Tetrate Service Bridge API (1.9.x)
Download OpenAPI specification:Download
Tetrate Service Bridge API.
Callback endpoint for OAuth2 Authorization Code grant flows as part of the OIDC spec.
query Parameters
code | string OAuth2 Authorization Code. When present this indicates the user authorized the request. TSB will use this code to acquire a token from the OIDC token endpoint and complete the login flow. |
error | string OAuth2 Error Code. When present this indicates that either the authorization request has an error, the OIDC provider encountered an error or the user failed to log in. When set TSB will display information to the user indicating what went wrong. Standard error codes can be found found here. https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1 https://openid.net/specs/openid-connect-core-1_0.html#AuthError |
state required | string The state parameter sent to the OIDC provider on the authorization request. |
errorDescription | string Optional error description sent by the OIDC provider when an error occurs. |
errorUri | string Optional error URI of a web page that includes additional information about the error. |
Responses
Response samples
- 200
- default
{ }
List all existing applications for the given tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "applications": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
]
}
Creates a new Application in TSB.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
required | object (v2Application) An Application represents a set of logical groupings of services that are related to each other and expose a set of APIs that implement a complete set of business logic. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "application": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
]
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
Get the details of an existing application.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
Modify an existing application.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
gatewayGroup | string Optional FQN of the Gateway Group to be used by the application.
If configured, this gateway group will be used by the application. If
no namespaces are configured and no existing gateway group is set, a new gateway group claiming all
namespaces in the workspace ( |
object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) | |
services | Array of strings Optional list of services that are part of the application. This is a list of FQNs of services in the service registry. If omitted, the application is assumed to own all the services in the workspace. Note that a service can only be part of one application. If any of the services in the list is already in use by an existing application, application creation/modification will fail. If the list of services is not explicitly set and any service in the workspace is already in use by another application, application creation/modification will fail. |
workspace required | string FQN of the workspace this application is part of. The application will configure IngressGateways for the attached APIs in the different namespaces exposed by this workspace. |
Responses
Request samples
- Payload
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "gatewayGroup": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "services": [
- "string"
], - "workspace": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workspace": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "gatewayGroup": "string",
- "services": [
- "string"
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
]
}
Delete an existing Application. Note that deleting resources in TSB is a recursive operation. Deleting a application will delete all API objects that exist in it.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
query Parameters
forceDeleteProtectedGroups | boolean Force the deletion of internal groups even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
List all APIs attached to the given application.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Responses
Response samples
- 200
- default
{- "apis": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": null,
- "headers": { }
}
], - "modify": {
- "rewrite": {
- "uri": null,
- "authority": null
}, - "headers": {
- "request": null,
- "response": null
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": null,
- "bytes": null
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string",
- "exposedBy": {
- "service": "string",
- "clusterGroup": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": null,
- "property2": null
}, - "weight": 0
}
]
}
}
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
], - "httpServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": null,
- "headers": { }
}
], - "modify": {
- "rewrite": {
- "uri": null,
- "authority": null
}, - "headers": {
- "request": null,
- "response": null
}
}, - "route": {
- "clusterDestination": {
- "clusters": [ ]
}, - "serviceDestination": {
- "host": null,
- "port": null,
- "tls": null
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": null,
- "bytes": null
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
]
}
]
}
Attach a new API to the given application.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
required | object (v2API) An API configuring a set of servers and endpoints that expose the Application business logic. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "api": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string",
- "exposedBy": {
- "service": "string",
- "clusterGroup": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0
}
]
}
}
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
], - "httpServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": null,
- "labels": { },
- "network": null,
- "weight": null
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
]
}
Get the details of an API.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "openapi": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "servers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "endpoints": [
- {
- "path": "string",
- "methods": [
- "string"
], - "hostnames": [
- "string"
], - "service": "string",
- "exposedBy": {
- "service": "string",
- "clusterGroup": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0
}
]
}
}
}
], - "configResources": [
- {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
], - "httpServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": null,
- "labels": { },
- "network": null,
- "weight": null
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
]
}
List the WASM extensions that are defined for the Organization.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "extensions": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
]
}
Creates a new WasmExtension object in TSB. This is needed to let the extensions run. Once a WasmExtension has been created, it can be assigned to IngressGateway and SecuritySetting. This method returns the created extension.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2WasmExtension) |
Responses
Request samples
- Payload
{- "name": "string",
- "wasmExtension": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
Get a WASM extension
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
Modify an existing WasmExtension. When modifying the details of an extension in use, such as the image property, enabled flag, phase, or default configuration, a redeploy or reconfiguration of the extension may be triggered, affecting live traffic in all those places that reference the extension. Similarly, changes to the allowed_in property may trigger the removal of the extension from all places where the extension was in use that are not allowed to use it anymore, affecting live traffic on the relevant namespaces as well.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
allowedIn | Array of strings List of fqns where this extension is allowed to run. If it is empty, the extension can be used across the entire organization. Currently only Tenant resources are considered. |
config | object Configuration parameters sent to the WASM plugin execution The configuration can be overwritten when instantiating the extensions in IngressGateways or Security groups. The config is serialized using proto3 JSON marshaling and passed to proxy_on_configure when the host environment starts the plugin. |
description | string (A description of the extension.
$hide_from_yaml) |
displayName | string (User friendly name for the extension.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
image | string Deprecated. Use the |
imagePullPolicy | string (WasmExtensionPullPolicy) Default: "UNSPECIFIED_POLICY" Enum: "UNSPECIFIED_POLICY" "IfNotPresent" "Always" The pull behaviour to be applied when fetching a WASM module, mirroring K8s behaviour.
|
imagePullSecret | string Credentials to use for OCI image pulling.
Name of a K8s Secret that contains a docker pull secret which is to be used
to authenticate against the registry when pulling the image.
If TSB is configured to use the WASM download proxy, this secret must exist in
the |
object (v2GlobalTrafficSelector) GlobalTrafficSelector provides a mechanism to select a specific traffic flow for which this Wasm Extension will be enabled. This setting applies to all WASM Extension attachments. These selectors can be overridden at attachments. When all the sub conditions in the TrafficSelector are satisfied, the traffic will be selected. | |
phase | string (Plugin phases following Istio definition: https://istio.io/latest/docs/reference/config/proxy_extensions/wasm-plugin/#PluginPhase) Default: "UNSPECIFIED_PHASE" Enum: "UNSPECIFIED_PHASE" "AUTHN" "AUTHZ" "STATS"
|
priority | integer <int32> Determines the ordering of WasmExtensions in the same phase. When multiple WasmExtensions are applied to the same workload in the same phase, they will be applied by priority, in descending order. If no priority is assigned it will use the default 0 value. In case of several extensions having the same priority in the same phase, the fqn will be used to sort them. |
source | string (Source to find the code for the WASM extension) |
url required | string URL of a Wasm module or OCI container. If no scheme is present, defaults to oci://, referencing an OCI image. Other valid schemes are file:// for referencing .wasm module files present locally within the proxy container, and http[s]:// for .wasm module files hosted remotely. |
object (v2VmConfig) Configuration for a Wasm VM. more details can be found here. |
Responses
Request samples
- Payload
{- "allowedIn": [
- "string"
], - "config": { },
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "image": "string",
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "match": {
- "mode": "UNDEFINED"
}, - "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "source": "string",
- "url": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
Delete a WasmExtension. Note that deleting a WasmExtension will delete the extension itself, and also its assignments to IngressGateway and SecuritySetting.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Responses
Response samples
- 200
- default
{ }
List all gateway groups that exist in the workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a new gateway group in the given workspace.
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
required | object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
update the given gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
configMode | string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group.
|
deletionProtectionEnabled | boolean When set, prevents the resource from being deleted. In order to delete the resource this
property needs to be set to |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given gateway group. Note that deleting resources in TSB is a recursive operation. Deleting a gateway group will delete all configuration objects that exist in it.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
query Parameters
force | boolean Force the deletion of the object even if deletion protection is enabled. If this is set, then the object and all its children will be deleted even if any of them has the deletion protection enabled. |
Responses
Response samples
- 200
- default
{ }
List all Egress Gateway objects in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "egressGateways": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}, - "local": {
- "rules": [
- {
- "name": null,
- "from": [ ],
- "to": [ ]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create an Egress Gateway object in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
required | object (v2EgressGateway)
--> |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "egressGateway": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given Egress Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify the given Egress Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
Array of objects (EgressAuthorization is used to dictate which service accounts can access a set of external hosts) The description of which service accounts can access which hosts. If the list of authorization rules is empty, this egress gateway will deny all traffic. | |
object (v2ConfigGenerationMetadata)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this EgressGateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions. | |
required | object (v2WorkloadSelector)
|
Responses
Request samples
- Payload
{- "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "authorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "to": [
- "string"
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given Egress Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Responses
Response samples
- 200
- default
{ }
List all Ingress Gateway objects in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "ingressGateways": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": null,
- "headers": { }
}
], - "modify": {
- "rewrite": {
- "uri": null,
- "authority": null
}, - "headers": {
- "request": null,
- "response": null
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": null,
- "bytes": null
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create an Ingress Gateway object in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
required | object (v2IngressGateway)
|
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "ingressGateway": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "headers": {
- "property1": null,
- "property2": null
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": { },
- "add": { },
- "remove": [ ]
}, - "response": {
- "set": { },
- "add": { },
- "remove": [ ]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given Ingress Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify the given Ingress Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this IngressGateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions. | |
Array of objects (v2HttpServer) One or more HTTP or HTTPS servers exposed by the gateway. The server exposes configuration for TLS termination, request authentication/authorization, HTTP routing, etc. | |
Array of objects (One or more non-HTTP and non-passthrough servers which use TCP
based protocols. This server also exposes configuration for terminating TLS) | |
Array of objects (v2TLSPassthroughServer) One or more TLS servers exposed by the gateway. The server does not terminate TLS and exposes config for SNI based routing. | |
object (WAFSettings configure WAF based on seclang
See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives) | |
required | object (v2WorkloadSelector)
|
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "waf": {
- "rules": [
- "string"
]
}, - "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "xxxOldAuthentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string"
}
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "xxxOldAuthorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
]
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "host": "string",
- "port": 0
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tlsPassthrough": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "host": "string",
- "port": 0
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "host": "string",
- "port": 0
}
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given Ingress Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Responses
Response samples
- 200
- default
{ }
List all Tier1 Gateway objects that have been created in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "tier1Gateways": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a Tier1 Gateway object in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2Tier1Gateway)
|
Responses
Request samples
- Payload
{- "name": "string",
- "tier1Gateway": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
get the details of the given Tier1 Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Gateways_UpdateTier1Gateway
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this Tier1Gateway with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enablement and priority that will condition the execution of the assigned extensions. | |
Array of objects (v2Tier1ExternalServer) One or more servers exposed by the gateway externally. | |
Array of objects (v2Tier1InternalServer) One or more servers exposed by the gateway internally for cross cluster forwarding. | |
Array of objects (v2Tier1PassthroughServer) One or more tls passthrough servers exposed by the gateway externally. | |
Array of objects (v2Tier1TCPExternalServer) One or more tcp servers exposed by the gateway externally. | |
Array of objects (v2Tier1TCPInternalServer) One or more tcp servers exposed by the gateway for mesh internal traffic. | |
object (WAFSettings configure WAF based on seclang
See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives) | |
required | object (v2WorkloadSelector)
|
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "externalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "internalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}
}
], - "passthroughServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "tcpExternalServers": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
], - "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}
}
], - "tcpInternalServers": [
- {
- "name": "string",
- "hostname": "string",
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}
], - "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given Tier1 Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tier1gateway required | string Tier1gateway name. |
Responses
Response samples
- 200
- default
{ }
List all Gateway objects in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "gateways": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": null,
- "headers": { }
}
], - "modify": {
- "rewrite": {
- "uri": null,
- "authority": null
}, - "headers": {
- "request": null,
- "response": null
}
}, - "route": {
- "clusterDestination": {
- "clusters": [ ]
}, - "serviceDestination": {
- "host": null,
- "port": null,
- "tls": null
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": null,
- "bytes": null
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- null
], - "limit": {
- "requestsPerUnit": null,
- "unit": null
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- null
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "tls": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": null,
- "property2": null
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": null,
- "property2": null
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "wasmPlugins": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "egressAuthorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
]
}, - "to": [
- {
- "host": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "paths": [
- "string"
], - "methods": [
- "string"
]
}
], - "identityMatch": "UNKNOWN"
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a Gateway object in the gateway group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
required | object (v2Gateway) The Each server within the To ensure consistency and compatibility, the |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "gateway": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "headers": {
- "property1": null,
- "property2": null
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": { },
- "add": { },
- "remove": [ ]
}, - "response": {
- "set": { },
- "add": { },
- "remove": [ ]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- null
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": null,
- "files": null,
- "secretName": null,
- "subjectAltNames": [ ]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "tls": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "wasmPlugins": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "egressAuthorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
]
}, - "to": [
- {
- "host": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "paths": [
- "string"
], - "methods": [
- "string"
]
}
], - "identityMatch": "UNKNOWN"
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": null,
- "labels": { },
- "network": null,
- "weight": null
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "tls": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "wasmPlugins": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "egressAuthorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
]
}, - "to": [
- {
- "host": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "paths": [
- "string"
], - "methods": [
- "string"
]
}
], - "identityMatch": "UNKNOWN"
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
unifiedgateway required | string Unifiedgateway name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": null,
- "labels": { },
- "network": null,
- "weight": null
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "tls": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "wasmPlugins": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "egressAuthorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
]
}, - "to": [
- {
- "host": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "paths": [
- "string"
], - "methods": [
- "string"
]
}
], - "identityMatch": "UNKNOWN"
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify the given Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
unifiedgateway required | string Unifiedgateway name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
Array of objects (v2EgressAuthorizationSettings) External services are onboarded into the mesh via service entry, and these services are exposed on the Gateway for egress access. By default, access is denied for these hosts. Users can configure EgressAuthorizationSettings to specify which service accounts are allowed. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2HTTP) One or more HTTP or HTTPS servers exposed by the gateway. The server exposes configuration for TLS termination, request authentication/authorization, HTTP routing, rate limiting, etc. | |
Array of objects (v2TCP) One or more non-HTTP and non-passthrough servers which use TCP based protocols. This server also exposes configuration for terminating TLS. | |
Array of objects (v2TLS) One or more TLS servers exposed by the gateway. The server does not terminate TLS and exposes config for SNI based routing. | |
object (WAFSettings configure WAF based on seclang
See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives) | |
Array of objects (v2WasmExtensionAttachment) WasmPlugins specifies all the WasmExtensionAttachment assigned to this Gateway with the specific configuration for each plugin. This custom configuration will override the one configured globally to the plugin. Each plugin has a global configuration including priority that will condition the execution of the assigned plugins. | |
required | object (v2WorkloadSelector)
|
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "description": "string",
- "displayName": "string",
- "egressAuthorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
]
}, - "to": [
- {
- "host": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "paths": [
- "string"
], - "methods": [
- "string"
]
}
], - "identityMatch": "UNKNOWN"
}
], - "etag": "string",
- "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": null,
- "labels": { },
- "network": null,
- "weight": null
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "tls": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "waf": {
- "rules": [
- "string"
]
}, - "wasmPlugins": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "http": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "authentication": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}, - "authorization": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "jwt": {
- "iss": null,
- "sub": null,
- "other": { }
}
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "routing": {
- "corsPolicy": {
- "allowOrigin": [
- "string"
], - "allowMethods": [
- "string"
], - "allowHeaders": [
- "string"
], - "exposeHeaders": [
- "string"
], - "maxAge": "string",
- "allowCredentials": true
}, - "rules": [
- {
- "match": [
- {
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}
}
], - "modify": {
- "rewrite": {
- "uri": "string",
- "authority": "string"
}, - "headers": {
- "request": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}, - "response": {
- "set": {
- "property1": null,
- "property2": null
}, - "add": {
- "property1": null,
- "property2": null
}, - "remove": [
- null
]
}
}
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": null,
- "labels": { },
- "network": null,
- "weight": null
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}
}, - "redirect": {
- "uri": "string",
- "authority": "string",
- "redirectCode": 0,
- "port": 0,
- "scheme": "string"
}, - "directResponse": {
- "status": 0,
- "body": {
- "string": "string",
- "bytes": "string"
}
}, - "disableExternalAuthorization": true
}
]
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "tls": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}
}
], - "tcp": [
- {
- "name": "string",
- "port": 0,
- "hostname": "string",
- "tls": {
- "mode": "DISABLED",
- "secretName": "string",
- "files": {
- "serverCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "minProtocolVersion": "TLS_AUTO",
- "maxProtocolVersion": "TLS_AUTO",
- "cipherSuites": [
- "string"
], - "subjectAltNames": [
- "string"
]
}, - "route": {
- "clusterDestination": {
- "clusters": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "network": "string",
- "weight": 0
}
]
}, - "serviceDestination": {
- "host": "string",
- "port": 0,
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "transit": true,
- "trafficMode": "AUTO"
}
], - "wasmPlugins": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "waf": {
- "rules": [
- "string"
]
}, - "egressAuthorization": [
- {
- "from": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
]
}, - "to": [
- {
- "host": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "paths": [
- "string"
], - "methods": [
- "string"
]
}
], - "identityMatch": "UNKNOWN"
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given Gateway object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
unifiedgateway required | string Unifiedgateway name. |
Responses
Response samples
- 200
- default
{ }
List all Istio internal groups in the given workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a new Istio internal group in the given workspace.
