Tetrate Service Bridge API (1.6.x)

Download OpenAPI specification:Download

URL: https://www.tetrate.io/tetrate-service-bridge/

Tetrate Service Bridge API.

OAuth

OIDC

Callback endpoint for OAuth2 Authorization Code grant flows as part of the OIDC spec.

query Parameters

code	string OAuth2 Authorization Code. When present this indicates the user authorized the request. TSB will use this code to acquire a token from the OIDC token endpoint and complete the login flow.
error	string OAuth2 Error Code. When present this indicates that either the authorization request has an error, the OIDC provider encountered an error or the user failed to log in. When set TSB will display information to the user indicating what went wrong. Standard error codes can be found found here. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#AuthError
state required	string The state parameter sent to the OIDC provider on the authorization request.
errorDescription	string Optional error description sent by the OIDC provider when an error occurs.
errorUri	string Optional error URI of a web page that includes additional information about the error.

Responses

Response samples

200
default

Content type

application/json

{ }

Login endpoint to start an OIDC Authentication flow.

query Parameters

redirectUri

string

URl where the user will be redirected when the authentication flow completes.

Responses

Response samples

200
default

Content type

application/json

{ }

Applications

List all existing applications for the given tenant.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Responses

Response samples

200
default

Content type

application/json

{"applications": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}
]
}

Creates a new Application in TSB.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

required	object (v2Application) An Application represents a set of logical groupings of services that are related to each other and expose a set of APIs that implement a complete set of business logic.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"application": {"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
]
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Get the details of an existing application.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Modify an existing application.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
gatewayGroup	string Optional FQN of the Gateway Group to be used by the application. If configured, this gateway group will be used by the application. If no namespaces are configured and no existing gateway group is set, a new gateway group claiming all namespaces in the workspace (`/`) will be created by default. All Ingress Gateway resources created for the APIs attached to the application will be created in the application's gateway group.
	object (`NamespaceSelector` selects a set of namespaces across one or more clusters in a tenant. Namespace selectors can be used at Workspace level to carve out a chunk of resources under a tenant into an isolated configuration domain. They can be used in a Traffic, Security, or a Gateway group to further scope the set of namespaces that will belong to a specific configuration group. Names in namespaces selector must be in the form `cluster/namespace` where: - cluster must be a cluster name or an `` to mean all clusters - namespace must be a namespace name, an `` to mean all namespaces or a prefix like `ns-*` to mean all those namespaces starting by `ns-`)
services	Array of strings Optional list of services that are part of the application. This is a list of FQNs of services in the service registry. If omitted, the application is assumed to own all the services in the workspace. Note that a service can only be part of one application. If any of the services in the list is already in use by an existing application, application creation/modification will fail. If the list of services is not explicitly set and any service in the workspace is already in use by by another application, application creation/modification will fail.
workspace required	string FQN of the workspace this application is part of. The application will configure IngressGateways for the attached APIs in the different namespaces exposed by this workspace.

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"displayName": "string",
"etag": "string",
"gatewayGroup": "string",
"namespaceSelector": {"names": ["string"
]
},
"services": ["string"
],
"workspace": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workspace": "string",
"namespaceSelector": {"names": ["string"
]
},
"gatewayGroup": "string",
"services": ["string"
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Delete an existing Application. Note that deleting resources in TSB is a recursive operation. Deleting a application will delete all API objects that exist in it.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Responses

Response samples

200
default

Content type

application/json

{ }

List all APIs attached to the given application.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Responses

Response samples

200
default

Content type

application/json

{"apis": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"openapi": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"servers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": null,
"headers": { }
}
],
"modify": {"rewrite": {"uri": null,
"authority": null
},
"headers": {"request": null,
"response": null
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [null
],
"limit": {"requestsPerUnit": null,
"unit": null
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [null
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"endpoints": [{"path": "string",
"methods": ["string"
],
"hostnames": ["string"
],
"service": "string"
}
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}
]
}

Attach a new API to the given application.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

required	object (v2API) An API configuring a set of servers and endpoints that expose the Application business logic.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"api": {"displayName": "string",
"etag": "string",
"description": "string",
"openapi": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
}
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"openapi": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"servers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"endpoints": [{"path": "string",
"methods": ["string"
],
"hostnames": ["string"
],
"service": "string"
}
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Get the details of an API.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"openapi": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"servers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"endpoints": [{"path": "string",
"methods": ["string"
],
"hostnames": ["string"
],
"service": "string"
}
],
"configResources": [{"fqn": "string",
"expectedEtag": "string",
"exclusivelyOwned": true
}
]
}

Delete an existing API.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Responses

Response samples

200
default

Content type

application/json

{ }

WasmExtensions

List the WASM extensions that are defined for the Organization.

path Parameters

organization

required

string

Organization name.

