Download OpenAPI specification:Download
Tetrate Service Bridge API.
code | string OAuth2 Authorization Code. When present this indicates the user authorized the request. TSB will use this code to acquire a token from the OIDC token endpoint and complete the login flow. |
error | string OAuth2 Error Code. When present this indicates that either the authorization request has an error, the OIDC provider encountered an error or the user failed to log in. When set TSB will display information to the user indicating what went wrong. Standard error codes can be found found here. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#AuthError |
state required | string The state parameter sent to the OIDC provider on the authorization request. |
errorDescription | string Optional error description sent by the OIDC provider when an error occurs. |
errorUri | string Optional error URI of a web page that includes additional information about the error. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "applications": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
required | object (v2Application) An Application represents a set of logical groupings of services that are related to each other and expose a set of APIs that implement a complete set of business logic. |
name required | string The short name for the resource to be created. |
{- "application": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
]
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
gatewayGroup | string Optional FQN of the Gateway Group to be used by the application.
If configured, this gateway group will be used by the application. If
no namespaces are configured and no existing gateway group is set, a new gateway group claiming all
namespaces in the workspace ( |
object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) | |
services | Array of strings Optional list of services that are part of the application. This is a list of FQNs of services in the service registry. If omitted, the application is assumed to own all the services in the workspace. Note that a service can only be part of one application. If any of the services in the list is already in use by an existing application, application creation/modification will fail. If the list of services is not explicitly set and any service in the workspace is already in use by by another application, application creation/modification will fail. |
workspace required | string FQN of the workspace this application is part of. The application will configure IngressGateways for the attached APIs in the different namespaces exposed by this workspace. |
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "gatewayGroup": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "services": [
- "string"
], - "workspace": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
{- "apis": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": null,
- "headers": { }
}
], - "modify": {
- "rewrite": {
- "uri": null,
- "authority": null
}, - "headers": {
- "request": null,
- "response": null
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string"
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
required | object (v2API) An API configuring a set of servers and endpoints that expose the Application business logic. |
name required | string The short name for the resource to be created. |
{- "api": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string"
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string"
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
organization required | string Organization name. |
{- "extensions": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
]
}
organization required | string Organization name. |
name required | string The short name for the resource to be created. |
required | object (v2WasmExtension) |
{- "name": "string",
- "wasmExtension": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
organization required | string Organization name. |
extension required | string Extension name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
organization required | string Organization name. |
extension required | string Extension name. |
allowedIn | Array of strings List of fqns where this extension is allowed to run. If it is empty, the extension can be used across the entire organization. Currently only Tenant resources are considered. |
config | object Configuration parameters sent to the WASM plugin execution The configuration can be overwritten when instantiating the extensions in IngressGateways or Security groups. The config is serialized using proto3 JSON marshaling and passed to proxy_on_configure when the host environment starts the plugin. |
description | string (A description of the extension.
$hide_from_yaml) |
displayName | string (User friendly name for the extension.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
image required | string Repository and tag of the OCI image containing the WASM extension. |
imagePullPolicy | string (WasmExtensionPullPolicy) Default: "UNSPECIFIED_POLICY" Enum: "UNSPECIFIED_POLICY" "IfNotPresent" "Always" The pull behaviour to be applied when fetching a WASM module, mirroring K8s behaviour.
|
imagePullSecret | string Credentials to use for OCI image pulling.