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
required | object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given Istio internal group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify a Istio internal group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
deletionProtectionEnabled | boolean When set, prevents the resource from being deleted. In order to delete the resource this
property needs to be set to |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "deletionProtectionEnabled": true,
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given Istio internal group. Note that deleting resources in TSB is a recursive operation. Deleting a Istio internal group will delete all configuration objects that exist in it.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
query Parameters
force | boolean Force the deletion of the object even if deletion protection is enabled. If this is set, then the object and all its children will be deleted even if any of them has the deletion protection enabled. |
Responses
Response samples
- 200
- default
{ }
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry metrics that are available for the requested telemetry source.
path Parameters
organization required | string Organization name. |
user required | string User name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "metrics": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
]
}
Get the details of an existing telemetry metric.
path Parameters
organization required | string Organization name. |
user required | string User name. |
source required | string Source name. |
metric required | string Metric name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "observedResource": "string",
- "measure": {
- "name": "string",
- "unit": "string"
}, - "type": {
- "name": "INVALID_METRIC_TYPE",
- "labels": [
- {
- "key": "string",
- "value": "string"
}
]
}, - "origin": "INVALID_METRIC_ORIGIN",
- "detectionPoint": "INVALID_METRIC_DETECTION_POINT"
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
List the telemetry sources that are available for the requested parent. It will return telemetry sources that belong to the requested parent and from all its child resources.
path Parameters
organization required | string Organization name. |
user required | string User name. |
query Parameters
scopeTypes | Array of strings Items Enum: "INVALID" "SERVICE" "INGRESS" "RELATION" The scope type that a telemetry source needs to match. Telemetry sources that matches any requested scope type will be returned.
|
belongTos | Array of strings Which resources the telemetry sources must belong to. Telemetry sources that belongs to any requested resource will be returned. |
existed.since | string <date-time> Moment in time since we retrieve Telemetry Sources. |
existed.until | string <date-time> Moment in time until we retrieve Telemetry Sources. |
Responses
Response samples
- 200
- default
{- "sources": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
]
}
Get the details of an existing telemetry source.
path Parameters
organization required | string Organization name. |
user required | string User name. |
source required | string Source name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "belongsTo": "string",
- "metricSourceKey": "string",
- "type": "INVALID",
- "scope": {
- "serviceScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "instance": "string",
- "subset": "string",
- "service": "string",
- "namespace": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "ingressScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "hostname": "string",
- "ingressService": "string",
- "cluster": "string"
}, - "deployment": "string"
}
]
}, - "relationScopes": {
- "scopes": [
- {
- "type": "INVALID",
- "scope": {
- "serviceRelation": {
- "source": "string",
- "target": "string"
}
}
}
]
}
}
}
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_1
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_2
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_5
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_3
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_4
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_6
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_10
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_9
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_8
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_11
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_12
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_13
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_15
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_14
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_16
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_17
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_18
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_19
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_20
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_21
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_22
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_24
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_23
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetPolicy returns the approval policy for the given resource.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Responses
Response samples
- 200
- default
{- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
SetPolicy enables authorization policy checks for the given resource and applies any provided request or approval settings. If the resource has existing policies settings, they will be replaced. Once the policy is set, authorization checks will be performed for the given resource.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
Array of objects (v2Access) Approved is a list of subjects that are approved to access the resource. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2Metadata) Metadata includes additional information about an ApprovalPolicy or Access entity and their respective resources that they apply to. | |
mode required | string (ApprovalPolicyMode) Default: "UNRESTRICTED" Enum: "UNRESTRICTED" "ALLOW_REQUESTED" "REQUIRE_APPROVAL"
|
Array of objects (v2Access) Requested is a list of subjects that are requested to access the resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the resource. |
Responses
Request samples
- Payload
{- "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "etag": "string",
- "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}, - "mode": "UNRESTRICTED",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
Response samples
- 200
- default
{ }
DeletePolicy deletes the approval policy configuration for the given resource. When deleted, authorization checks will no longer be performed, the resource will no longer accept approval requests and all existing approvals will be revoked.
path Parameters
organization required | string Organization name. |
user required | string User name. |
query Parameters
force | boolean Force the deletion of internal resources even if they are protected against deletion. |
Responses
Response samples
- 200
- default
{ }
AddApprovedAccess adds a new entry in the approved access list for the given resource.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteApprovedAccess deletes an entry from the approved list for the given resource.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
Approvals_QueryPolicies_variant_7
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
includeDetails | boolean IncludeDetails indicates whether to include the details of the resources that are part of the policy. When set to true, the name and description of the resource are included in the response. |
includePermissions | boolean IncludePermissions indicates whether to include the user level permissions on resources that are part of the policy. When set to true, the user level permissions are included in the response. |
types required | Array of strings Type is the type of the resources to query for policies. |
Responses
Request samples
- Payload
{- "includeDetails": true,
- "includePermissions": true,
- "types": [
- "string"
]
}
Response samples
- 200
- default
{- "policies": [
- {
- "etag": "string",
- "mode": "UNRESTRICTED",
- "resource": "string",
- "requested": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "approved": [
- {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": null,
- "kinds": [ ]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
]
}
AddAccessRequest adds a new access request entry in the access request list for the given resource. If the policy approval mode is "ALLOW_REQUESTED", access is allowed immediately. If the policy approval mode is "REQUIRE_APPROVAL" access will be pending until the request is approved.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
ApproveAccessRequest approves an existing access request for the given resource. Once approved, the request will be removed from the requested list and added to the approved list. If any of the permissions are changed, the requested permissions will be discarded and only the approved permissions will be added to the approved list.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
required | object (v2Access) Access is an access request for a subject with a set of permission. Example: Access { Subject: "organizations/demo/tenants/demo/applications/caller", Permissions: []string{"GET"} } |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "access": {
- "subject": "string",
- "permissions": [
- "string"
], - "metadata": {
- "details": {
- "name": "string",
- "description": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}, - "etag": "string"
}
Response samples
- 200
- default
{ }
DeleteAccessRequest removes an existing entry from the access request list for the given resource. If the request is already approved, the request no longer exists and this operation will return NotFound. Deleting an approved request should be done using the DeleteApproved operation.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
subject required | string Subject for which the access request is made. |
Responses
Request samples
- Payload
{- "subject": "string"
}
Response samples
- 200
- default
{ }
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
GetResourcePermission looks up permissions that are allowed for the current principal. on the given resource FQN. This is similar to QueryResourcePermission but limited to a single resource FQN.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Responses
Response samples
- 200
- default
{- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
QueryResourcePermission looks up permissions that are allowed for the current principal. Multiple records can be queried with a single request. Query limit is 100, multiple requests are required to lookup more than the limit.
Request Body schema: application/jsonrequired
Request to query permissions on multiple records.
Example: QueryResourcePermissionsRequest { Queries: []Query{ Query{ QueryID: "1234", Kind: Query_Fqn{ Fqn: "tetrate/tenants/default/workspaces/example" } } } }
Array of objects (Query format of the resource lookup for the permission check) One or more resources to query permissions on, limited to 100 per request. | |||||
Array
|
Responses
Request samples
- Payload
{- "queries": [
- {
- "queryId": "string",
- "fqn": "string"
}
]
}
Response samples
- 200
- default
{- "results": [
- {
- "request": {
- "queryId": "string",
- "fqn": "string"
}, - "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
]
}
Get the global RBAC access policy. The global RBAC access policy configures who can manage the Role objects in TSB.
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the global RBAC access policy. The global RBAC access policy configures who can manage the Role objects in TSB.
Request Body schema: application/jsonrequired
A policy defines the set of subjects that can access a resource and under which conditions that access is granted.
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
description | string (A description of the resource.
$hide_from_yaml) |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. |
Responses
Request samples
- Payload
{- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Response samples
- 200
- default
{ }
Get the root access policy. The root access policy configures global permissions for the platform. Subjects assigned to a root policy will be granted the permissions described in the policy to all objects ion TSB.
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the root access policy. The root access policy configures global permissions for the platform. Subjects assigned to a root policy will be granted the permissions described in the policy to all objects ion TSB.
Request Body schema: application/jsonrequired
A policy defines the set of subjects that can access a resource and under which conditions that access is granted.
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
description | string (A description of the resource.
$hide_from_yaml) |
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. |
Responses
Request samples
- Payload
{- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Get the access policy for the given resource.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "etag": "string",
- "description": "string",
- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
]
}
Set the access policy for the given resource.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
Array of objects (v2Binding) The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy. | |
description | string (A description of the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "allow": [
- {
- "role": "string",
- "subjects": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
]
}
], - "description": "string",
- "etag": "string"
}
Response samples
- 200
- default
{ }
Create a new role.
Request Body schema: application/jsonrequired
Request to create a Role.
name required | string The short name for the resource to be created. |
required | object (v2Role)
|
Responses
Request samples
- Payload
{- "name": "string",
- "role": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
Modify a role.
path Parameters
rba required | string Rba name. |
Request Body schema: application/jsonrequired
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (A rule defines the set of api groups) A set of rules that define the permissions associated with each API group. |
Responses
Request samples
- Payload
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "rules": [
- {
- "types": [
- {
- "apiGroup": "string",
- "kinds": [
- "string"
]
}
], - "permissions": [
- "INVALID"
]
}
]
}
Get all the services in the registry that are part of the given selector. This method can be used to resolve the registered services that are part of a workspace or group. This method can be also used to figure out how applying a selector could affect the platform and have an understanding of which of the existing services would be included in the selection.
Request Body schema: application/jsonrequired
Request for all the services in the registry that are part of the given selector.