Responses

Response samples

200
default

Content type

application/json

{"extensions": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}
]
}

Creates a new WasmExtension object in TSB. This is needed to let the extensions run. Once a WasmExtension has been created, it can be assigned to IngressGateway and SecuritySetting. This method returns the created extension.

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

name required	string The short name for the resource to be created.
required	object (v2WasmExtension)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"wasmExtension": {"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}

Get a WASM extension

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}

Modify an existing WasmExtension. When modifying the details of an extension in use, such as the image property, enabled flag, phase, or default configuration, a redeploy or reconfiguration of the extension may be triggered, affecting live traffic in all those places that reference the extension. Similarly, changes to the allowed_in property may trigger the removal of the extension from all places where the extension was in use that are not allowed to use it anymore, affecting live traffic on the relevant namespaces as well.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

allowedIn	Array of strings List of fqns where this extension is allowed to run. If it is empty, the extension can be used across the entire organization. Currently only Tenant resources are considered.
config	object Configuration parameters sent to the WASM plugin execution The configuration can be overwritten when instantiating the extensions in IngressGateways or Security groups. The config is serialized using proto3 JSON marshaling and passed to proxy_on_configure when the host environment starts the plugin.
description	string (A description of the extension. $hide_from_yaml)
displayName	string (User friendly name for the extension. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
image required	string Repository and tag of the OCI image containing the WASM extension.
imagePullPolicy	string (WasmExtensionPullPolicy) Default: "UNSPECIFIED_POLICY" Enum: "UNSPECIFIED_POLICY" "IfNotPresent" "Always" The pull behaviour to be applied when fetching a WASM module, mirroring K8s behaviour. UNSPECIFIED_POLICY: Defaults to IfNotPresent, except for OCI images with tag `latest`, for which the default will be Always. IfNotPresent: If an existing version of the image has been pulled before, that will be used. If no version of the image is present locally, we will pull the latest version. Always: We will always pull the latest version of an image when changing this plugin. Note that the change includes `metadata` field as well.
imagePullSecret	string Credentials to use for OCI image pulling. Name of a K8s Secret in the same namespace as the `WasmPlugin` that contains a docker pull secret which is to be used to authenticate against the registry when pulling the image.
phase	string (Plugin phases following Istio definition: https://istio.io/latest/docs/reference/config/proxy_extensions/wasm-plugin/#PluginPhase) Default: "UNSPECIFIED_PHASE" Enum: "UNSPECIFIED_PHASE" "AUTHN" "AUTHZ" "STATS" UNSPECIFIED_PHASE: Control plane decides where to insert the plugin. This will generally be at the end of the filter chain, right before the Router. Do not specify PluginPhase if the plugin is independent of others. AUTHN: Insert plugin before Istio authentication filters. AUTHZ: Insert plugin before Istio authorization filters and after Istio authentication filters. STATS: Insert plugin before Istio stats filters and after Istio authorization filters.
priority	integer <int32> Determines the ordering of WasmExtensions in the same phase. When multiple WasmExtensions are applied to the same workload in the same phase, they will be applied by priority, in descending order. If no priority is assigned it will use the default 0 value. In case of several extensions having the same priority in the same phase, the fqn will be used to sort them.
source	string (Source to find the code for the WASM extension)
	object (v2VmConfig) Configuration for a Wasm VM. more details can be found here.