Name of a K8s Secret in the same namespace as the |
phase | string (Plugin phases following Istio definition: https://istio.io/latest/docs/reference/config/proxy_extensions/wasm-plugin/#PluginPhase) Default: "UNSPECIFIED_PHASE" Enum: "UNSPECIFIED_PHASE" "AUTHN" "AUTHZ" "STATS"
|
priority | integer <int32> Determines the ordering of WasmExtensions in the same phase. When multiple WasmExtensions are applied to the same workload in the same phase, they will be applied by priority, in descending order. If no priority is assigned it will use the default 0 value. In case of several extensions having the same priority in the same phase, the fqn will be used to sort them. |
source | string (Source to find the code for the WASM extension) |
object (v2VmConfig) Configuration for a Wasm VM. more details can be found here. |
{- "allowedIn": [
- "string"
], - "config": { },
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "image": "string",
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "source": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
organization required | string Organization name. |
extension required | string Extension name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
]
}
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
required | object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
configMode | string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group.
|
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
{- "configMode": "BRIDGED",
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{- "egressGateways": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "subjectAltNames": [
- null
]
}
}, - "local": {
- "rules": [
- {
- "name": null,
- "from": [ ],
- "to": [ ]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
]
}
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
required | object (v2EgressGateway)
--> |
name required | string The short name for the resource to be created. |
{- "egressGateway": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Array of objects (EgressAuthorization is used to dictate which service accounts can access a set of external hosts) The description of which service accounts can access which hosts. If the list of authorization rules is empty, this egress gateway will deny all traffic. | |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this EgressGateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions. | |
required | object (v2WorkloadSelector)
|
{- "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "to": [
- "string"
]
}
], - "description": "string",
- "displayName": "string",
- "etag": "string",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{- "ingressGateways": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": null,
- "headers": { }
}
], - "modify": {
- "rewrite": {
- "uri": null,
- "authority": null
}, - "headers": {
- "request": null,
- "response": null
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
required | object (v2IngressGateway)
|
name required | string The short name for the resource to be created. |
{- "ingressGateway": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "headers": {
- "property1": null,
- "property2": null
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": { },
- "add": { },
- "remove": [ ]
}, - "response": {
- "set": { },
- "add": { },
- "remove": [ ]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this IngressGateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions. | |
Array of objects (v2HttpServer) One or more HTTP or HTTPS servers exposed by the gateway. The server exposes configuration for TLS termination, request authentication/authorization, HTTP routing, etc. | |
Array of objects (One or more non-HTTP and non-passthrough servers which use TCP
based protocols. This server also exposes configuration for terminating TLS) | |
Array of objects (v2TLSPassthroughServer) One or more TLS servers exposed by the gateway. The server does not terminate TLS and exposes config for SNI based routing. | |
object (WAFSettings configure WAF based on seclang
See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives) | |
required | object (v2WorkloadSelector)
|
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "waf": {
- "rules": [
- "string"
]
}, - "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{- "tier1Gateways": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
name required | string The short name for the resource to be created. |
required | object (v2Tier1Gateway)
|
{- "name": "string",
- "tier1Gateway": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this Tier1Gateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions. | |
Array of objects (v2Tier1ExternalServer) One or more servers exposed by the gateway externally. | |
Array of objects (v2Tier1InternalServer) One or more servers exposed by the gateway internally for cross cluster forwarding. | |
Array of objects (v2Tier1PassthroughServer) One or more tls passthrough servers exposed by the gateway externally. | |
Array of objects (v2Tier1TCPExternalServer) One or more tcp servers exposed by the gateway externally. | |
Array of objects (v2Tier1TCPInternalServer) One or more tcp servers exposed by the gateway for mesh internal traffic. | |
object (WAFSettings configure WAF based on seclang
See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives) | |
required | object (v2WorkloadSelector)
|
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "waf": {
- "rules": [
- "string"
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
]
}
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
required | object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
cluster required | string Cluster name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
extension required | string Extension name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
extension required | string Extension name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
service required | string Service name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
service required | string Service name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
setting required | string Setting name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
team required | string Team name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
team required | string Team name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
user required | string User name. |
source required | string Source name. |
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
organization required | string Organization name. |
user required | string User name. |
source required | string Source name. |
metric required | string Metric name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
organization required | string Organization name. |
cluster required | string Cluster name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
cluster required | string Cluster name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
extension required | string Extension name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
extension required | string Extension name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
service required | string Service name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
service required | string Service name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
setting required | string Setting name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
setting required | string Setting name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
team required | string Team name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
team required | string Team name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
user required | string User name. |
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
organization required | string Organization name. |
user required | string User name. |
source required | string Source name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