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
parent required | string (The FQN of the parent object where services will be looked up) |
Responses
Request samples
- Payload
{- "selector": {
- "names": [
- "string"
]
}, - "parent": "string"
}
Response samples
- 200
- default
{- "services": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
]
}
Get all the groups that configure the given service in the registry.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Responses
Response samples
- 200
- default
{- "trafficGroups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "securityGroups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "gatewayGroups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "istioInternalGroups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
List the services that have been registered in an organization
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "services": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
]
}
Register the given service in the organization. Services in the registry are deduplicated so that the same service running in different clusters are represented as a single entity in the registry. The service returned by this method is the result of deduplicating the service. This API is currently only intended for internal use by the discovery agents. $hide_from_docs
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
canonicalName | string optional canonical name that identify this service. |
cluster required | string Name of the cluster where the service belongs to. This will be used to load the deduplication settings that have been configured for the cluster where the service belongs. |
externalAddresses | Array of strings For kubernetes services of type load balancer, this field contains the list of lb hostnames or IPs assigned to the service. |
hostnames | Array of strings The hostnames by which this service is accessed. Can correspond to the hostname of an internal service or that ones of a virtual host on a gateway. |
namespace required | string Namespace associated with the service. It will be used in deduplication logic. |
Array of objects (v2Port) The set of ports on which this service is exposed. | |
serviceType required | string (v2ServiceType) Default: "INVALID_TYPE" Enum: "INVALID_TYPE" "INTERNAL" "LOADBALANCER" "MESH_EXTERNAL" ServiceType denotes the exposition of a service in the mesh.
|
shortName required | string Short name for the service, used to uniquely identify it within the organization. |
source required | string Source of the service: Kubernetes, Istio, Consul, etc. |
spiffeIds | Array of strings List of SPIFFE identities used by the workloads of the service. |
state required | string (v2State) Default: "INVALID_STATE" Enum: "INVALID_STATE" "EXTERNAL" "OBSERVED" "CONTROLLED" State denotes how deep is the knowledge of a service by the mesh. Meaning that if a service can be controlled, observed or none of these.
|
subsets | Array of strings Subset denotes a specific version of a service. By default the 'version' label is used to designate subsets of a workload. Known subsets for the service. |
Responses
Request samples
- Payload
{- "canonicalName": "string",
- "cluster": "string",
- "externalAddresses": [
- "string"
], - "hostnames": [
- "string"
], - "namespace": "string",
- "ports": [
- {
- "number": 0,
- "name": "string"
}
], - "serviceType": "INVALID_TYPE",
- "shortName": "string",
- "source": "string",
- "spiffeIds": [
- "string"
], - "state": "INVALID_STATE",
- "subsets": [
- "string"
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
Remove the given service from the organization registry. This API is currently only intended for internal use by the discovery agents. $hide_from_docs
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
cluster required | string Name of the cluster of the service. |
namespace required | string Namespace of the service. |
shortName required | string (Name attribute of the service) |
Responses
Request samples
- Payload
{- "cluster": "string",
- "namespace": "string",
- "shortName": "string"
}
Response samples
- 200
- default
{ }
Get the details of a registered service
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "shortName": "string",
- "hostnames": [
- "string"
], - "ports": [
- {
- "number": 0,
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "subsets": [
- "string"
], - "serviceType": "INVALID_TYPE",
- "externalAddresses": [
- "string"
], - "state": "INVALID_STATE",
- "metrics": [
- {
- "name": "string",
- "description": "string",
- "aggregationKey": "string",
- "type": "INVALID",
- "serviceDeployment": "string",
- "parentMetric": "string"
}
], - "serviceDeployments": [
- {
- "fqn": "string",
- "source": "string"
}
], - "subsetDeployments": [
- {
- "name": "string",
- "serviceDeployments": [
- "string"
]
}
], - "canonicalName": "string",
- "spiffeIds": [
- "string"
]
}
List all security groups in the given workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a new security group in the given workspace.
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
required | object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given security group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify a security group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
configMode | string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group.
|
deletionProtectionEnabled | boolean When set, prevents the resource from being deleted. In order to delete the resource this
property needs to be set to |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
securityDomain | string Security domains can be used to group different resources under the same security domain.
Although security domain is not resource itself currently, it follows a fqn format
|
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "securityDomain": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given security group. Note that deleting resources in TSB is a recursive operation. Deleting a security group will delete all configuration objects that exist in it.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
query Parameters
force | boolean Force the deletion of the object even if deletion protection is enabled. If this is set, then the object and all its children will be deleted even if any of them has the deletion protection enabled. |
Responses
Response samples
- 200
- default
{ }
List all service security settings objects that have been attached to the security group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Responses
Response samples
- 200
- default
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": null
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- null
], - "tls": {
- "mode": null,
- "files": null,
- "secretName": null,
- "subjectAltNames": [ ]
}
}, - "local": {
- "rules": [
- null
]
}
}, - "rules": {
- "allow": [
- {
- "from": null,
- "to": null
}
], - "denyAll": true,
- "deny": [
- {
- "from": null,
- "to": null
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}, - "rules": {
- "jwt": [
- null
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": null,
- "authorizationEndpoint": null,
- "tokenEndpoint": null,
- "jwksUri": null,
- "jwks": null
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- null
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": null,
- "ports": [ ]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a service security settings object in the security group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2ServiceSecuritySetting) A service security setting applies configuration to a service in a security group. Missing fields will inherit values from the workspace-wide setting if any. |
Responses
Request samples
- Payload
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": null,
- "team": null,
- "serviceAccount": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": null,
- "privateKey": null,
- "caCertificates": null
}, - "secretName": "string",
- "subjectAltNames": [
- null
]
}
}, - "local": {
- "rules": [
- {
- "name": null,
- "from": [ ],
- "to": [ ]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": null
}, - "to": {
- "fqn": null
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": null,
- "audiences": [ ],
- "jwksUri": null,
- "jwks": null,
- "outputPayloadToHeader": null,
- "outputClaimToHeaders": [ ],
- "fromHeaders": [ ]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- null
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": null
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given service security settings object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
servicesetting required | string Servicesetting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": null
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify the given service security settings object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
servicesetting required | string Servicesetting name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
service required | string The service on which the configuration is being applied. Must be in namespace/FQDN format. |
object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. | |
Array of objects (ServiceSecuritySettingSubset) Subset specific settings that will replace the service wide settings for the specified service subsets. |
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "service": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": null
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "subsets": [
- {
- "name": "string",
- "settings": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": null
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given service security settings from the group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
servicesetting required | string Servicesetting name. |
Responses
Response samples
- 200
- default
{ }
List all security settings objects that have been attached to the security group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Responses
Response samples
- 200
- default
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": null,
- "team": null,
- "serviceAccount": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a security settings object in the security group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. |
Responses
Request samples
- Payload
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- "string"
], - "methods": [
- "string"
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given security settings object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- "string"
], - "methods": [
- "string"
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify the given security settings object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
authentication | string (SecuritySettingAuthenticationMode) Default: "UNSET" Enum: "UNSET" "OPTIONAL" "REQUIRED" AuthenticationMode indicates whether to accept only Istio mutual TLS authenticated traffic or allow legacy plaintext traffic as well.
|
object (v2AuthenticationSettings) AuthenticationSettings represents configuration related to authenticating traffic within the mesh and end-user credentials if present. It is HIGHLY RECOMMENDED to enable mutual TLS when end-user credentials are present. Sending credentials like JWT over plaintext is a security risk. | |
object (v2AuthorizationSettings)
| |
object (v2ConfigGenerationMetadata)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2WasmExtensionAttachment) Extensions specifies all the WasmExtensions assigned to this SecuritySettings with the specific configuration for each extension. This custom configuration will override the one configured globally to the extension. Each extension has a global configuration including enabling and priority that will condition the execution of the assigned extensions. | |
propagationStrategy | string (v2PropagationStrategy) Default: "REPLACE" Enum: "REPLACE" "STRICTER" The PropagationStrategy is the key differentiating factor to decide how a security policy should be propagated and applied at runtime across clusters. The default propagation strategy is REPLACE, in which a lower level SecuritySetting in the configuration hierarchy replaces a higher level SecuritySetting. The STRICTER PropagationStrategy on the other hand makes sure the default SecuritySettings configured at the parent level are always enforced and propagated down the hierarchy unless additional SecuritySettings are defined and restricted further in the configuration hierarchy.
When a resource or property of it affected by the propagation strategy is propagated down the hierarchy, regardless
of the defined strategy ( For example, the following policy configures optional mTLS for traffic within the workspace, but
it allows SecuritySettings to modify it. The example shows a workspace that configures
service-to-service access so that only services in the same workspace can talk to each other.
The
Further details of how security settings are resolved between in
|
object (WAFSettings configure WAF based on seclang
See https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v3.x%29#Configuration_Directives) |
Responses
Request samples
- Payload
{- "authentication": "UNSET",
- "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- "string"
], - "methods": [
- "string"
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "propagationStrategy": "REPLACE",
- "waf": {
- "rules": [
- "string"
]
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- "string"
], - "methods": [
- "string"
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given security settings from the group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{ }
List all traffic groups in the given workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "groups": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a new traffic group in the given workspace.
Groups will by default configure all the namespaces owned by their workspace, unless explicitly configured. If a specific set of namespaces is set for the group, it must be a subset of the namespaces defined by its workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
required | object (v2Group) A gateway group manages the gateways in a group of namespaces owned by the parent workspace. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "group": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given traffic group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify the given traffic group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
configMode | string (v2ConfigMode) Default: "BRIDGED" Enum: "BRIDGED" "DIRECT" The configuration mode used by a traffic, security or a gateway group.
|
deletionProtectionEnabled | boolean When set, prevents the resource from being deleted. In order to delete the resource this
property needs to be set to |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "configMode": "BRIDGED",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given traffic group. Note that deleting resources in TSB is a recursive operation. Deleting a traffic group will delete all configuration objects that exist in it.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
query Parameters
force | boolean Force the deletion of the object even if deletion protection is enabled. If this is set, then the object and all its children will be deleted even if any of them has the deletion protection enabled. |
Responses
Response samples
- 200
- default
{ }
List all service routes that have been attached to the traffic group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Responses
Response samples
- 200
- default
{- "serviceRoutes": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
], - "flagger": {
- "canary": "string",
- "namespace": "string"
}, - "fault": {
- "delay": {
- "percentage": 0.1,
- "fixedDelay": "string"
}, - "abort": {
- "percentage": 0.1,
- "httpStatus": 0,
- "grpcStatus": "string"
}
}, - "mirrors": [
- {
- "host": "string",
- "subset": "string",
- "port": 0,
- "percentage": 0.1
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a new service route in the given traffic group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2ServiceRoute) A service route controls routing configurations for traffic to a service in a traffic group. |
Responses
Request samples
- Payload
{- "name": "string",
- "serviceRoute": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
], - "flagger": {
- "canary": "string",
- "namespace": "string"
}, - "fault": {
- "delay": {
- "percentage": 0.1,
- "fixedDelay": "string"
}, - "abort": {
- "percentage": 0.1,
- "httpStatus": 0,
- "grpcStatus": "string"
}
}, - "mirrors": [
- {
- "host": "string",
- "subset": "string",
- "port": 0,
- "percentage": 0.1
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
], - "flagger": {
- "canary": "string",
- "namespace": "string"
}, - "fault": {
- "delay": {
- "percentage": 0.1,
- "fixedDelay": "string"
}, - "abort": {
- "percentage": 0.1,
- "httpStatus": 0,
- "grpcStatus": "string"
}
}, - "mirrors": [
- {
- "host": "string",
- "subset": "string",
- "port": 0,
- "percentage": 0.1
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of the given service route.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
], - "flagger": {
- "canary": "string",
- "namespace": "string"
}, - "fault": {
- "delay": {
- "percentage": 0.1,
- "fixedDelay": "string"
}, - "abort": {
- "percentage": 0.1,
- "httpStatus": 0,
- "grpcStatus": "string"
}
}, - "mirrors": [
- {
- "host": "string",
- "subset": "string",
- "port": 0,
- "percentage": 0.1
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify a service route.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Array of objects (v2HTTPRoute) HTTPRoutes are used when HTTP traffic needs to be matched on uri, headers and port and destination routes need to be set using subset-weight combinations specified within the route. Note: If a route is specified, then the global subset-weight combinations (specified under subsets) will be ignored for the matched port, as subsets within route will take effect. | |
Array of objects (In order to support multi-protocol routing, a list of all port/protocol combinations is needed.
These port settings are applied to all the subsets) | |
service required | string The service on which the configuration is being applied. Must be in namespace/FQDN format. |
object (ServiceRouteStickySession) If set, all requests from a client will be forward to the same backend. | |
Array of objects (ServiceRouteSubset) The set of versions of a service and the percentage of traffic to send to each version. | |
Array of objects (v2TCPRoute) TCPRoutes match TCP traffic based on port number. The subset-weight configuration and priority have the same behaviour as HTTPRoutes. |
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
], - "flagger": {
- "canary": "string",
- "namespace": "string"
}, - "fault": {
- "delay": {
- "percentage": 0.1,
- "fixedDelay": "string"
}, - "abort": {
- "percentage": 0.1,
- "httpStatus": 0,
- "grpcStatus": "string"
}
}, - "mirrors": [
- {
- "host": "string",
- "subset": "string",
- "port": 0,
- "percentage": 0.1
}
]
}
], - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "service": "string",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "service": "string",
- "subsets": [
- {
- "name": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "weight": 0,
- "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
]
}
], - "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}, - "portLevelSettings": [
- {
- "port": 0,
- "trafficType": "HTTP",
- "stickySession": {
- "header": "string",
- "cookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true
}
}
], - "httpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "uri": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "headers": {
- "property1": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "property2": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
}, - "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
], - "flagger": {
- "canary": "string",
- "namespace": "string"
}, - "fault": {
- "delay": {
- "percentage": 0.1,
- "fixedDelay": "string"
}, - "abort": {
- "percentage": 0.1,
- "httpStatus": 0,
- "grpcStatus": "string"
}
}, - "mirrors": [
- {
- "host": "string",
- "subset": "string",
- "port": 0,
- "percentage": 0.1
}
]
}
], - "tcpRoutes": [
- {
- "name": "string",
- "match": [
- {
- "name": "string",
- "port": 0
}
], - "destination": [
- {
- "subset": "string",
- "weight": 0,
- "port": 0,
- "destinationHost": "string"
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given service route.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Responses
Response samples
- 200
- default
{ }
List all the settings objects that have been attached to the given traffic group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Responses
Response samples
- 200
- default
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": null,
- "perTryTimeout": null,
- "retryOn": null
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": null,
- "idleTime": null,
- "interval": null
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a settings object for the given traffic group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2TrafficSetting) A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. When applied to a traffic group, missing fields will inherit values from the workspace-wide setting if any. |
Responses
Request samples
- Payload
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details for the given settings object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify the given settings in the given traffic group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
object (TrafficSettingEgressGateway) EgressGateway specifies the gateway where traffic external to the mesh will be redirected. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2RateLimiting) Configuration for ratelimiting HTTP/gRPC requests can be rate limited based on a variety of attributes in the request such as headers (including cookies), URL path/prefixes, client remote address etc. | |
object (v2ReachabilitySettings)
| |
object (v2ResilienceSettings) ResilienceSettings control the reliability knobs in Envoy when making outbound connections from a gateway or proxy workload. | |
Array of objects (v2UpstreamTrafficSettings) List of hosts and the associated traffic settings to be used by the clients that are downstreams to the defined upstream hosts. |
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "description": "string",
- "displayName": "string",
- "egress": {
- "host": "string",
- "port": 0
}, - "etag": "string",
- "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "property2": {
- "exact": null,
- "prefix": null,
- "regex": null
}
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete the given settings object from the traffic group.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{ }
Get the list of all clusters that have been onboarded into the platform.