Responses

Request samples

Payload

Content type

application/json

{"allowedIn": ["string"
],
"config": { },
"description": "string",
"displayName": "string",
"etag": "string",
"image": "string",
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"source": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"allowedIn": ["string"
],
"image": "string",
"source": "string",
"phase": "UNSPECIFIED_PHASE",
"priority": 0,
"config": { },
"imagePullPolicy": "UNSPECIFIED_POLICY",
"imagePullSecret": "string",
"vmConfig": {"env": [{"name": "string",
"valueFrom": "INLINE",
"value": "string"
}
]
}
}

Delete a WasmExtension. Note that deleting a WasmExtension will delete the extension itself, and also its assignments to IngressGateway and SecuritySetting.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Responses

Response samples

200
default

Content type

application/json

{ }

Gateway

List all gateway groups that exist in the workspace.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Responses

Response samples

200
default

Content type

application/json

{"groups": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}
]
}

Create a new gateway group in the given workspace.

Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

required	object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"group": {"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

Get the details of the given gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

update the given gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

configMode	string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group. BRIDGED: Indicates that the configurations to be added to the group will use macro APIs that automatically generate Istio APIs under the hood. DIRECT: Indicates that the configurations to be added to the group will directly use Istio APIs.
description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
required	object (`NamespaceSelector` selects a set of namespaces across one or more clusters in a tenant. Namespace selectors can be used at Workspace level to carve out a chunk of resources under a tenant into an isolated configuration domain. They can be used in a Traffic, Security, or a Gateway group to further scope the set of namespaces that will belong to a specific configuration group. Names in namespaces selector must be in the form `cluster/namespace` where: - cluster must be a cluster name or an `` to mean all clusters - namespace must be a namespace name, an `` to mean all namespaces or a prefix like `ns-*` to mean all those namespaces starting by `ns-`)

Responses

Request samples

Payload

Content type

application/json

{"configMode": "BRIDGED",
"description": "string",
"displayName": "string",
"etag": "string",
"namespaceSelector": {"names": ["string"
]
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

Delete the given gateway group. Note that deleting resources in TSB is a recursive operation. Deleting a gateway group will delete all configuration objects that exist in it.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{ }

List all Egress Gateway objects in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{"egressGateways": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": null,
"privateKey": null,
"caCertificates": null
},
"subjectAltNames": [null
]
}
},
"local": {"rules": [{"name": null,
"from": [ ],
"to": [ ]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": null
},
"to": {"fqn": null
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": null
},
"to": {"fqn": null
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
}
]
}

Create an Egress Gateway object in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

required	object (v2EgressGateway) `EgressGateway` configures a workload to act as an egress gateway in the mesh. -->
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"egressGateway": {"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
}

Get the details of the given Egress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
}

Modify the given Egress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

	Array of objects (EgressAuthorization is used to dictate which service accounts can access a set of external hosts) The description of which service accounts can access which hosts. If the list of authorization rules is empty, this egress gateway will deny all traffic.
description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this EgressGateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions.
required	object (v2WorkloadSelector) `WorkloadSelector` selects one or more workloads in a namespace. `WorkloadSelector` can be used in TrafficSetting, SecuritySetting, and Gateway APIs in `BRIDGED` mode to scope the configuration to a specific set of workloads.

Responses

Request samples

Payload

Content type

application/json

{"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"description": "string",
"displayName": "string",
"etag": "string",
"extension": [{"fqn": "string",
"config": { }
}
],
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"authorization": [{"from": {"mode": "UNSET",
"serviceAccounts": ["string"
],
"http": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rules": {"allow": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
],
"denyAll": true,
"deny": [{"from": {"fqn": "string"
},
"to": {"fqn": "string"
}
}
]
}
},
"to": ["string"
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
]
}

Delete the given Egress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Responses

Response samples

200
default

Content type

application/json

{ }

List all Ingress Gateway objects in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{"ingressGateways": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": null,
"headers": { }
}
],
"modify": {"rewrite": {"uri": null,
"authority": null
},
"headers": {"request": null,
"response": null
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [null
],
"limit": {"requestsPerUnit": null,
"unit": null
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [null
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}
]
}

Create an Ingress Gateway object in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

required	object (v2IngressGateway) `IngressGateway` configures a workload to act as an ingress gateway into the mesh.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"ingressGateway": {"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": null,
"prefix": null,
"regex": null
},
"headers": {"property1": null,
"property2": null
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": { },
"add": { },
"remove": [ ]
},
"response": {"set": { },
"add": { },
"remove": [ ]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": null,
"header": null
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": null,
"destinationCluster": null,
"remoteAddress": null,
"requestHeaders": null,
"headerValueMatch": null
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}