organization required | string Organization name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
{ }
organization required | string Organization name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
cluster required | string Cluster name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
cluster required | string Cluster name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
extension required | string Extension name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
extension required | string Extension name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
extension required | string Extension name. |
{ }
organization required | string Organization name. |
extension required | string Extension name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
extension required | string Extension name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
extension required | string Extension name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
extension required | string Extension name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
extension required | string Extension name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
extension required | string Extension name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
{ }
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
service required | string Service name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
service required | string Service name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
service required | string Service name. |
{ }
organization required | string Organization name. |
service required | string Service name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
service required | string Service name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
service required | string Service name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
service required | string Service name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
service required | string Service name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
service required | string Service name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
setting required | string Setting name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
setting required | string Setting name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
setting required | string Setting name. |
{ }
organization required | string Organization name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
setting required | string Setting name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
team required | string Team name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
team required | string Team name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
team required | string Team name. |
{ }
organization required | string Organization name. |
team required | string Team name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
team required | string Team name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
team required | string Team name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
team required | string Team name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
team required | string Team name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
team required | string Team name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
user required | string User name. |
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
organization required | string Organization name. |
user required | string User name. |
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
{ }
organization required | string Organization name. |
user required | string User name. |
{ }
organization required | string Organization name. |
user required | string User name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
user required | string User name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
user required | string User name. |
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
organization required | string Organization name. |
user required | string User name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
user required | string User name. |
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
{ }
organization required | string Organization name. |
user required | string User name. |
subject required | string Subject for which the access request is made. |
{- "subject": "string"
}
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
extension required | string Extension name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
service required | string Service name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
setting required | string Setting name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
team required | string Team name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
organization required | string Organization name. |
user required | string User name. |
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
Request to query permissions on multiple records.
Example: QueryResourcePermissionsRequest { Queries: []Query{ Query{ QueryID: "1234", Kind: Query_Fqn{ Fqn: "tetrate/tenants/default/workspaces/example" } } } }
Array of objects (Query format of the resource lookup for the permission check) One or more resources to query permissions on, limited to 100 per request. | |||||
Array
|
{- "queries": [
- {
- "queryId": "string",
- "fqn": "string"
}
]
}
{- "results": [
- {
- "request": {
- "queryId": "string",
- "fqn": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
]
}
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
A policy defines the set of subjects that can access a resource and under which conditions that access is granted.
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
description | string (A description of the resource.
$hide_from_yaml) |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. |
{- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
{ }
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
A policy defines the set of subjects that can access a resource and under which conditions that access is granted.
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
description | string (A description of the resource.
$hide_from_yaml) |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. |
{- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
cluster required | string Cluster name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
extension required | string Extension name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
extension required | string Extension name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
service required | string Service name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
service required | string Service name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
setting required | string Setting name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
setting required | string Setting name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
team required | string Team name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
team required | string Team name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
organization required | string Organization name. |
user required | string User name. |
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
organization required | string Organization name. |
user required | string User name. |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
{ }
Request to create a Role.
name required | string The short name for the resource to be created. |
required | object (v2Role)
|
{- "name": "string",
- "role": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
rba required | string Rba name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (A rule defines the set of api groups) A set of rules that define the permissions associated with each API group. |
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
Request for all the services in the registry that are part of the given selector.