path Parameters
organization required | string Organization name. |
query Parameters
fetchWorkloads | boolean Flag to fetch the workload information for all the clusters as well. Note that by default workload information is not returned as it may be expensive to retrieve. |
Responses
Response samples
- 200
- default
{- "clusters": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "namespaces": [
- {
- "name": "string",
- "services": [
- {
- "hostname": "string",
- "namespace": "string",
- "selector": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "number": 0,
- "name": "string",
- "kubernetesNodePort": 0
}
], - "kubernetesServiceIp": "string",
- "kubernetesExternalAddresses": [
- "string"
], - "numKubernetesEndpoints": 0,
- "numVmEndpoints": 0,
- "meshExternal": true,
- "gatewayHost": true,
- "numHops": 0,
- "kubernetesServiceFqdn": "string",
- "name": "string",
- "subsets": [
- "string"
], - "canonicalName": "string",
- "workloads": [
- {
- "address": "string",
- "name": "string",
- "isVm": true,
- "proxy": {
- "controlPlaneAddress": null,
- "envoyVersion": null,
- "istioVersion": null,
- "status": { }
}
}
], - "tier1GatewayHost": true,
- "spiffeIds": [
- "string"
]
}
]
}
], - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string",
- "discoveredLocality": {
- "region": "string"
}
}, - "serviceAccount": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}, - "installTemplate": {
- "message": "string",
- "helm": {
- "image": {
- "registry": "string",
- "tag": "string"
}, - "spec": {
- "hub": "string",
- "imagePullSecrets": [
- {
- "name": "string"
}
], - "components": {
- "collector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevel": "string"
}, - "oap": {
- "streamingLogEnabled": true,
- "onDemandEnvoyMetricsEnabled": true,
- "storageIndexMergingEnabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevel": "string"
}, - "xcp": {
- "centralAuthMode": "UNKNOWN",
- "configProtection": {
- "enableAuthorizedUpdateDeleteOnXcpConfigs": true,
- "enableAuthorizedCreateUpdateDeleteOnXcpConfigs": true,
- "authorizedUsers": [
- null
]
}, - "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "revision": "string",
- "isolationBoundaries": [
- {
- "name": null,
- "revisions": [ ],
- "meshExpansion": null
}
], - "enableHttpMeshInternalIdentityPropagation": true,
- "centralProvidedCaCert": true,
- "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "istio": {
- "tsbVersion": "string",
- "mountInternalWasmExtensions": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "CNI": {
- "binaryDirectory": null,
- "configurationDirectory": null,
- "chained": null,
- "configurationFileName": null,
- "clusterRole": null,
- "revision": null
}, - "overlays": [
- null
]
}, - "traceSamplingRate": 0.1,
- "defaultWorkloadCertTTL": "string",
- "maxWorkloadCertTTL": "string",
- "trustDomain": "string",
- "baseOverlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
], - "pilotOverlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
], - "cniOverlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
], - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "rateLimitServer": {
- "backend": {
- "redis": {
- "uri": null
}
}, - "domain": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "hpaAdapter": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "onboarding": {
- "operator": {
- "kubeSpec": {
- "deployment": null,
- "service": null,
- "serviceAccount": null,
- "overlays": [ ]
}, - "logLevels": {
- "property1": null,
- "property2": null
}
}, - "repository": {
- "kubeSpec": {
- "deployment": null,
- "service": null,
- "serviceAccount": null,
- "overlays": [ ]
}
}, - "plane": {
- "instance": {
- "kubeSpec": null,
- "logLevels": { }
}
}
}, - "satellite": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevel": "string"
}, - "ngac": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "gitops": {
- "enabled": true,
- "reconcileInterval": "string",
- "batchWindow": "string",
- "managementplaneRequestTimeout": "string",
- "reconcileRequestTimeout": "string",
- "webhookTimeout": "string",
- "pushMode": "SYNC"
}, - "internalCertProvider": {
- "certManager": {
- "managed": "AUTO",
- "certManagerSpec": {
- "kubeSpec": null
}, - "certManagerWebhookSpec": {
- "kubeSpec": null
}, - "certManagerCaInjector": {
- "kubeSpec": null
}, - "certManagerStartupapicheck": {
- "kubeSpec": null
}
}, - "custom": {
- "csrSignerName": "string",
- "caBundleSecretName": "string"
}
}, - "defaultKubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}
}, - "account": {
- "imagePullSecrets": [
- null
]
}, - "job": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "tolerations": [
- null
], - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}
}, - "wasmfetcher": {
- "cacheDisableInsecureRegistries": true,
- "cacheExpiration": "string",
- "cacheMaxRetries": 0,
- "cachePurgeInterval": "string",
- "cacheRequestTimeout": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "defaultLogLevel": "string",
- "route53Controller": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "n2ac": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}, - "pep": {
- "disableTls": true,
- "skipTlsVerify": true,
- "timeout": "string",
- "cache": {
- "disabled": null,
- "ignoreNoCacheHeader": null,
- "ttl": null
}
}, - "enabled": true
}, - "awsController": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}
}, - "providerSettings": {
- "eks": {
- "useNlbByDefault": true
}, - "route53": {
- "serviceAccountName": "string",
- "namespaceSelector": {
- "namespace": "string",
- "ignoreNamespaces": "string"
}, - "policy": "SYNC",
- "domainFilter": [
- "string"
], - "interval": "string",
- "ttl": "string",
- "evaluateTargetHealth": true,
- "filterSettings": {
- "annotationFilter": "string",
- "labelFilter": "string",
- "excludeDomain": [
- null
], - "zoneType": "NONE",
- "zoneTagFilter": [
- null
], - "zoneIdFilter": [
- null
]
}, - "enabled": true
}, - "aws": {
- "serviceAccountName": "string"
}, - "lattice": {
- "enabled": true
}
}, - "managementPlane": {
- "host": "string",
- "port": 0,
- "selfSigned": true,
- "clusterName": "string"
}, - "meshExpansion": {
- "customGateway": {
- "host": "string",
- "port": 0
}, - "onboarding": {
- "uid": "string",
- "endpoint": {
- "hosts": [
- null
], - "secretName": "string"
}, - "tokenIssuer": {
- "jwt": {
- "expiration": null
}
}, - "localRepository": { },
- "workloads": {
- "authentication": {
- "jwt": null
}, - "deregistration": {
- "propagationDelay": null
}
}
}
}, - "telemetryStore": {
- "elastic": {
- "host": "string",
- "port": 0,
- "protocol": "https",
- "selfSigned": true,
- "version": 0,
- "indexPrefix": "string"
}
}, - "meshObservability": {
- "demoSettings": {
- "apiEndpointMetricsEnabled": true
}, - "settings": {
- "apiEndpointMetricsEnabled": true
}
}, - "tier1Cluster": true
}, - "secrets": {
- "tsb": {
- "cacert": "string"
}, - "elasticsearch": {
- "username": "string",
- "password": "string",
- "cacert": "string"
}, - "xcp": {
- "autoGenerateCerts": true,
- "rootca": "string",
- "rootcakey": "string",
- "edge": {
- "cert": "string",
- "key": "string",
- "token": "string"
}
}, - "clusterServiceAccount": {
- "clusterFQN": "string",
- "JWK": "string",
- "encodedJWK": "string"
}
}, - "operator": {
- "deployment": {
- "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": null,
- "resourceFieldRef": null,
- "configMapKeyRef": null,
- "secretKeyRef": null
}
}
], - "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "replicaCount": 0,
- "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": null,
- "intVal": null,
- "strVal": null
}, - "maxSurge": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
]
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "imagePullSecrets": [
- "string"
], - "pullSecret": "string",
- "pullUsername": "string",
- "pullPassword": "string"
}
}
}
}
}
]
}
Creates a new cluster object in TSB. This is needed during cluster onboarding to let the management plane know about the existence of a cluster. Once a cluster has been created and fully onboarded, the management plane will manage the mesh for that cluster and keep this cluster entity up to date with the information that is reported by the cluster agents. This method returns the created cluster, that will be continuously updated by the local cluster agents. This entity can be monitored to have an overview of the resources (namespaces, services, etc) that are known to be running in the cluster.
This action will also create a service account with permissions to manage this cluster. This service account (aka cluster service account) can be used in the ControlPlane installation to authenticate it through the ManagementPlane.
As part of the response, a template will be provided (in the field installTemplate
) with minimum
configuration to be able to install the TSB Operator in the cluster running as ControlPlane.
This data is not stored and will be only available in the response of this action.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
required | object (v2Cluster) A Kubernetes cluster managing both pods and VMs. |
name required | string The short name for the resource to be created. |
Responses
Request samples
- Payload
{- "cluster": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string",
- "discoveredLocality": {
- "region": "string"
}
}, - "serviceAccount": {
- "displayName": "string",
- "etag": "string",
- "description": "string"
}, - "installTemplate": {
- "helm": {
- "image": {
- "registry": "string",
- "tag": "string"
}, - "spec": {
- "hub": "string",
- "imagePullSecrets": [
- {
- "name": "string"
}
], - "components": {
- "collector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevel": "string"
}, - "oap": {
- "streamingLogEnabled": true,
- "onDemandEnvoyMetricsEnabled": true,
- "storageIndexMergingEnabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevel": "string"
}, - "xcp": {
- "centralAuthMode": "UNKNOWN",
- "configProtection": {
- "enableAuthorizedUpdateDeleteOnXcpConfigs": true,
- "enableAuthorizedCreateUpdateDeleteOnXcpConfigs": true,
- "authorizedUsers": [
- "string"
]
}, - "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "revision": "string",
- "isolationBoundaries": [
- {
- "name": "string",
- "revisions": [
- null
], - "meshExpansion": {
- "customGateway": null,
- "onboarding": null
}
}
], - "enableHttpMeshInternalIdentityPropagation": true,
- "centralProvidedCaCert": true,
- "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "istio": {
- "tsbVersion": "string",
- "mountInternalWasmExtensions": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "CNI": {
- "binaryDirectory": "string",
- "configurationDirectory": "string",
- "chained": true,
- "configurationFileName": "string",
- "clusterRole": "string",
- "revision": "string"
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "traceSamplingRate": 0.1,
- "defaultWorkloadCertTTL": "string",
- "maxWorkloadCertTTL": "string",
- "trustDomain": "string",
- "baseOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
], - "pilotOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
], - "cniOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
], - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "rateLimitServer": {
- "backend": {
- "redis": {
- "uri": "string"
}
}, - "domain": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}
}, - "hpaAdapter": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}
}, - "onboarding": {
- "operator": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "repository": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "plane": {
- "instance": {
- "kubeSpec": {
- "deployment": null,
- "service": null,
- "serviceAccount": null,
- "overlays": [ ]
}, - "logLevels": {
- "property1": null,
- "property2": null
}
}
}
}, - "satellite": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevel": "string"
}, - "ngac": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "gitops": {
- "enabled": true,
- "reconcileInterval": "string",
- "batchWindow": "string",
- "managementplaneRequestTimeout": "string",
- "reconcileRequestTimeout": "string",
- "webhookTimeout": "string",
- "pushMode": "SYNC"
}, - "internalCertProvider": {
- "certManager": {
- "managed": "AUTO",
- "certManagerSpec": {
- "kubeSpec": {
- "deployment": null,
- "service": null,
- "serviceAccount": null,
- "overlays": [ ]
}
}, - "certManagerWebhookSpec": {
- "kubeSpec": {
- "deployment": null,
- "service": null,
- "serviceAccount": null,
- "overlays": [ ]
}
}, - "certManagerCaInjector": {
- "kubeSpec": {
- "deployment": null,
- "service": null,
- "serviceAccount": null,
- "overlays": [ ]
}
}, - "certManagerStartupapicheck": {
- "kubeSpec": {
- "deployment": null,
- "service": null,
- "job": null,
- "serviceAccount": null,
- "overlays": [ ]
}
}
}, - "custom": {
- "csrSignerName": "string",
- "caBundleSecretName": "string"
}
}, - "defaultKubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "account": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "job": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}
}, - "wasmfetcher": {
- "cacheDisableInsecureRegistries": true,
- "cacheExpiration": "string",
- "cacheMaxRetries": 0,
- "cachePurgeInterval": "string",
- "cacheRequestTimeout": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "defaultLogLevel": "string",
- "route53Controller": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}
}, - "n2ac": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}, - "pep": {
- "disableTls": true,
- "skipTlsVerify": true,
- "timeout": "string",
- "cache": {
- "disabled": true,
- "ignoreNoCacheHeader": true,
- "ttl": "string"
}
}, - "enabled": true
}, - "awsController": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}
}
}, - "providerSettings": {
- "eks": {
- "useNlbByDefault": true
}, - "route53": {
- "serviceAccountName": "string",
- "namespaceSelector": {
- "namespace": "string",
- "ignoreNamespaces": "string"
}, - "policy": "SYNC",
- "domainFilter": [
- "string"
], - "interval": "string",
- "ttl": "string",
- "evaluateTargetHealth": true,
- "filterSettings": {
- "annotationFilter": "string",
- "labelFilter": "string",
- "excludeDomain": [
- "string"
], - "zoneType": "NONE",
- "zoneTagFilter": [
- "string"
], - "zoneIdFilter": [
- "string"
]
}, - "enabled": true
}, - "aws": {
- "serviceAccountName": "string"
}, - "lattice": {
- "enabled": true
}
}, - "managementPlane": {
- "host": "string",
- "port": 0,
- "selfSigned": true,
- "clusterName": "string"
}, - "meshExpansion": {
- "customGateway": {
- "host": "string",
- "port": 0
}, - "onboarding": {
- "uid": "string",
- "endpoint": {
- "hosts": [
- "string"
], - "secretName": "string"
}, - "tokenIssuer": {
- "jwt": {
- "expiration": "string"
}
}, - "localRepository": { },
- "workloads": {
- "authentication": {
- "jwt": {
- "issuers": [ ]
}
}, - "deregistration": {
- "propagationDelay": "string"
}
}
}
}, - "telemetryStore": {
- "elastic": {
- "host": "string",
- "port": 0,
- "protocol": "https",
- "selfSigned": true,
- "version": 0,
- "indexPrefix": "string"
}
}, - "meshObservability": {
- "demoSettings": {
- "apiEndpointMetricsEnabled": true
}, - "settings": {
- "apiEndpointMetricsEnabled": true
}
}, - "tier1Cluster": true
}, - "secrets": {
- "tsb": {
- "cacert": "string"
}, - "elasticsearch": {
- "username": "string",
- "password": "string",
- "cacert": "string"
}, - "xcp": {
- "autoGenerateCerts": true,
- "rootca": "string",
- "rootcakey": "string",
- "edge": {
- "cert": "string",
- "key": "string",
- "token": "string"
}
}, - "clusterServiceAccount": {
- "clusterFQN": "string",
- "JWK": "string",
- "encodedJWK": "string"
}
}, - "operator": {
- "deployment": {
- "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [
- null
]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": null,
- "preference": null
}
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": null,
- "podAffinityTerm": null
}
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": null,
- "podAffinityTerm": null
}
]
}
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": {
- "apiVersion": null,
- "fieldPath": null
}, - "resourceFieldRef": {
- "containerName": null,
- "resource": null,
- "divisor": null
}, - "configMapKeyRef": {
- "localObjectReference": null,
- "key": null,
- "optional": null
}, - "secretKeyRef": {
- "localObjectReference": null,
- "key": null,
- "optional": null
}
}
}
], - "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "replicaCount": 0,