Get the details of the given Ingress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}

Modify the given Ingress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Request Body schema: application/json
required

description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this IngressGateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions.
	Array of objects (v2HttpServer) One or more HTTP or HTTPS servers exposed by the gateway. The server exposes configuration for TLS termination, request authentication/authorization, HTTP routing, etc.
	Array of objects (One or more non-HTTP and non-passthrough servers which use TCP based protocols. This server also exposes configuration for terminating TLS)
	Array of objects (v2TLSPassthroughServer) One or more TLS servers exposed by the gateway. The server does not terminate TLS and exposes config for SNI based routing.
	object (WAFSettings configure WAF based on seclang See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives)
required	object (v2WorkloadSelector) `WorkloadSelector` selects one or more workloads in a namespace. `WorkloadSelector` can be used in TrafficSetting, SecuritySetting, and Gateway APIs in `BRIDGED` mode to scope the configuration to a specific set of workloads.

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"displayName": "string",
"etag": "string",
"extension": [{"fqn": "string",
"config": { }
}
],
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"waf": {"rules": ["string"
]
},
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"http": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"xxxOldAuthentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"xxxOldAuthorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
]
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"routing": {"corsPolicy": {"allowOrigin": ["string"
],
"allowMethods": ["string"
],
"allowHeaders": ["string"
],
"exposeHeaders": ["string"
],
"maxAge": "string",
"allowCredentials": true
},
"rules": [{"match": [{"uri": {"exact": "string",
"prefix": "string",
"regex": "string"
},
"headers": {"property1": {"exact": null,
"prefix": null,
"regex": null
},
"property2": {"exact": null,
"prefix": null,
"regex": null
}
}
}
],
"modify": {"rewrite": {"uri": "string",
"authority": "string"
},
"headers": {"request": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
},
"response": {"set": {"property1": null,
"property2": null
},
"add": {"property1": null,
"property2": null
},
"remove": [null
]
}
}
},
"route": {"host": "string",
"port": 0
},
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
}
}
]
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"tlsPassthrough": [{"name": "string",
"port": 0,
"hostname": "string",
"route": {"host": "string",
"port": 0
}
}
],
"tcp": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"route": {"host": "string",
"port": 0
}
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}

Delete the given Ingress Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Responses

Response samples

200
default

Content type

application/json

{ }

List all Tier1 Gateway objects that have been created in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{"tier1Gateways": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"externalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [null
],
"limit": {"requestsPerUnit": null,
"unit": null
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [null
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"internalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [null
],
"to": [null
]
}
]
}
}
}
],
"passthroughServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"tcpExternalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
}
}
],
"tcpInternalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}
]
}

Create a Tier1 Gateway object in the gateway group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

name required	string The short name for the resource to be created.
required	object (v2Tier1Gateway) `Tier1Gateway` configures a workload to act as a tier1 gateway into the mesh.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"tier1Gateway": {"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"externalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": null,
"header": null
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": null,
"destinationCluster": null,
"remoteAddress": null,
"requestHeaders": null,
"headerValueMatch": null
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"internalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": null
}
],
"to": [{"paths": [ ],
"methods": [ ]
}
]
}
]
}
}
}
],
"passthroughServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"tcpExternalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
}
}
],
"tcpInternalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"externalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"internalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
}
}
],
"passthroughServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"tcpExternalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
}
}
],
"tcpInternalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}

get the details of the given Tier1 Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"externalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"internalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
}
}
],
"passthroughServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"tcpExternalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
}
}
],
"tcpInternalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}

Gateway_UpdateTier1Gateway

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Request Body schema: application/json
required

description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this Tier1Gateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions.
	Array of objects (v2Tier1ExternalServer) One or more servers exposed by the gateway externally.
	Array of objects (v2Tier1InternalServer) One or more servers exposed by the gateway internally for cross cluster forwarding.
	Array of objects (v2Tier1PassthroughServer) One or more tls passthrough servers exposed by the gateway externally.
	Array of objects (v2Tier1TCPExternalServer) One or more tcp servers exposed by the gateway externally.
	Array of objects (v2Tier1TCPInternalServer) One or more tcp servers exposed by the gateway for mesh internal traffic.
	object (WAFSettings configure WAF based on seclang See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives)
required	object (v2WorkloadSelector) `WorkloadSelector` selects one or more workloads in a namespace. `WorkloadSelector` can be used in TrafficSetting, SecuritySetting, and Gateway APIs in `BRIDGED` mode to scope the configuration to a specific set of workloads.