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
parent required | string (The FQN of the parent object where services will be looked up) |
{- "selector": {
- "names": [
- "string"
]
}, - "parent": "string"
}
{- "services": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
]
}
organization required | string Organization name. |
service required | string Service name. |
{- "trafficGroups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
], - "securityGroups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "securityDomain": "string"
}
], - "gatewayGroups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
], - "istioInternalGroups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}
}
]
}
organization required | string Organization name. |
{- "services": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
]
}
organization required | string Organization name. |
canonicalName | string optional canonical name that identify this service. |
cluster required | string Name of the cluster where the service belongs to. This will be used to load the deduplication settings that have been configured for the cluster where the service belongs. |
externalAddresses | Array of strings For kubernetes services of type load balancer, this field contains the list of lb hostnames or IPs assigned to the service. |
hostnames | Array of strings The hostnames by which this service is accessed. Can correspond to the hostname of an internal service or that ones of a virtual host on a gateway. |
namespace required | string Namespace associated with the service. It will be used in deduplication logic. |
Array of objects (v2Port) The set of ports on which this service is exposed. | |
serviceType required | string (v2ServiceType) Default: "INVALID_TYPE" Enum: "INVALID_TYPE" "INTERNAL" "LOADBALANCER" "MESH_EXTERNAL" ServiceType denotes the exposition of a service in the mesh.
|
shortName required | string Short name for the service, used to uniquely identify it within the organization. |
source required | string Source of the service: Kubernetes, Istio, Consul, etc. |
spiffeIds | Array of strings List of SPIFFE identities used by the workloads of the service. |
state required | string (v2State) Default: "INVALID_STATE" Enum: "INVALID_STATE" "EXTERNAL" "OBSERVED" "CONTROLLED" State denotes how deep is the knowledge of a service by the mesh. Meaning that if a service can be controlled, observed or none of these.
|
subsets | Array of strings Subset denotes a specific version of a service. By default the 'version' label is used to designate subsets of a workload. Known subsets for the service. |
{- "canonicalName": "string",
- "cluster": "string",
- "externalAddresses": [
- "string"
], - "hostnames": [
- "string"
], - "namespace": "string",
- "ports": [
- {
- "number": 0,
- "name": "string"
}
], - "serviceType": "INVALID_TYPE",
- "shortName": "string",
- "source": "string",
- "spiffeIds": [
- "string"
], - "state": "INVALID_STATE",
- "subsets": [
- "string"
]
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
organization required | string Organization name. |
cluster required | string Name of the cluster of the service. |
namespace required | string Namespace of the service. |
shortName required | string (Name attribute of the service) |
{- "cluster": "string",
- "namespace": "string",
- "shortName": "string"
}
{ }
organization required | string Organization name. |
service required | string Service name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
]
}
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
required | object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
configMode | string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group.
|
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
securityDomain | string Security domains can be used to group different resources under the same security domain.
Although security domain is not resource itself currently, it follows a fqn format
|
{- "configMode": "BRIDGED",
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "securityDomain": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- null
], - "tls": {
- "mode": null,
- "files": null,
- "subjectAltNames": [ ]
}
}, - "local": {
- "rules": [
- null
]
}
}, - "rules": {
- "allow": [
- {
- "from": null,
- "to": null
}
], - "denyAll": true,
- "deny": [
- {
- "from": null,
- "to": null
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
name required | string The short name for the resource to be created. |
required | object (v2ServiceSecuritySetting) A service security setting applies configuration to a service in a security group. Missing fields will inherit values from the workspace-wide setting if any. |
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "subjectAltNames": [
- null
]
}
}, - "local": {
- "rules": [
- {
- "name": null,
- "from": [ ],
- "to": [ ]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
}
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
servicesetting required | string Servicesetting name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
servicesetting required | string Servicesetting name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
service required | string The service on which the configuration is being applied. Must be in namespace/FQDN format. |
object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. | |
Array of objects (ServiceSecuritySettingSubset) Subset specific settings that will replace the service wide settings for the specified service subsets. |
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "service": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
}
]
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
servicesetting required | string Servicesetting name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
name required | string The short name for the resource to be created. |
required | object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. |
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": "string",
- "sub": "string",
- "other": {
- "property1": null,
- "property2": null
}
}
}
], - "to": [
- {
- "paths": [
- "string"
], - "methods": [
- "string"
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": "string",
- "sub": "string",
- "other": {
- "property1": null,
- "property2": null
}
}
}
], - "to": [
- {
- "paths": [
- "string"
], - "methods": [
- "string"
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
authentication | string (SecuritySettingAuthenticationMode) Default: "UNSET" Enum: "UNSET" "OPTIONAL" "REQUIRED" AuthenticationMode indicates whether to accept only Istio mutual TLS authenticated traffic or allow legacy plaintext traffic as well.