- "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}, - "maxSurge": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
]
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "imagePullSecrets": [
- "string"
], - "pullSecret": "string",
- "pullUsername": "string",
- "pullPassword": "string"
}
}
}
}
}, - "name": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "namespaces": [
- {
- "name": "string",
- "services": [
- {
- "hostname": "string",
- "namespace": "string",
- "selector": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "number": 0,
- "name": "string",
- "kubernetesNodePort": 0
}
], - "kubernetesServiceIp": "string",
- "kubernetesExternalAddresses": [
- "string"
], - "numKubernetesEndpoints": 0,
- "numVmEndpoints": 0,
- "meshExternal": true,
- "gatewayHost": true,
- "numHops": 0,
- "kubernetesServiceFqdn": "string",
- "name": "string",
- "subsets": [
- "string"
], - "canonicalName": "string",
- "workloads": [
- {
- "address": "string",
- "name": "string",
- "isVm": true,
- "proxy": {
- "controlPlaneAddress": "string",
- "envoyVersion": "string",
- "istioVersion": "string",
- "status": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "tier1GatewayHost": true,
- "spiffeIds": [
- "string"
]
}
]
}
], - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string",
- "discoveredLocality": {
- "region": "string"
}
}, - "serviceAccount": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}, - "installTemplate": {
- "message": "string",
- "helm": {
- "image": {
- "registry": "string",
- "tag": "string"
}, - "spec": {
- "hub": "string",
- "imagePullSecrets": [
- {
- "name": "string"
}
], - "components": {
- "collector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "oap": {
- "streamingLogEnabled": true,
- "onDemandEnvoyMetricsEnabled": true,
- "storageIndexMergingEnabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "xcp": {
- "centralAuthMode": "UNKNOWN",
- "configProtection": {
- "enableAuthorizedUpdateDeleteOnXcpConfigs": true,
- "enableAuthorizedCreateUpdateDeleteOnXcpConfigs": true,
- "authorizedUsers": [
- "string"
]
}, - "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "revision": "string",
- "isolationBoundaries": [
- {
- "name": "string",
- "revisions": [
- {
- "name": null,
- "istio": null,
- "disable": null
}
], - "meshExpansion": {
- "customGateway": {
- "host": null,
- "port": null
}, - "onboarding": {
- "uid": null,
- "endpoint": null,
- "tokenIssuer": null,
- "localRepository": null,
- "workloads": null
}
}
}
], - "enableHttpMeshInternalIdentityPropagation": true,
- "centralProvidedCaCert": true,
- "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "istio": {
- "tsbVersion": "string",
- "mountInternalWasmExtensions": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "CNI": {
- "binaryDirectory": "string",
- "configurationDirectory": "string",
- "chained": true,
- "configurationFileName": "string",
- "clusterRole": "string",
- "revision": "string"
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "traceSamplingRate": 0.1,
- "defaultWorkloadCertTTL": "string",
- "maxWorkloadCertTTL": "string",
- "trustDomain": "string",
- "baseOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "pilotOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "cniOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "rateLimitServer": {
- "backend": {
- "redis": {
- "uri": "string"
}
}, - "domain": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "hpaAdapter": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "onboarding": {
- "operator": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "repository": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}
}, - "plane": {
- "instance": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}
}
}, - "satellite": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "ngac": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "gitops": {
- "enabled": true,
- "reconcileInterval": "string",
- "batchWindow": "string",
- "managementplaneRequestTimeout": "string",
- "reconcileRequestTimeout": "string",
- "webhookTimeout": "string",
- "pushMode": "SYNC"
}, - "internalCertProvider": {
- "certManager": {
- "managed": "AUTO",
- "certManagerSpec": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerWebhookSpec": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerCaInjector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerStartupapicheck": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "job": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "tolerations": [ ],
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}
}, - "custom": {
- "csrSignerName": "string",
- "caBundleSecretName": "string"
}
}, - "defaultKubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": null,
- "resourceFieldRef": null,
- "configMapKeyRef": null,
- "secretKeyRef": null
}
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": null,
- "intVal": null,
- "strVal": null
}, - "maxSurge": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- 0
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- {
- "name": null,
- "value": null
}
], - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [
- null
], - "drop": [
- null
]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "account": {
- "imagePullSecrets": [
- {
- "name": "string"
}
]
}, - "job": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- 0
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- {
- "name": null,
- "value": null
}
], - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [
- null
], - "drop": [
- null
]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}
}
}, - "wasmfetcher": {
- "cacheDisableInsecureRegistries": true,
- "cacheExpiration": "string",
- "cacheMaxRetries": 0,
- "cachePurgeInterval": "string",
- "cacheRequestTimeout": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "defaultLogLevel": "string",
- "route53Controller": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "n2ac": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}, - "pep": {
- "disableTls": true,
- "skipTlsVerify": true,
- "timeout": "string",
- "cache": {
- "disabled": true,
- "ignoreNoCacheHeader": true,
- "ttl": "string"
}
}, - "enabled": true
}, - "awsController": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}
}, - "providerSettings": {
- "eks": {
- "useNlbByDefault": true
}, - "route53": {
- "serviceAccountName": "string",
- "namespaceSelector": {
- "namespace": "string",
- "ignoreNamespaces": "string"
}, - "policy": "SYNC",
- "domainFilter": [
- "string"
], - "interval": "string",
- "ttl": "string",
- "evaluateTargetHealth": true,
- "filterSettings": {
- "annotationFilter": "string",
- "labelFilter": "string",
- "excludeDomain": [
- "string"
], - "zoneType": "NONE",
- "zoneTagFilter": [
- "string"
], - "zoneIdFilter": [
- "string"
]
}, - "enabled": true
}, - "aws": {
- "serviceAccountName": "string"
}, - "lattice": {
- "enabled": true
}
}, - "managementPlane": {
- "host": "string",
- "port": 0,
- "selfSigned": true,
- "clusterName": "string"
}, - "meshExpansion": {
- "customGateway": {
- "host": "string",
- "port": 0
}, - "onboarding": {
- "uid": "string",
- "endpoint": {
- "hosts": [
- "string"
], - "secretName": "string"
}, - "tokenIssuer": {
- "jwt": {
- "expiration": "string"
}
}, - "localRepository": { },
- "workloads": {
- "authentication": {
- "jwt": {
- "issuers": [
- null
]
}
}, - "deregistration": {
- "propagationDelay": "string"
}
}
}
}, - "telemetryStore": {
- "elastic": {
- "host": "string",
- "port": 0,
- "protocol": "https",
- "selfSigned": true,
- "version": 0,
- "indexPrefix": "string"
}
}, - "meshObservability": {
- "demoSettings": {
- "apiEndpointMetricsEnabled": true
}, - "settings": {
- "apiEndpointMetricsEnabled": true
}
}, - "tier1Cluster": true
}, - "secrets": {
- "tsb": {
- "cacert": "string"
}, - "elasticsearch": {
- "username": "string",
- "password": "string",
- "cacert": "string"
}, - "xcp": {
- "autoGenerateCerts": true,
- "rootca": "string",
- "rootcakey": "string",
- "edge": {
- "cert": "string",
- "key": "string",
- "token": "string"
}
}, - "clusterServiceAccount": {
- "clusterFQN": "string",
- "JWK": "string",
- "encodedJWK": "string"
}
}, - "operator": {
- "deployment": {
- "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [
- {
- "matchExpressions": [ ],
- "matchFields": [ ]
}
]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "preference": {
- "matchExpressions": [ ],
- "matchFields": [ ]
}
}
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": {
- "matchLabels": { },
- "matchExpressions": [ ]
}, - "namespaces": [
- null
], - "topologyKey": "string"
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "podAffinityTerm": {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
}
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": {
- "matchLabels": { },
- "matchExpressions": [ ]
}, - "namespaces": [
- null
], - "topologyKey": "string"
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "podAffinityTerm": {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
}
]
}
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": {
- "apiVersion": "string",
- "fieldPath": "string"
}, - "resourceFieldRef": {
- "containerName": "string",
- "resource": "string",
- "divisor": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}, - "configMapKeyRef": {
- "localObjectReference": {
- "name": null
}, - "key": "string",
- "optional": true
}, - "secretKeyRef": {
- "localObjectReference": {
- "name": null
}, - "key": "string",
- "optional": true
}
}
}
], - "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "replicaCount": 0,
- "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}, - "maxSurge": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
]
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "imagePullSecrets": [
- "string"
], - "pullSecret": "string",
- "pullUsername": "string",
- "pullPassword": "string"
}
}
}
}
}
Get the last known state for an onboarded cluster. Once a cluster has been onboarded into the platform, the agents will keep it up to date with its runtime status. Getting the cluster object will return the last known snapshot of existing namespaces and services running in it.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
query Parameters
fetchWorkloads | boolean Flag to fetch the workload information as well. Note that by default workload information is not returned as it may be expensive to retrieve. |
includeInstallTemplate | boolean Flag to return the install template required to install this cluster. This will generate a new API key pair for the cluster service account. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "namespaces": [
- {
- "name": "string",
- "services": [
- {
- "hostname": "string",
- "namespace": "string",
- "selector": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "number": 0,
- "name": "string",
- "kubernetesNodePort": 0
}
], - "kubernetesServiceIp": "string",
- "kubernetesExternalAddresses": [
- "string"
], - "numKubernetesEndpoints": 0,
- "numVmEndpoints": 0,
- "meshExternal": true,
- "gatewayHost": true,
- "numHops": 0,
- "kubernetesServiceFqdn": "string",
- "name": "string",
- "subsets": [
- "string"
], - "canonicalName": "string",
- "workloads": [
- {
- "address": "string",
- "name": "string",
- "isVm": true,
- "proxy": {
- "controlPlaneAddress": "string",
- "envoyVersion": "string",
- "istioVersion": "string",
- "status": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "tier1GatewayHost": true,
- "spiffeIds": [
- "string"
]
}
]
}
], - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string",
- "discoveredLocality": {
- "region": "string"
}
}, - "serviceAccount": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}, - "installTemplate": {
- "message": "string",
- "helm": {
- "image": {
- "registry": "string",
- "tag": "string"
}, - "spec": {
- "hub": "string",
- "imagePullSecrets": [
- {
- "name": "string"
}
], - "components": {
- "collector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "oap": {
- "streamingLogEnabled": true,
- "onDemandEnvoyMetricsEnabled": true,
- "storageIndexMergingEnabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "xcp": {
- "centralAuthMode": "UNKNOWN",
- "configProtection": {
- "enableAuthorizedUpdateDeleteOnXcpConfigs": true,
- "enableAuthorizedCreateUpdateDeleteOnXcpConfigs": true,
- "authorizedUsers": [
- "string"
]
}, - "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "revision": "string",
- "isolationBoundaries": [
- {
- "name": "string",
- "revisions": [
- {
- "name": null,
- "istio": null,
- "disable": null
}
], - "meshExpansion": {
- "customGateway": {
- "host": null,
- "port": null
}, - "onboarding": {
- "uid": null,
- "endpoint": null,
- "tokenIssuer": null,
- "localRepository": null,
- "workloads": null
}
}
}
], - "enableHttpMeshInternalIdentityPropagation": true,
- "centralProvidedCaCert": true,
- "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "istio": {
- "tsbVersion": "string",
- "mountInternalWasmExtensions": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "CNI": {
- "binaryDirectory": "string",
- "configurationDirectory": "string",
- "chained": true,
- "configurationFileName": "string",
- "clusterRole": "string",
- "revision": "string"
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "traceSamplingRate": 0.1,
- "defaultWorkloadCertTTL": "string",
- "maxWorkloadCertTTL": "string",
- "trustDomain": "string",
- "baseOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "pilotOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "cniOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "rateLimitServer": {
- "backend": {
- "redis": {
- "uri": "string"
}
}, - "domain": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "hpaAdapter": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "onboarding": {
- "operator": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "repository": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}
}, - "plane": {
- "instance": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}
}
}, - "satellite": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "ngac": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "gitops": {
- "enabled": true,
- "reconcileInterval": "string",
- "batchWindow": "string",
- "managementplaneRequestTimeout": "string",
- "reconcileRequestTimeout": "string",
- "webhookTimeout": "string",
- "pushMode": "SYNC"
}, - "internalCertProvider": {
- "certManager": {
- "managed": "AUTO",
- "certManagerSpec": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerWebhookSpec": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerCaInjector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerStartupapicheck": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "job": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "tolerations": [ ],
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}
}, - "custom": {
- "csrSignerName": "string",
- "caBundleSecretName": "string"
}
}, - "defaultKubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": null,
- "resourceFieldRef": null,
- "configMapKeyRef": null,
- "secretKeyRef": null
}
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": null,
- "intVal": null,
- "strVal": null
}, - "maxSurge": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- 0
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- {
- "name": null,
- "value": null
}
], - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [
- null
], - "drop": [
- null
]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "account": {
- "imagePullSecrets": [
- {
- "name": "string"
}
]
}, - "job": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- 0
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- {
- "name": null,
- "value": null
}
], - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [
- null
], - "drop": [
- null
]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}
}
}, - "wasmfetcher": {
- "cacheDisableInsecureRegistries": true,
- "cacheExpiration": "string",
- "cacheMaxRetries": 0,
- "cachePurgeInterval": "string",
- "cacheRequestTimeout": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "defaultLogLevel": "string",
- "route53Controller": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "n2ac": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}, - "pep": {
- "disableTls": true,
- "skipTlsVerify": true,
- "timeout": "string",
- "cache": {
- "disabled": true,
- "ignoreNoCacheHeader": true,
- "ttl": "string"
}
}, - "enabled": true