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"displayName": "string",
"etag": "string",
"extension": [{"fqn": "string",
"config": { }
}
],
"externalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"internalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
}
}
],
"passthroughServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"tcpExternalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
}
}
],
"tcpInternalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"waf": {"rules": ["string"
]
},
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"workloadSelector": {"namespace": "string",
"labels": {"property1": "string",
"property2": "string"
}
},
"externalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
},
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"redirect": {"uri": "string",
"authority": "string",
"redirectCode": 0,
"port": 0,
"scheme": "string"
},
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
},
"rateLimiting": {"settings": {"rules": [{"dimensions": [{"remoteAddress": {"value": null
},
"header": {"name": null,
"value": null,
"dontMatch": null
}
}
],
"limit": {"requestsPerUnit": 0,
"unit": "UNKNOWN"
}
}
],
"failClosed": true,
"timeout": "string"
},
"externalService": {"domain": "string",
"failClosed": true,
"rateLimitServerUri": "string",
"rules": [{"dimensions": [{"sourceCluster": { },
"destinationCluster": { },
"remoteAddress": { },
"requestHeaders": {"headerName": null,
"descriptorKey": null
},
"headerValueMatch": {"headers": { },
"descriptorValue": null,
"dontMatch": null
}
}
]
}
],
"timeout": "string",
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
}
}
}
],
"internalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"authentication": {"jwt": {"issuer": "string",
"audiences": ["string"
],
"jwksUri": "string",
"jwks": "string"
}
},
"authorization": {"external": {"uri": "string",
"includeRequestHeaders": ["string"
],
"tls": {"mode": "DISABLED",
"files": {"clientCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
},
"subjectAltNames": ["string"
]
}
},
"local": {"rules": [{"name": "string",
"from": [{"jwt": {"iss": null,
"sub": null,
"other": { }
}
}
],
"to": [{"paths": [null
],
"methods": [null
]
}
]
}
]
}
}
}
],
"passthroughServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"tcpExternalServers": [{"name": "string",
"port": 0,
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
],
"tls": {"mode": "DISABLED",
"secretName": "string",
"files": {"serverCertificate": "string",
"privateKey": "string",
"caCertificates": "string"
}
}
}
],
"tcpInternalServers": [{"name": "string",
"hostname": "string",
"clusters": [{"name": "string",
"labels": {"property1": "string",
"property2": "string"
},
"network": "string",
"weight": 0
}
]
}
],
"extension": [{"fqn": "string",
"config": { }
}
],
"waf": {"rules": ["string"
]
}
}

Delete the given Tier1 Gateway object.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Responses

Response samples

200
default

Content type

application/json

{ }

IstioInternal

List all Istio internal groups in the given workspace.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Responses

Response samples

200
default

Content type

application/json

{"groups": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}
]
}

Create a new Istio internal group in the given workspace.

Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

required	object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace.
name required	string The short name for the resource to be created.

Responses

Request samples

Payload

Content type

application/json

{"group": {"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
},
"name": "string"
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

Get the details of the given Istio internal group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

Modify a Istio internal group.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Request Body schema: application/json
required

description	string (A description of the resource. $hide_from_yaml)
displayName	string (User friendly name for the resource. $hide_from_yaml)
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
required	object (`NamespaceSelector` selects a set of namespaces across one or more clusters in a tenant. Namespace selectors can be used at Workspace level to carve out a chunk of resources under a tenant into an isolated configuration domain. They can be used in a Traffic, Security, or a Gateway group to further scope the set of namespaces that will belong to a specific configuration group. Names in namespaces selector must be in the form `cluster/namespace` where: - cluster must be a cluster name or an `` to mean all clusters - namespace must be a namespace name, an `` to mean all namespaces or a prefix like `ns-*` to mean all those namespaces starting by `ns-`)

Responses

Request samples

Payload

Content type

application/json

{"description": "string",
"displayName": "string",
"etag": "string",
"namespaceSelector": {"names": ["string"
]
}
}