|
object (v2AuthenticationSettings) AuthenticationSettings represents configuration related to authenticating traffic within the mesh and end-user credentials if present. It is HIGHLY RECOMMENDED to enable mutual TLS when end-user credentials are present. Sending credentials like JWT over plaintext is a security risk. | |
object (v2AuthorizationSettings)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this SecuritySettings with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enabling and priority that will condition the execution of the assigned extensions. | |
propagationStrategy | string (v2PropagationStrategy) Default: "REPLACE" Enum: "REPLACE" "STRICTER" The PropagationStrategy is the key differentiating factor to decide how a security policy should be propagated and applied at runtime across clusters. The default propagation strategy is REPLACE, in which a lower level SecuritySetting in the configuration hierarchy replaces a higher level SecuritySetting. The STRICTER PropagationStrategy on the other hand makes sure the default SecuritySettings configured at the parent level are always enforced and propagated down the hierarchy unless additional SecuritySettings are defined and restricted further in the configuration hierarchy.
When a resource or property of it affected by the propagation strategy is propagated down the hierarchy, regardless
of the defined strategy ( For example, the following policy configures optional mTLS for traffic within the workspace, but
it allows SecuritySettings to modify it. The example shows a workspace that configures
service-to-service access so that only services in the same workspace can talk to each other.
The
Further details of how security settings are resolved between in
|
object (WAFSettings configure WAF based on seclang
See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives) |
{- "authentication": "UNSET",
- "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": "string",
- "sub": "string",
- "other": {
- "property1": null,
- "property2": null
}
}
}
], - "to": [
- {
- "paths": [
- "string"
], - "methods": [
- "string"
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
], - "propagationStrategy": "REPLACE",
- "waf": {
- "rules": [
- "string"
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": "string",
- "sub": "string",
- "other": {
- "property1": null,
- "property2": null
}
}
}
], - "to": [
- {
- "paths": [
- "string"
], - "methods": [
- "string"
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
]
}
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
required | object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
configMode | string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group.
|
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
{- "configMode": "BRIDGED",
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{- "serviceRoutes": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
name required | string The short name for the resource to be created. |
required | object (v2ServiceRoute) A service route controls routing configurations for traffic to a service in a traffic group. |
{- "name": "string",
- "serviceRoute": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2HTTPRoute) HTTPRoutes are used when HTTP traffic needs to be matched on uri, headers and port and destination routes need to be set using subset-weight combinations specified within the route. Note: If a route is specified, then the global subset-weight combinations (specified under subsets) will be ignored for the matched port, as subsets within route will take effect. | |
Array of objects (In order to support multi-protocol routing, a list of all port/protocol combinations is needed.