}, - "awsController": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}
}, - "providerSettings": {
- "eks": {
- "useNlbByDefault": true
}, - "route53": {
- "serviceAccountName": "string",
- "namespaceSelector": {
- "namespace": "string",
- "ignoreNamespaces": "string"
}, - "policy": "SYNC",
- "domainFilter": [
- "string"
], - "interval": "string",
- "ttl": "string",
- "evaluateTargetHealth": true,
- "filterSettings": {
- "annotationFilter": "string",
- "labelFilter": "string",
- "excludeDomain": [
- "string"
], - "zoneType": "NONE",
- "zoneTagFilter": [
- "string"
], - "zoneIdFilter": [
- "string"
]
}, - "enabled": true
}, - "aws": {
- "serviceAccountName": "string"
}, - "lattice": {
- "enabled": true
}
}, - "managementPlane": {
- "host": "string",
- "port": 0,
- "selfSigned": true,
- "clusterName": "string"
}, - "meshExpansion": {
- "customGateway": {
- "host": "string",
- "port": 0
}, - "onboarding": {
- "uid": "string",
- "endpoint": {
- "hosts": [
- "string"
], - "secretName": "string"
}, - "tokenIssuer": {
- "jwt": {
- "expiration": "string"
}
}, - "localRepository": { },
- "workloads": {
- "authentication": {
- "jwt": {
- "issuers": [
- null
]
}
}, - "deregistration": {
- "propagationDelay": "string"
}
}
}
}, - "telemetryStore": {
- "elastic": {
- "host": "string",
- "port": 0,
- "protocol": "https",
- "selfSigned": true,
- "version": 0,
- "indexPrefix": "string"
}
}, - "meshObservability": {
- "demoSettings": {
- "apiEndpointMetricsEnabled": true
}, - "settings": {
- "apiEndpointMetricsEnabled": true
}
}, - "tier1Cluster": true
}, - "secrets": {
- "tsb": {
- "cacert": "string"
}, - "elasticsearch": {
- "username": "string",
- "password": "string",
- "cacert": "string"
}, - "xcp": {
- "autoGenerateCerts": true,
- "rootca": "string",
- "rootcakey": "string",
- "edge": {
- "cert": "string",
- "key": "string",
- "token": "string"
}
}, - "clusterServiceAccount": {
- "clusterFQN": "string",
- "JWK": "string",
- "encodedJWK": "string"
}
}, - "operator": {
- "deployment": {
- "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [
- {
- "matchExpressions": [ ],
- "matchFields": [ ]
}
]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "preference": {
- "matchExpressions": [ ],
- "matchFields": [ ]
}
}
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": {
- "matchLabels": { },
- "matchExpressions": [ ]
}, - "namespaces": [
- null
], - "topologyKey": "string"
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "podAffinityTerm": {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
}
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": {
- "matchLabels": { },
- "matchExpressions": [ ]
}, - "namespaces": [
- null
], - "topologyKey": "string"
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "podAffinityTerm": {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
}
]
}
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": {
- "apiVersion": "string",
- "fieldPath": "string"
}, - "resourceFieldRef": {
- "containerName": "string",
- "resource": "string",
- "divisor": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}, - "configMapKeyRef": {
- "localObjectReference": {
- "name": null
}, - "key": "string",
- "optional": true
}, - "secretKeyRef": {
- "localObjectReference": {
- "name": null
}, - "key": "string",
- "optional": true
}
}
}
], - "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "replicaCount": 0,
- "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}, - "maxSurge": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
]
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "imagePullSecrets": [
- "string"
], - "pullSecret": "string",
- "pullUsername": "string",
- "pullPassword": "string"
}
}
}
}
}
Modify an existing cluster. Updates a cluster with the given data. Note that most of the data in the cluster is read-only and automatically populated by the local cluster agents.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Request Body schema: application/jsonrequired
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be
sent on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (ClusterInstallTemplate) InstallTemplate provides templates ready to be used in the ControlPlane (cluster onboard) installation. | |
object (FIXME: this is super clunky to copy each and every metadata field into
objects used for multicluster. $hide_from_yaml) | |
object (v2Locality) The region the cluster resides. Used for failover based routing when configured in the workspace or global settings. | |
object (v2NamespaceScoping) Configure the default scoping of namespaces in this cluster. | |
network | string The network (e.g., VPC) where this cluster is present. All clusters within the same network will be assumed to be reachable for the purposes of multi-cluster routing. In addition, networks marked as reachable from one another in SystemSettings will also be used for multi-cluster routing. |
object (tsbv2ServiceAccount)
| |
object (State represents the cluster info learned from the onboarded cluster) | |
tier1Cluster | boolean Deprecated: This flag is still honored for backward compatibility but will be ignored in future releases. It is advisable not to set it, as all clusters can now host both Tier1 and IngressGateways. Indicates whether this cluster is hosting a tier1 gateway or not. Tier1 clusters cannot host other gateways or workloads. Defaults to false if not specified. |
tokenTtl | string Lifetime of the tokens. Defaults to 1hr. |
trustDomain | string Trust domain for this cluster, used for multi-cluster routing. It must be unique for every cluster and should match the one configured in the local control plane. This value is optional, and will be updated by the local control plane agents. However, it is recommended to set it, if known, so that multi-cluster routing works without having to wait for the local control planes to update it. |
Responses
Request samples
- Payload
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "installTemplate": {
- "helm": {
- "image": {
- "registry": "string",
- "tag": "string"
}, - "spec": {
- "hub": "string",
- "imagePullSecrets": [
- {
- "name": "string"
}
], - "components": {
- "collector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "oap": {
- "streamingLogEnabled": true,
- "onDemandEnvoyMetricsEnabled": true,
- "storageIndexMergingEnabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "xcp": {
- "centralAuthMode": "UNKNOWN",
- "configProtection": {
- "enableAuthorizedUpdateDeleteOnXcpConfigs": true,
- "enableAuthorizedCreateUpdateDeleteOnXcpConfigs": true,
- "authorizedUsers": [
- "string"
]
}, - "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "revision": "string",
- "isolationBoundaries": [
- {
- "name": "string",
- "revisions": [
- {
- "name": null,
- "istio": null,
- "disable": null
}
], - "meshExpansion": {
- "customGateway": {
- "host": null,
- "port": null
}, - "onboarding": {
- "uid": null,
- "endpoint": null,
- "tokenIssuer": null,
- "localRepository": null,
- "workloads": null
}
}
}
], - "enableHttpMeshInternalIdentityPropagation": true,
- "centralProvidedCaCert": true,
- "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "istio": {
- "tsbVersion": "string",
- "mountInternalWasmExtensions": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "CNI": {
- "binaryDirectory": "string",
- "configurationDirectory": "string",
- "chained": true,
- "configurationFileName": "string",
- "clusterRole": "string",
- "revision": "string"
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "traceSamplingRate": 0.1,
- "defaultWorkloadCertTTL": "string",
- "maxWorkloadCertTTL": "string",
- "trustDomain": "string",
- "baseOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "pilotOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "cniOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "rateLimitServer": {
- "backend": {
- "redis": {
- "uri": "string"
}
}, - "domain": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "hpaAdapter": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "onboarding": {
- "operator": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "repository": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}
}, - "plane": {
- "instance": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}
}
}, - "satellite": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "ngac": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "gitops": {
- "enabled": true,
- "reconcileInterval": "string",
- "batchWindow": "string",
- "managementplaneRequestTimeout": "string",
- "reconcileRequestTimeout": "string",
- "webhookTimeout": "string",
- "pushMode": "SYNC"
}, - "internalCertProvider": {
- "certManager": {
- "managed": "AUTO",
- "certManagerSpec": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerWebhookSpec": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerCaInjector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerStartupapicheck": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "job": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "tolerations": [ ],
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}
}, - "custom": {
- "csrSignerName": "string",
- "caBundleSecretName": "string"
}
}, - "defaultKubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": null,
- "resourceFieldRef": null,
- "configMapKeyRef": null,
- "secretKeyRef": null
}
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": null,
- "intVal": null,
- "strVal": null
}, - "maxSurge": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- 0
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- {
- "name": null,
- "value": null
}
], - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [
- null
], - "drop": [
- null
]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "account": {
- "imagePullSecrets": [
- {
- "name": "string"
}
]
}, - "job": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- 0
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- {
- "name": null,
- "value": null
}
], - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [
- null
], - "drop": [
- null
]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}
}
}, - "wasmfetcher": {
- "cacheDisableInsecureRegistries": true,
- "cacheExpiration": "string",
- "cacheMaxRetries": 0,
- "cachePurgeInterval": "string",
- "cacheRequestTimeout": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "defaultLogLevel": "string",
- "route53Controller": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "n2ac": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}, - "pep": {
- "disableTls": true,
- "skipTlsVerify": true,
- "timeout": "string",
- "cache": {
- "disabled": true,
- "ignoreNoCacheHeader": true,
- "ttl": "string"
}
}, - "enabled": true
}, - "awsController": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}
}, - "providerSettings": {
- "eks": {
- "useNlbByDefault": true
}, - "route53": {
- "serviceAccountName": "string",
- "namespaceSelector": {
- "namespace": "string",
- "ignoreNamespaces": "string"
}, - "policy": "SYNC",
- "domainFilter": [
- "string"
], - "interval": "string",
- "ttl": "string",
- "evaluateTargetHealth": true,
- "filterSettings": {
- "annotationFilter": "string",
- "labelFilter": "string",
- "excludeDomain": [
- "string"
], - "zoneType": "NONE",
- "zoneTagFilter": [
- "string"
], - "zoneIdFilter": [
- "string"
]
}, - "enabled": true
}, - "aws": {
- "serviceAccountName": "string"
}, - "lattice": {
- "enabled": true
}
}, - "managementPlane": {
- "host": "string",
- "port": 0,
- "selfSigned": true,
- "clusterName": "string"
}, - "meshExpansion": {
- "customGateway": {
- "host": "string",
- "port": 0
}, - "onboarding": {
- "uid": "string",
- "endpoint": {
- "hosts": [
- "string"
], - "secretName": "string"
}, - "tokenIssuer": {
- "jwt": {
- "expiration": "string"
}
}, - "localRepository": { },
- "workloads": {
- "authentication": {
- "jwt": {
- "issuers": [
- null
]
}
}, - "deregistration": {
- "propagationDelay": "string"
}
}
}
}, - "telemetryStore": {
- "elastic": {
- "host": "string",
- "port": 0,
- "protocol": "https",
- "selfSigned": true,
- "version": 0,
- "indexPrefix": "string"
}
}, - "meshObservability": {
- "demoSettings": {
- "apiEndpointMetricsEnabled": true
}, - "settings": {
- "apiEndpointMetricsEnabled": true
}
}, - "tier1Cluster": true
}, - "secrets": {
- "tsb": {
- "cacert": "string"
}, - "elasticsearch": {
- "username": "string",
- "password": "string",
- "cacert": "string"
}, - "xcp": {
- "autoGenerateCerts": true,
- "rootca": "string",
- "rootcakey": "string",
- "edge": {
- "cert": "string",
- "key": "string",
- "token": "string"
}
}, - "clusterServiceAccount": {
- "clusterFQN": "string",
- "JWK": "string",
- "encodedJWK": "string"
}
}, - "operator": {
- "deployment": {
- "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [
- {
- "matchExpressions": [ ],
- "matchFields": [ ]
}
]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "preference": {
- "matchExpressions": [ ],
- "matchFields": [ ]
}
}
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": {
- "matchLabels": { },
- "matchExpressions": [ ]
}, - "namespaces": [
- null
], - "topologyKey": "string"
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "podAffinityTerm": {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
}
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": {
- "matchLabels": { },
- "matchExpressions": [ ]
}, - "namespaces": [
- null
], - "topologyKey": "string"
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "podAffinityTerm": {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
}
]
}
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": {
- "apiVersion": "string",
- "fieldPath": "string"
}, - "resourceFieldRef": {
- "containerName": "string",
- "resource": "string",
- "divisor": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}, - "configMapKeyRef": {
- "localObjectReference": {
- "name": null
}, - "key": "string",
- "optional": true
}, - "secretKeyRef": {
- "localObjectReference": {
- "name": null
}, - "key": "string",
- "optional": true
}
}
}
], - "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "replicaCount": 0,
- "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}, - "maxSurge": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
]
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "imagePullSecrets": [
- "string"
], - "pullSecret": "string",
- "pullUsername": "string",
- "pullPassword": "string"
}
}
}
}, - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "network": "string",
- "serviceAccount": {
- "displayName": "string",
- "etag": "string",
- "description": "string"
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string",
- "discoveredLocality": {
- "region": "string"
}
}, - "tier1Cluster": true,
- "tokenTtl": "string",
- "trustDomain": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "tokenTtl": "string",
- "network": "string",
- "tier1Cluster": true,
- "namespaces": [
- {
- "name": "string",
- "services": [
- {
- "hostname": "string",
- "namespace": "string",
- "selector": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "number": 0,
- "name": "string",
- "kubernetesNodePort": 0
}
], - "kubernetesServiceIp": "string",
- "kubernetesExternalAddresses": [
- "string"
], - "numKubernetesEndpoints": 0,
- "numVmEndpoints": 0,
- "meshExternal": true,
- "gatewayHost": true,
- "numHops": 0,
- "kubernetesServiceFqdn": "string",
- "name": "string",
- "subsets": [
- "string"
], - "canonicalName": "string",
- "workloads": [
- {
- "address": "string",
- "name": "string",
- "isVm": true,
- "proxy": {
- "controlPlaneAddress": "string",
- "envoyVersion": "string",
- "istioVersion": "string",
- "status": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "tier1GatewayHost": true,
- "spiffeIds": [
- "string"
]
}
]
}
], - "labels": {
- "property1": "string",
- "property2": "string"
}, - "locality": {
- "region": "string"
}, - "trustDomain": "string",
- "namespaceScope": {
- "scope": "GLOBAL",
- "exceptions": [
- "string"
]
}, - "state": {
- "lastSyncTime": "2019-08-24T14:15:22Z",
- "provider": "string",
- "istioVersions": [
- "string"
], - "xcpVersion": "string",
- "tsbCpVersion": "string",
- "discoveredLocality": {
- "region": "string"
}
}, - "serviceAccount": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}, - "installTemplate": {
- "message": "string",
- "helm": {
- "image": {
- "registry": "string",
- "tag": "string"
}, - "spec": {
- "hub": "string",
- "imagePullSecrets": [
- {
- "name": "string"
}
], - "components": {