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"namespaceSelector": {"names": ["string"
]
},
"configMode": "BRIDGED"
}

Delete the given Istio internal group. Note that deleting resources in TSB is a recursive operation. Deleting a Istio internal group will delete all configuration objects that exist in it.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Responses

Response samples

200
default

Content type

application/json

{ }

Metrics

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
extension required	string Extension name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
extension required	string Extension name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
service required	string Service name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
service required	string Service name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
setting required	string Setting name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
team required	string Team name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
team required	string Team name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
setting required	string Setting name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
serviceroute required	string Serviceroute name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
serviceroute required	string Serviceroute name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
setting required	string Setting name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

List the telemetry metrics that are available for the requested telemetry source.

path Parameters

organization required	string Organization name.
user required	string User name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"metrics": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}

Get the details of an existing telemetry metric.

path Parameters

organization required	string Organization name.
user required	string User name.
source required	string Source name.
metric required	string Metric name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"observedResource": "string",
"measure": {"name": "string",
"unit": "string"
},
"type": {"name": "INVALID_METRIC_TYPE",
"labels": [{"key": "string",
"value": "string"
}
]
},
"origin": "INVALID_METRIC_ORIGIN",
"detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}

Sources

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
extension required	string Extension name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
service required	string Service name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
service required	string Service name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
team required	string Team name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
team required	string Team name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization

required

string

Organization name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
setting required	string Setting name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
serviceroute required	string Serviceroute name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
serviceroute required	string Serviceroute name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
setting required	string Setting name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
setting required	string Setting name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
trafficgroup required	string Trafficgroup name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.

path Parameters

organization required	string Organization name.
user required	string User name.

query Parameters

scopeTypes	Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned. SERVICE: A telemetry source service based scope. INGRESS: A telemetry source ingress's hostname based scope. RELATION: A telemetry source relation based scope.
belongTos	Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned.
existed.since	string <date-time> Moment in time since we retrieve Telemetry Sources.
existed.until	string <date-time> Moment in time until we retrieve Telemetry Sources.

Responses

Response samples

200
default

Content type

application/json

{"sources": [{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}
]
}

Get the details of an existing telemetry source.

path Parameters

organization required	string Organization name.
user required	string User name.
source required	string Source name.

Responses

Response samples

200
default

Content type

application/json

{"fqn": "string",
"displayName": "string",
"etag": "string",
"description": "string",
"belongsTo": "string",
"metricSourceKey": "string",
"type": "INVALID",
"scope": {"serviceScopes": {"scopes": [{"type": "INVALID",
"scope": {"instance": "string",
"subset": "string",
"service": "string",
"namespace": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"ingressScopes": {"scopes": [{"type": "INVALID",
"scope": {"hostname": "string",
"ingressService": "string",
"cluster": "string"
},
"deployment": "string"
}
]
},
"relationScopes": {"scopes": [{"type": "INVALID",
"scope": {"serviceRelation": {"source": "string",
"target": "string"
}
}
}
]
}
}
}

Approvals

GetPolicy returns the approval policy for the given resource.

path Parameters

organization

required

string

Organization name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization

required

string

Organization name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization

required

string

Organization name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_1

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
cluster required	string Cluster name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_2

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
extension required	string Extension name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_5

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
serviceaccount required	string Serviceaccount name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
service required	string Service name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
service required	string Service name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
service required	string Service name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
service required	string Service name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
service required	string Service name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_3

path Parameters

organization required	string Organization name.
service required	string Service name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
service required	string Service name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
service required	string Service name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
service required	string Service name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_4

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
setting required	string Setting name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
team required	string Team name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
team required	string Team name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
team required	string Team name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
team required	string Team name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
team required	string Team name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_6

path Parameters

organization required	string Organization name.
team required	string Team name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
team required	string Team name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
team required	string Team name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
team required	string Team name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_10

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.
api required	string Api name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_9

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
application required	string Application name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_8

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_11

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
setting required	string Setting name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_12

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_13

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_15

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
egressgateway required	string Egressgateway name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_14

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
ingressgateway required	string Ingressgateway name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_16

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
gatewaygroup required	string Gatewaygroup name.
tier1gateway required	string Tier1gateway name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_17

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_18

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
istiointernalgroup required	string Istiointernalgroup name.
setting required	string Setting name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_19

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

GetPolicy returns the approval policy for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

Responses

Response samples

200
default

Content type

application/json

{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}

SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

Request Body schema: application/json
required

	Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource.
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)
	object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to.
mode required	string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL" UNRESTRICTED: Allows all subjects in the same policy class to access the resource. ALLOW_REQUESTED: Allows only the subjects in the request and approved list to access the resource. REQUIRE_APPROVAL: Allows only the subjects in the approved list to access the resource.
	Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource.