These port settings are applied to all the subsets) | |
service required | string The service on which the configuration is being applied. Must be in namespace/FQDN format. |
object (ServiceRouteStickySession) If set, all requests from a client will be forward to the same backend. | |
required | Array of objects (ServiceRouteSubset) The set of versions of a service and the percentage of traffic to send to each version. |
Array of objects (v2TCPRoute) TCPRoutes match TCP traffic based on port number. The subset-weight configuration and priority have the same behaviour as HTTPRoutes. |
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "service": "string",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
]
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
name required | string The short name for the resource to be created. |
required | object (v2TrafficSetting) A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. When applied to a traffic group, missing fields will inherit values from the workspace-wide setting if any. |
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
object (TrafficSettingEgressGateway) EgressGateway specifies the gateway where traffic external to the mesh will be redirected. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2RateLimiting) Configuration for ratelimiting HTTP/gRPC requests can be rate limited based on a variety of attributes in the request such as headers (including cookies), URL path/prefixes, client remote address etc. | |
object (v2ReachabilitySettings)
| |
object (v2ResilienceSettings) ResilienceSettings control the reliability knobs in Envoy when making outbound connections from a gateway or proxy workload. |
{- "description": "string",
- "displayName": "string",
- "egress": {
- "host": "string",
- "port": 0
}, - "etag": "string",
- "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}, - "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
{ }
organization required | string Organization name. |
fetchWorkloads | boolean Flag to fetch the workload information for all the clusters as well. Note that by default workload information is not returned as it may be expensive to retrieve. |
{- "clusters": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "namespaces": [
- {
- "name": "string",
- "services": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- null
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- null
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
]
}
], - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string"
}
}
]
}
organization required | string Organization name. |
required | object (v2Cluster) A Kubernetes cluster managing both pods and VMs. |
name required | string The short name for the resource to be created. |
{- "cluster": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string"
}
}, - "name": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "namespaces": [
- {
- "name": "string",
- "services": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
]
}
], - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string"
}
}
organization required | string Organization name. |
cluster required | string Cluster name. |
fetchWorkloads | boolean Flag to fetch the workload information as well. Note that by default workload information is not returned as it may be expensive to retrieve. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "namespaces": [
- {
- "name": "string",
- "services": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
]
}
], - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string"
}
}
organization required | string Organization name. |
cluster required | string Cluster name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be
sent on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (FIXME: this is super clunky to copy each and every metadata field into
objects used for multicluster. $hide_from_yaml) | |
object (ClusterLocality) The region the cluster resides. Used for failover based routing when configured in the workspace or global settings. | |
object (v2NamespaceScoping) Configure the default scoping of namespaces in this cluster. | |
network | string The network (e.g., VPC) where this cluster is present. All clusters within the same network will be assumed to be reachable for the purposes of multi-cluster routing. In addition, networks marked as reachable from one another in SystemSettings will also be used for multi-cluster routing. |
object (State represents the cluster info learned from the onboarded cluster) | |
tier1Cluster | boolean Indicates whether this cluster is hosting a tier1 gateway or not. Tier1 clusters cannot host other gateways or workloads. Defaults to false if not specified. |
tokenTtl | string Lifetime of the tokens. Defaults to 1hr. |
trustDomain | string Trust domain for this cluster, used for multi-cluster routing. It must be unique for every cluster and should match the one configured in the local control plane. This value is optional, and will be updated by the local control plane agents. However, it is recommended to set it, if known, so that multi-cluster routing works without having to wait for the local control planes to update it. |
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "network": "string",
- "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string"
}, - "tier1Cluster": true,
- "tokenTtl": "string",
- "trustDomain": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "namespaces": [
- {
- "name": "string",
- "services": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
]
}
], - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string"
}
}
organization required | string Organization name. |
cluster required | string Cluster name. |
{ }
organization required | string Organization name. |
cluster required | string Cluster name. |
{- "tokens": {
- "property1": "string",
- "property2": "string"
}
}
name required | string The short name for the resource to be created. |
required | object (v2Organization)
|
{- "name": "string",
- "organization": {
- "displayName": "string",
- "etag": "string",
- "description": "string"
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string"
}
organization required | string Organization name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "description": "string",
- "displayName": "string",
- "etag": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string"
}
organization required | string Organization name. |
{ }
organization required | string Organization name. |
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
]
}
organization required | string Organization name. |
name required | string The short name for the resource to be created. |
required | object (v2OrganizationSetting) Settings that apply globally to the entire organization. |
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
organization required | string Organization name. |
setting required | string Setting name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
organization required | string Organization name. |
setting required | string Setting name. |
object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. | |
object (v2TrafficSetting) A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. When applied to a traffic group, missing fields will inherit values from the workspace-wide setting if any. | |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (OrganizationSettingNetworkSettings) Network related settings for clusters. | |
Array of objects (v2RegionalFailover) Default locality routing settings for all gateways. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect. |
{- "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
This method will update the state of users and groups in the organization and will create, modify, and delete groups according to the incoming request. Sync requests are assumed to be a full-sync and to contain all existing users and groups. Existing TSB users and groups that are not contained in a sync request will be deleted from the platform, as it will assume they have been removed from the Identity Provider.