- "collector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "oap": {
- "streamingLogEnabled": true,
- "onDemandEnvoyMetricsEnabled": true,
- "storageIndexMergingEnabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "xcp": {
- "centralAuthMode": "UNKNOWN",
- "configProtection": {
- "enableAuthorizedUpdateDeleteOnXcpConfigs": true,
- "enableAuthorizedCreateUpdateDeleteOnXcpConfigs": true,
- "authorizedUsers": [
- "string"
]
}, - "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "revision": "string",
- "isolationBoundaries": [
- {
- "name": "string",
- "revisions": [
- {
- "name": null,
- "istio": null,
- "disable": null
}
], - "meshExpansion": {
- "customGateway": {
- "host": null,
- "port": null
}, - "onboarding": {
- "uid": null,
- "endpoint": null,
- "tokenIssuer": null,
- "localRepository": null,
- "workloads": null
}
}
}
], - "enableHttpMeshInternalIdentityPropagation": true,
- "centralProvidedCaCert": true,
- "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "istio": {
- "tsbVersion": "string",
- "mountInternalWasmExtensions": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "CNI": {
- "binaryDirectory": "string",
- "configurationDirectory": "string",
- "chained": true,
- "configurationFileName": "string",
- "clusterRole": "string",
- "revision": "string"
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "traceSamplingRate": 0.1,
- "defaultWorkloadCertTTL": "string",
- "maxWorkloadCertTTL": "string",
- "trustDomain": "string",
- "baseOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "pilotOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "cniOverlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- {
- "path": null,
- "value": null
}
]
}
], - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "rateLimitServer": {
- "backend": {
- "redis": {
- "uri": "string"
}
}, - "domain": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "hpaAdapter": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "onboarding": {
- "operator": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "repository": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": null,
- "property2": null
}, - "env": [
- null
], - "affinity": {
- "nodeAffinity": null,
- "podAffinity": null,
- "podAntiAffinity": null
}, - "replicaCount": 0,
- "resources": {
- "limits": { },
- "requests": { }
}, - "strategy": {
- "type": null,
- "rollingUpdate": null
}, - "tolerations": [
- null
], - "hpaSpec": {
- "minReplicas": null,
- "maxReplicas": null,
- "metrics": [ ]
}, - "podSecurityContext": {
- "seLinuxOptions": null,
- "runAsUser": null,
- "runAsNonRoot": null,
- "supplementalGroups": [ ],
- "fsGroup": null,
- "runAsGroup": null,
- "sysctls": [ ],
- "windowsOptions": null,
- "fsGroupChangePolicy": null,
- "seccompProfile": null
}, - "containerSecurityContext": {
- "capabilities": null,
- "privileged": null,
- "seLinuxOptions": null,
- "windowsOptions": null,
- "runAsUser": null,
- "runAsGroup": null,
- "runAsNonRoot": null,
- "readOnlyRootFilesystem": null,
- "allowPrivilegeEscalation": null,
- "procMount": null,
- "seccompProfile": null
}
}, - "service": {
- "annotations": {
- "property1": null,
- "property2": null
}, - "ports": [
- null
], - "type": "string",
- "labels": {
- "property1": null,
- "property2": null
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- null
]
}, - "overlays": [
- {
- "apiVersion": null,
- "kind": null,
- "name": null,
- "patches": [ ]
}
]
}
}, - "plane": {
- "instance": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}
}
}, - "satellite": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevel": "string"
}, - "ngac": {
- "enabled": true,
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "gitops": {
- "enabled": true,
- "reconcileInterval": "string",
- "batchWindow": "string",
- "managementplaneRequestTimeout": "string",
- "reconcileRequestTimeout": "string",
- "webhookTimeout": "string",
- "pushMode": "SYNC"
}, - "internalCertProvider": {
- "certManager": {
- "managed": "AUTO",
- "certManagerSpec": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerWebhookSpec": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerCaInjector": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}, - "certManagerStartupapicheck": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "replicaCount": null,
- "resources": null,
- "strategy": null,
- "tolerations": [ ],
- "hpaSpec": null,
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "service": {
- "annotations": { },
- "ports": [ ],
- "type": null,
- "labels": { }
}, - "job": {
- "podAnnotations": { },
- "env": [ ],
- "affinity": null,
- "tolerations": [ ],
- "podSecurityContext": null,
- "containerSecurityContext": null
}, - "serviceAccount": {
- "imagePullSecrets": [ ]
}, - "overlays": [
- null
]
}
}
}, - "custom": {
- "csrSignerName": "string",
- "caBundleSecretName": "string"
}
}, - "defaultKubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": null,
- "resourceFieldRef": null,
- "configMapKeyRef": null,
- "secretKeyRef": null
}
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": null,
- "intVal": null,
- "strVal": null
}, - "maxSurge": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- 0
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- {
- "name": null,
- "value": null
}
], - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [
- null
], - "drop": [
- null
]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "account": {
- "imagePullSecrets": [
- {
- "name": "string"
}
]
}, - "job": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [ ]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- null
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- null
]
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
], - "podSecurityContext": {
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- 0
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- {
- "name": null,
- "value": null
}
], - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [
- null
], - "drop": [
- null
]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": "string",
- "role": "string",
- "type": "string",
- "level": "string"
}, - "windowsOptions": {
- "gmsaCredentialSpecName": "string",
- "gmsaCredentialSpec": "string",
- "runAsUserName": "string"
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": "string",
- "localhostProfile": "string"
}
}
}
}, - "wasmfetcher": {
- "cacheDisableInsecureRegistries": true,
- "cacheExpiration": "string",
- "cacheMaxRetries": 0,
- "cachePurgeInterval": "string",
- "cacheRequestTimeout": "string",
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}
}, - "defaultLogLevel": "string",
- "route53Controller": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}, - "n2ac": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}, - "logLevels": {
- "property1": "string",
- "property2": "string"
}, - "pep": {
- "disableTls": true,
- "skipTlsVerify": true,
- "timeout": "string",
- "cache": {
- "disabled": true,
- "ignoreNoCacheHeader": true,
- "ttl": "string"
}
}, - "enabled": true
}, - "awsController": {
- "kubeSpec": {
- "deployment": {
- "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": null,
- "value": null,
- "valueFrom": null
}
], - "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": null,
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [ ],
- "preferredDuringSchedulingIgnoredDuringExecution": [ ]
}
}, - "replicaCount": 0,
- "resources": {
- "limits": {
- "property1": null,
- "property2": null
}, - "requests": {
- "property1": null,
- "property2": null
}
}, - "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": null,
- "maxSurge": null
}
}, - "tolerations": [
- {
- "key": null,
- "operator": null,
- "value": null,
- "effect": null,
- "tolerationSeconds": null
}
], - "hpaSpec": {
- "minReplicas": 0,
- "maxReplicas": 0,
- "metrics": [
- null
]
}, - "podSecurityContext": {
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "runAsUser": 0,
- "runAsNonRoot": true,
- "supplementalGroups": [
- null
], - "fsGroup": 0,
- "runAsGroup": 0,
- "sysctls": [
- null
], - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "fsGroupChangePolicy": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}, - "containerSecurityContext": {
- "capabilities": {
- "add": [ ],
- "drop": [ ]
}, - "privileged": true,
- "seLinuxOptions": {
- "user": null,
- "role": null,
- "type": null,
- "level": null
}, - "windowsOptions": {
- "gmsaCredentialSpecName": null,
- "gmsaCredentialSpec": null,
- "runAsUserName": null
}, - "runAsUser": 0,
- "runAsGroup": 0,
- "runAsNonRoot": true,
- "readOnlyRootFilesystem": true,
- "allowPrivilegeEscalation": true,
- "procMount": "string",
- "seccompProfile": {
- "type": null,
- "localhostProfile": null
}
}
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "ports": [
- {
- "name": null,
- "protocol": null,
- "port": null,
- "targetPort": null,
- "nodePort": null
}
], - "type": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "imagePullSecrets": [
- {
- "name": null
}
]
}, - "overlays": [
- {
- "apiVersion": "string",
- "kind": "string",
- "name": "string",
- "patches": [
- null
]
}
]
}
}
}, - "providerSettings": {
- "eks": {
- "useNlbByDefault": true
}, - "route53": {
- "serviceAccountName": "string",
- "namespaceSelector": {
- "namespace": "string",
- "ignoreNamespaces": "string"
}, - "policy": "SYNC",
- "domainFilter": [
- "string"
], - "interval": "string",
- "ttl": "string",
- "evaluateTargetHealth": true,
- "filterSettings": {
- "annotationFilter": "string",
- "labelFilter": "string",
- "excludeDomain": [
- "string"
], - "zoneType": "NONE",
- "zoneTagFilter": [
- "string"
], - "zoneIdFilter": [
- "string"
]
}, - "enabled": true
}, - "aws": {
- "serviceAccountName": "string"
}, - "lattice": {
- "enabled": true
}
}, - "managementPlane": {
- "host": "string",
- "port": 0,
- "selfSigned": true,
- "clusterName": "string"
}, - "meshExpansion": {
- "customGateway": {
- "host": "string",
- "port": 0
}, - "onboarding": {
- "uid": "string",
- "endpoint": {
- "hosts": [
- "string"
], - "secretName": "string"
}, - "tokenIssuer": {
- "jwt": {
- "expiration": "string"
}
}, - "localRepository": { },
- "workloads": {
- "authentication": {
- "jwt": {
- "issuers": [
- null
]
}
}, - "deregistration": {
- "propagationDelay": "string"
}
}
}
}, - "telemetryStore": {
- "elastic": {
- "host": "string",
- "port": 0,
- "protocol": "https",
- "selfSigned": true,
- "version": 0,
- "indexPrefix": "string"
}
}, - "meshObservability": {
- "demoSettings": {
- "apiEndpointMetricsEnabled": true
}, - "settings": {
- "apiEndpointMetricsEnabled": true
}
}, - "tier1Cluster": true
}, - "secrets": {
- "tsb": {
- "cacert": "string"
}, - "elasticsearch": {
- "username": "string",
- "password": "string",
- "cacert": "string"
}, - "xcp": {
- "autoGenerateCerts": true,
- "rootca": "string",
- "rootcakey": "string",
- "edge": {
- "cert": "string",
- "key": "string",
- "token": "string"
}
}, - "clusterServiceAccount": {
- "clusterFQN": "string",
- "JWK": "string",
- "encodedJWK": "string"
}
}, - "operator": {
- "deployment": {
- "affinity": {
- "nodeAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": {
- "nodeSelectorTerms": [
- {
- "matchExpressions": [ ],
- "matchFields": [ ]
}
]
}, - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "preference": {
- "matchExpressions": [ ],
- "matchFields": [ ]
}
}
]
}, - "podAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": {
- "matchLabels": { },
- "matchExpressions": [ ]
}, - "namespaces": [
- null
], - "topologyKey": "string"
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "podAffinityTerm": {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
}
]
}, - "podAntiAffinity": {
- "requiredDuringSchedulingIgnoredDuringExecution": [
- {
- "labelSelector": {
- "matchLabels": { },
- "matchExpressions": [ ]
}, - "namespaces": [
- null
], - "topologyKey": "string"
}
], - "preferredDuringSchedulingIgnoredDuringExecution": [
- {
- "weight": 0,
- "podAffinityTerm": {
- "labelSelector": null,
- "namespaces": [ ],
- "topologyKey": null
}
}
]
}
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}, - "env": [
- {
- "name": "string",
- "value": "string",
- "valueFrom": {
- "fieldRef": {
- "apiVersion": "string",
- "fieldPath": "string"
}, - "resourceFieldRef": {
- "containerName": "string",
- "resource": "string",
- "divisor": {
- "type": null,
- "intVal": null,
- "strVal": null
}
}, - "configMapKeyRef": {
- "localObjectReference": {
- "name": null
}, - "key": "string",
- "optional": true
}, - "secretKeyRef": {
- "localObjectReference": {
- "name": null
}, - "key": "string",
- "optional": true
}
}
}
], - "podAnnotations": {
- "property1": "string",
- "property2": "string"
}, - "replicaCount": 0,
- "strategy": {
- "type": "string",
- "rollingUpdate": {
- "maxUnavailable": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}, - "maxSurge": {
- "type": "string",
- "intVal": 0,
- "strVal": "string"
}
}
}, - "tolerations": [
- {
- "key": "string",
- "operator": "string",
- "value": "string",
- "effect": "string",
- "tolerationSeconds": "string"
}
]
}, - "service": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "serviceAccount": {
- "annotations": {
- "property1": "string",
- "property2": "string"
}, - "imagePullSecrets": [
- "string"
], - "pullSecret": "string",
- "pullUsername": "string",
- "pullPassword": "string"
}
}
}
}
}
Unregisters a cluster from the platform. Deleting a cluster will unregister it from the management plane, and the agents will stop receiving configuration updates. Agent tokens for the cluster are revoked as well, so agents that are still running will fail to report back cluster status to the management plane. Note that unregistering the cluster is a management plane only operation. This does not uninstall the agents from the local cluster. Agents will continue running and the services that are deployed in that cluster will be able to continue operating with the last applied configuration. Unregistering a cluster from the management plane should not generate downtime to services that are running on that cluster.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Responses
Response samples
- 200
- default
{ }
Generate the tokens for the cluster agents so they can talk to the management plane. Once a cluster object has been registered in the management plane, this method can be used to generate the JWT tokens that need to be configured in the local cluster agents in order to let them talk to the management plane. These tokens contain the necessary permissions to allow the agents to download the configuration for their cluster and to push cluster status updates to the management plane.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Responses
Response samples
- 200
- default
{- "tokens": {
- "property1": "string",
- "property2": "string"
}
}
Response samples
- 200
- default
{- "organizations": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Creates a new Organization in TSB. Organizations are the top-level construct in TSB and contain all the resources such as tenants, workspaces and clusters. $hide_from_docs
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2Organization)
|
Responses
Request samples
- Payload
{- "name": "string",
- "organization": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of an organization.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify an organization. Update operations are protected against concurrent modifications of the resource. They are required to provide the last version of the `etag` field as part of the update request payload. $hide_from_docs
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
deletionProtectionEnabled | boolean When set, prevents the resource from being deleted. In order to delete the resource this
property needs to be set to |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "deletionProtectionEnabled": true,
- "description": "string",
- "displayName": "string",
- "etag": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete an organization. Note that deleting resources in TSB is a recursive operation. Deleting an organization will delete all tenants, clusters and all configurations that exist in it. $hide_from_docs
path Parameters
organization required | string Organization name. |
query Parameters
force | boolean Force the deletion of the object even if deletion protection is enabled. If this is set, then the object and all its children will be deleted even if any of them has the deletion protection enabled. |
