yaml) |
displayName | string (User friendly name for the extension.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
image | string Deprecated. Use the |
imagePullPolicy | string (WasmExtensionPullPolicy) Default: "UNSPECIFIED_POLICY" Enum: "UNSPECIFIED_POLICY" "IfNotPresent" "Always" The pull behaviour to be applied when fetching a WASM module, mirroring K8s behaviour.
|
imagePullSecret | string Credentials to use for OCI image pulling.
Name of a K8s Secret that contains a docker pull secret which is to be used
to authenticate against the registry when pulling the image.
If TSB is configured to use the WASM download proxy, this secret must exist in
the |
object (v2GlobalTrafficSelector) GlobalTrafficSelector provides a mechanism to select a specific traffic flow for which this Wasm Extension will be enabled. This setting applies to all WASM Extension attachments. These selectors can be overridden at attachments. When all the sub conditions in the TrafficSelector are satisfied, the traffic will be selected. | |
phase | string (Plugin phases following Istio definition: https://istio.io/latest/docs/reference/config/proxy_extensions/wasm-plugin/#PluginPhase) Default: "UNSPECIFIED_PHASE" Enum: "UNSPECIFIED_PHASE" "AUTHN" "AUTHZ" "STATS"
|
priority | integer <int32> Determines the ordering of WasmExtensions in the same phase. When multiple WasmExtensions are applied to the same workload in the same phase, they will be applied by priority, in descending order. If no priority is assigned it will use the default 0 value. In case of several extensions having the same priority in the same phase, the fqn will be used to sort them. |
source | string (Source to find the code for the WASM extension) |
url required | string URL of a Wasm module or OCI container. If no scheme is present, defaults to oci://, referencing an OCI image. Other valid schemes are file:// for referencing .wasm module files present locally within the proxy container, and http[s]:// for .wasm module files hosted remotely. |
object (v2VmConfig) Configuration for a Wasm VM. more details can be found here. |
Responses
Request samples
- Payload
{- "allowedIn": [
- "string"
], - "config": { },
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "image": "string",
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "match": {
- "mode": "UNDEFINED"
}, - "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "source": "string",
- "url": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
Delete a WasmExtension. Note that deleting a WasmExtension will delete the extension itself, and also its assignments to IngressGateway and SecuritySetting.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Responses
Response samples
- 200
- default
{ }
List all gateway groups that exist in the workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "profiles": [
- "string"
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a new gateway group in the given workspace.
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
required | object (tsbgatewayv2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "profiles": [
- "string"
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "profiles": [
- "string"
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "profiles": [
- "string"
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
update the given gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
configMode | string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group.
|
deletionProtectionEnabled | boolean When set, prevents the resource from being deleted. In order to delete the resource this
property needs to be set to |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
profiles | Array of strings List of profiles attached to the gateway group to be used to propagate default and mandatory configurations down to the children. |
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "profiles": [
- "string"
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "profiles": [
- "string"
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given gateway group. Note that deleting resources in TSB is a recursive operation. Deleting a gateway group will delete all configuration objects that exist in it.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
query Parameters
force | boolean Force the deletion of the object even if deletion protection is enabled. If this is set, then the object and all its children will be deleted even if any of them has the deletion protection enabled. |
Responses
Response samples
- 200
- default
{ }
List all Egress Gateway objects in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "egressGateways": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}, - "local": {
- "rules": [
- {
- "name": null,
- "from": [ ],
- "to": [ ]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create an Egress Gateway object in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
required | object (gatewayv2EgressGateway)
--> |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "egressGateway": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
],