Responses

Request samples

Payload

Content type

application/json

{"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"etag": "string",
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
},
"mode": "UNRESTRICTED",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

Response samples

200
default

Content type

application/json

{ }

DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

Responses

Response samples

200
default

Content type

application/json

{ }

AddApprovedAccess adds a new entry in the approved access list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

DeleteApprovedAccess deletes an entry from the approved list for the given resource.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

Request Body schema: application/json
required

subject

required

string

Subject for which the access request is made.

Responses

Request samples

Payload

Content type

application/json

{"subject": "string"
}

Response samples

200
default

Content type

application/json

{ }

Approvals_QueryPolicies_variant_20

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

Request Body schema: application/json
required

includeDetails	boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response.
includePermissions	boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response.
types required	Array of strings Type is the type of the resources to query for policies.

Responses

Request samples

Payload

Content type

application/json

{"includeDetails": true,
"includePermissions": true,
"types": ["string"
]
}

Response samples

200
default

Content type

application/json

{"policies": [{"etag": "string",
"mode": "UNRESTRICTED",
"resource": "string",
"requested": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"approved": [{"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": null,
"kinds": [ ]
}
],
"permissions": ["INVALID"
]
}
]
}
}
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
}
]
}

AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

Request Body schema: application/json
required

required	object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} }
etag	string (The etag for the resource. This field is automatically computed and must be sent on every update to the resource to prevent concurrent modifications. $hide_from_yaml)

Responses

Request samples

Payload

Content type

application/json

{"access": {"subject": "string",
"permissions": ["string"
],
"metadata": {"details": {"name": "string",
"description": "string"
},
"rules": [{"types": [{"apiGroup": "string",
"kinds": ["string"
]
}
],
"permissions": ["INVALID"
]
}
]
}
},
"etag": "string"
}

Response samples

200
default

Content type

application/json

{ }

ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.

path Parameters

organization required	string Organization name.
tenant required	string Tenant name.
workspace required	string Workspace name.
securitygroup required	string Securitygroup name.
setting required	string Setting name.

Request Body schema: application/json
required

required

object (v2Access)

Access is an access request for a subject with a set of permission.

Example: Access { Sub

Tetrate Service Bridge API (1.6.x)

OAuth

OIDC

Callback endpoint for OAuth2 Authorization Code grant flows as part of the OIDC spec.

query Parameters

Responses

Response samples

Login endpoint to start an OIDC Authentication flow.

query Parameters

Responses

Response samples

Applications

List all existing applications for the given tenant.

path Parameters

Responses

Response samples

Creates a new Application in TSB.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get the details of an existing application.

path Parameters

Responses

Response samples

Modify an existing application.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Delete an existing Application. Note that deleting resources in TSB is a recursive operation. Deleting a application will delete all API objects that exist in it.

path Parameters

Responses

Response samples

List all APIs attached to the given application.

path Parameters

Responses

Response samples

Attach a new API to the given application.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get the details of an API.

path Parameters

Responses

Response samples

Delete an existing API.

path Parameters

Responses

Response samples

WasmExtensions

List the WASM extensions that are defined for the Organization.

path Parameters

Responses

Response samples

Creates a new WasmExtension object in TSB. This is needed to let the extensions run. Once a WasmExtension has been created, it can be assigned to IngressGateway and SecuritySetting. This method returns the created extension.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get a WASM extension

path Parameters

Responses

Response samples

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Delete a WasmExtension. Note that deleting a WasmExtension will delete the extension itself, and also its assignments to IngressGateway and SecuritySetting.

path Parameters

Responses

Response samples

Gateway

List all gateway groups that exist in the workspace.

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required