organization required | string Organization name. |
sourceType | string (v2SourceType) Default: "INVALID" Enum: "INVALID" "LDAP" "LOCAL" "AZURE" "MANUAL"
|
Array of objects (SyncOrganizationRequestSyncTeam) | |
Array of objects (SyncOrganizationRequestSyncUser) |
{- "sourceType": "INVALID",
- "teams": [
- {
- "id": "string",
- "description": "string",
- "memberUserIds": [
- "string"
], - "memberGroupIds": [
- "string"
], - "displayName": "string"
}
], - "users": [
- {
- "id": "string",
- "description": "string",
- "email": "string",
- "loginName": "string",
- "displayName": "string"
}
]
}
{- "failedUsers": {
- "removal": [
- "string"
], - "addition": [
- "string"
], - "update": [
- "string"
]
}, - "failedTeams": {
- "removal": [
- "string"
], - "addition": [
- "string"
], - "update": [
- "string"
]
}
}
organization required | string Organization name. |
cluster required | string Cluster name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
extension required | string Extension name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
service required | string Service name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
setting required | string Setting name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
team required | string Team name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
user required | string User name. |
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
organization required | string Organization name. |
keyEncoding | string Default: "PEM" Enum: "PEM" "JWK" The format in which the key pairs for each key will be returned. If not set keys are returned in PEM format. |
{- "serviceAccounts": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
]
}
organization required | string Organization name. |
keyEncoding | string (Format in which the keys in this keypair are encoded) Default: "PEM" Enum: "PEM" "JWK" |
name required | string The short name for the resource to be created. |
required | object (v2ServiceAccount)
|
{- "keyEncoding": "PEM",
- "name": "string",
- "serviceAccount": {
- "displayName": "string",
- "etag": "string",
- "description": "string"
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
keyEncoding | string Default: "PEM" Enum: "PEM" "JWK" The format in which the key pairs will be returned. If not set keys are returned in PEM format. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
description | string A description of the resource. |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "description": "string",
- "displayName": "string",
- "etag": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
{- "keys": [
- {
- "alg": "string",
- "kty": "string",
- "use": "string",
- "n": "string",
- "e": "string",
- "kid": "string"
}
]
}
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
keyEncoding | string (Format in which the keys in this keypair are encoded) Default: "PEM" Enum: "PEM" "JWK" |
{- "keyEncoding": "PEM"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
id required | string ID of the key-pair to delete. |
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
organization required | string Organization name. |
name required | string The short name for the resource to be created. |
required | object (v2Team)
|
{- "name": "string",
- "team": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
organization required | string Organization name. |
team required | string Team name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
organization required | string Organization name. |
team required | string Team name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
members | Array of strings List of members under the team. The elements of this list are the FQNs of the team members. Team members can be users, service accounts or other teams. |
sourceType | string (v2SourceType) Default: "INVALID" Enum: "INVALID" "LDAP" "LOCAL" "AZURE" "MANUAL"
|
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
{- "users": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
]
}
Create a local User in TSB. Local users are like sercice accounts and are mostly used for internal purposes where an authentication token can be issued by the IAM service to be used on behalf of the user.
Note that local users do not exist in the Identity Provider and the normal login process will not allow them to access TSB.
$hide_from_docs
organization required | string Organization name. |
name required | string The short name for the resource to be created. |
required | object (v2User)
|
{- "name": "string",
- "user": {
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
organization required | string Organization name. |
user required | string User name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
Modify an existin user.
This operation is expected to be used only for LOCAL users. Users are periodically synchronized from the Identity Provider, and the process may automatically set some properties of the User resource. Modifications made using the TSB APIs may be replaced by the data from the Identity Provider on every synchronization.
$hide_from_docs
organization required | string Organization name. |
user required | string User name. |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
string Email for the user where alerts and other notifications will be sent. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
firstName | string The first name of the user. |
lastName | string The last name of the user, if any. |
loginName required | string The username used in the login credentials. |
sourceType | string (v2SourceType) Default: "INVALID" Enum: "INVALID" "LDAP" "LOCAL" "AZURE" "MANUAL"
|
{- "displayName": "string",
- "email": "string",
- "etag": "string",
- "firstName": "string",
- "lastName": "string",
- "loginName": "string",
- "sourceType": "INVALID"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
Delete an existing user. This operation is expected to be used only for LOCAL users. Users are periodically synchronized from the Identity Provider, so deleting a user that is not a local one may be reverted if the change is not done accordingly in the Identity Provider.
$hide_from_docs
organization required | string Organization name. |
user required | string User name. |
{ }
Generate the tokens for a local user account so it can authenticate against management plane. This method will return an error if the user account is not of type MANUAL. Credentials for normal platform users must be configured in the corresponding Identity Provider.
organization required | string Organization name. |
user required | string User name. |
{- "accessToken": "string",
- "refreshToken": "string"
}
organization required | string Organization name. |
name required | string The short name for the resource to be created. |
required | object (v2Tenant)
|
{- "name": "string",
- "tenant": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string"
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
securityDomain | string Security domains can be used to group different resources under the same security domain.
Although security domain is not resource itself currently, it follows a fqn format
|
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "securityDomain": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "extensions": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
name required | string The short name for the resource to be created. |
required | object (v2TenantSetting) Default settings that apply to all workspaces under a tenant. |
{- "name": "string",
- "setting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. | |
object (v2TrafficSetting) A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. When applied to a traffic group, missing fields will inherit values from the workspace-wide setting if any. | |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
{- "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}
}
organization required | string Organization name. |
tenant required | string Tenant name. |
{- "workspaces": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string"
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
name required | string The short name for the resource to be created. |
required | object (v2Workspace) A Workspace is a collection of related namespaces in one or more clusters. |
{- "name": "string",
- "workspace": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string"
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
isolationBoundary | string Istio Isolation Boundary name to which this workspace belongs. If not provided explicitly, the workspace looks for an isolation boundary with name set as "global". Therefore, in order to move existing workspaces to isolation boundaries, and be a part of revisioned control plane, it is recommended to configure an isolation boundary with the name "global". |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
privileged | boolean If set to true, allows Gateways in the workspace to route to services in other workspaces. Set this to true for workspaces owning cluster-wide gateways shared by multiple teams. |
securityDomain | string Security domains can be used to group different resources under the same security domain.
Although security domain is not resource itself currently, it follows a fqn format
|
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "isolationBoundary": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "securityDomain": "string"
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string"
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{ }
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
]
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
name required | string The short name for the resource to be created. |
required | object (v2WorkspaceSetting) Default security and traffic settings for all proxy workloads in the workspace. |
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
]
}
]
}
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
]
}
]
}
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Array of objects (v2EastWestGateway) Default east west gateway settings specifies workspace-wide east-west gateway configuration. This is used to configure east-west routing (required for fail-over) for the services that are not exposed on the gateways. All the services matching the specified criteria is picked up for exposing on the east-west gateway workload selected by the workload selector. In case, a service matches selectors in multiple items, the one which comes first is picked up. | |
object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. | |
object (v2TrafficSetting) A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. When applied to a traffic group, missing fields will inherit values from the workspace-wide setting if any. | |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2RegionalFailover) Locality routing settings for all gateways in the workspace. Overrides any global settings. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect. |
{- "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
]
}
], - "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { }
}
]
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "subjectAltNames": [
- "string"
]
}
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
]
}
]
}