Responses
Response samples
- 200
- default
{ }
List all the settings objects that have been attached to the given Organization.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": null
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": null,
- "retries": null,
- "maxRequests": null,
- "maxRequestsPerConnection": null
}, - "tcp": {
- "keepAlive": null,
- "maxConnections": null,
- "connectTimeout": null
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": null,
- "path": null,
- "ttl": null
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": null
}, - "maglev": {
- "tableSize": null
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
]
}
Create a settings object for the given organization.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2OrganizationSetting) Settings that apply globally to the entire organization. |
Responses
Request samples
- Payload
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": null,
- "team": null,
- "serviceAccount": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": null,
- "perTryTimeout": null,
- "retryOn": null
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": null,
- "idleTime": null,
- "interval": null
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
Get the details for the given settings object.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
Modify the given settings in the given Organization.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. | |
object (v2TrafficSetting) A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. When applied to a traffic group, missing fields will inherit values from the workspace-wide setting if any. | |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2FailoverSettings) Failover settings for all proxies connecting to a host exposed in this workspace/organization based on the settings definition scope. Note that this is a server side setting. | |
object (OrganizationSettingNetworkSettings) Network related settings for clusters. | |
Array of objects (v2RegionalFailover) Default locality routing settings for all gateways. Please use FailoverSettings instead. If FailoverSettings is set, it takes precedence over this field. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect. |
Responses
Request samples
- Payload
{- "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}, - "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "networkSettings": {
- "networkReachability": {
- "property1": "string",
- "property2": "string"
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
SyncOrganization is used by processes that monitor the identity providers to synchronize the users and teams with the ones in TSB.
This method will update the state of users and groups in the organization and will create, modify, and delete groups according to the incoming request. Sync requests are assumed to be a full-sync and to contain all existing users and groups. Existing TSB users and groups that are not contained in a sync request will be deleted from the platform, as it will assume they have been removed from the Identity Provider.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
sourceType | string (v2SourceType) Default: "INVALID" Enum: "INVALID" "LDAP" "LOCAL" "AZURE" "MANUAL"
|
Array of objects (SyncOrganizationRequestSyncTeam) | |
Array of objects (SyncOrganizationRequestSyncUser) |
Responses
Request samples
- Payload
{- "sourceType": "INVALID",
- "teams": [
- {
- "id": "string",
- "description": "string",
- "memberUserIds": [
- "string"
], - "memberGroupIds": [
- "string"
], - "displayName": "string"
}
], - "users": [
- {
- "id": "string",
- "description": "string",
- "email": "string",
- "loginName": "string",
- "displayName": "string"
}
]
}
Response samples
- 200
- default
{- "failedUsers": {
- "removal": [
- "string"
], - "addition": [
- "string"
], - "update": [
- "string"
]
}, - "failedTeams": {
- "removal": [
- "string"
], - "addition": [
- "string"
], - "update": [
- "string"
]
}
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
cluster required | string Cluster name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
extension required | string Extension name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
service required | string Service name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
api required | string Api name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
application required | string Application name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
egressgateway required | string Egressgateway name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
ingressgateway required | string Ingressgateway name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
gatewaygroup required | string Gatewaygroup name. |
tie1gateway required | string Tie1gateway name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
istiointernalgroup required | string Istiointernalgroup name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
securitygroup required | string Securitygroup name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
serviceroute required | string Serviceroute name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
trafficgroup required | string Trafficgroup name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
Given a resource fully-qualified name of a resource returns its current status.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Responses
Response samples
- 200
- default
{- "status": "UNKNOWN",
- "resources": [
- {
- "status": "UNKNOWN",
- "resource": {
- "fqn": "string",
- "expectedEtag": "string",
- "exclusivelyOwned": true
}
}
]
}
List existing Service Accounts.
path Parameters
organization required | string Organization name. |
query Parameters
keyEncoding | string Default: "PEM" Enum: "PEM" "JWK" The format in which the key pairs for each key will be returned. If not set keys are returned in PEM format. |
Responses
Response samples
- 200
- default
{- "serviceAccounts": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
]
}
Create Service Account in TSB. Service Accounts are local to TSB and can be used to access the platform using JWT tokens signed with the Service Account's private key for authentication.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
keyEncoding | string (Format in which the keys in this keypair are encoded) Default: "PEM" Enum: "PEM" "JWK" |
name required | string The short name for the resource to be created. |
required | object (tsbv2ServiceAccount)
|
Responses
Request samples
- Payload
{- "keyEncoding": "PEM",
- "name": "string",
- "serviceAccount": {
- "displayName": "string",
- "etag": "string",
- "description": "string"
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
Get the details of an existing Service Account.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
query Parameters
keyEncoding | string Default: "PEM" Enum: "PEM" "JWK" The format in which the key pairs will be returned. If not set keys are returned in PEM format. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
Update the details of a service account. Updating the details of the service account does not regenerate its keys.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
description | string A description of the resource. |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "description": "string",
- "displayName": "string",
- "etag": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
Get all the public keys available in the service account and return them in a JWKS document. See: https://datatracker.ietf.org/doc/html/rfc7517 Requests to this endpoint require read permissions on the service account, or a token signed with one of the service account keys.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Responses
Response samples
- 200
- default
{- "keys": [
- {
- "alg": "string",
- "kty": "string",
- "use": "string",
- "n": "string",
- "e": "string",
- "kid": "string"
}
]
}
Generate a new key-pair for the service account. Note that TSB does not store the generated private key, so the client must read it and store it securely.
path Parameters
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Request Body schema: application/jsonrequired
keyEncoding | string (Format in which the keys in this keypair are encoded) Default: "PEM" Enum: "PEM" "JWK" |
Responses
Request samples
- Payload
{- "keyEncoding": "PEM"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
Delete a key-pair associated the service account.
path Parameters
id required | string ID of the key-pair to delete. |
organization required | string Organization name. |
serviceaccount required | string Serviceaccount name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "keys": [
- {
- "id": "string",
- "publicKey": "string",
- "privateKey": "string",
- "encoding": "PEM",
- "defaultToken": "string"
}
]
}
Create a new team.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2Team)
|
Responses
Request samples
- Payload
{- "name": "string",
- "team": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
Get the details of an existing team.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
Modify an existing team.
path Parameters
organization required | string Organization name. |
team required | string Team name. |
Request Body schema: application/jsonrequired
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
members | Array of strings List of members under the team. The elements of this list are the FQNs of the team members. Team members can be users, service accounts or other teams. |
sourceType | string (v2SourceType) Default: "INVALID" Enum: "INVALID" "LDAP" "LOCAL" "AZURE" "MANUAL"
|
Responses
Request samples
- Payload
{- "description": "string",
- "displayName": "string",
- "etag": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "members": [
- "string"
], - "sourceType": "INVALID"
}
Response samples
- 200
- default
{- "users": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
]
}
Deprecated. This method will be removed in future versions of TSB. Use Service Accounts instead.
Create a local User in TSB. Local users are like sercice accounts and are mostly used for internal purposes where an authentication token can be issued by the IAM service to be used on behalf of the user.
Note that local users do not exist in the Identity Provider and the normal login process will not allow them to access TSB.
$hide_from_docs
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2User)
|
Responses
Request samples
- Payload
{- "name": "string",
- "user": {
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
Get the details of an existing user.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
Deprecated. This method will be removed in future versions of TSB. Use Service Accounts instead.
Modify an existin user.
This operation is expected to be used only for LOCAL users. Users are periodically synchronized from the Identity Provider, and the process may automatically set some properties of the User resource. Modifications made using the TSB APIs may be replaced by the data from the Identity Provider on every synchronization.
$hide_from_docs
path Parameters
organization required | string Organization name. |
user required | string User name. |
Request Body schema: application/jsonrequired
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
string Email for the user where alerts and other notifications will be sent. | |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
firstName | string The first name of the user. |
lastName | string The last name of the user, if any. |
loginName required | string The username used in the login credentials. |
sourceType | string (v2SourceType) Default: "INVALID" Enum: "INVALID" "LDAP" "LOCAL" "AZURE" "MANUAL"
|
Responses
Request samples
- Payload
{- "displayName": "string",
- "email": "string",
- "etag": "string",
- "firstName": "string",
- "lastName": "string",
- "loginName": "string",
- "sourceType": "INVALID"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "loginName": "string",
- "firstName": "string",
- "lastName": "string",
- "email": "string",
- "sourceType": "INVALID"
}
Deprecated. This method will be removed in future versions of TSB. Use Service Accounts instead.
Delete an existing user. This operation is expected to be used only for LOCAL users. Users are periodically synchronized from the Identity Provider, so deleting a user that is not a local one may be reverted if the change is not done accordingly in the Identity Provider.
$hide_from_docs
path Parameters
organization required | string Organization name. |
user required | string User name. |
Responses
Response samples
- 200
- default
{ }
Deprecated. This method will be removed in future versions of TSB. Use Service Accounts instead.
Generate the tokens for a local user account so it can authenticate against management plane. This method will return an error if the user account is not of type MANUAL. Credentials for normal platform users must be configured in the corresponding Identity Provider.
path Parameters
organization required | string Organization name. |
user required | string User name. |
Responses
Response samples
- 200
- default
{- "accessToken": "string",
- "refreshToken": "string"
}
List all tenants that are available.
path Parameters
organization required | string Organization name. |
Responses
Response samples
- 200
- default
{- "tenants": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a new tenant in the platform that will be the home for a set of resources.
path Parameters
organization required | string Organization name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2Tenant)
|
Responses
Request samples
- Payload
{- "name": "string",
- "tenant": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of an existing tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify the details of the given tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
deletionProtectionEnabled | boolean When set, prevents the resource from being deleted. In order to delete the resource this
property needs to be set to |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
securityDomain | string Security domains can be used to group different resources under the same security domain.
Although security domain is not resource itself currently, it follows a fqn format
|
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "deletionProtectionEnabled": true,
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "securityDomain": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete a tenant from the platform. Deleting a tenant will recursively delete all resources attached to the tenant, so use with caution. It will delete all workspaces and all settings that have been created in that tenant, so this operation should be done carefully, when it's safe to do so.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
query Parameters
force | boolean Force the deletion of the object even if deletion protection is enabled. If this is set, then the object and all its children will be deleted even if any of them has the deletion protection enabled. |
Responses
Response samples
- 200
- default
{ }
List all the WASM extensions that have been attached to the given tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "extensions": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "allowedIn": [
- "string"
], - "image": "string",
- "source": "string",
- "phase": "UNSPECIFIED_PHASE",
- "priority": 0,
- "config": { },
- "imagePullPolicy": "UNSPECIFIED_POLICY",
- "imagePullSecret": "string",
- "vmConfig": {
- "env": [
- {
- "name": "string",
- "valueFrom": "INLINE",
- "value": "string"
}
]
}, - "url": "string",
- "match": {
- "mode": "UNDEFINED"
}
}
]
}
List all the settings objects that have made available to the given tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": null
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": null,
- "retries": null,
- "maxRequests": null,
- "maxRequestsPerConnection": null
}, - "tcp": {
- "keepAlive": null,
- "maxConnections": null,
- "connectTimeout": null
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": null,
- "path": null,
- "ttl": null
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": null
}, - "maglev": {
- "tableSize": null
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
]
}
Create a settings object for the given tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2TenantSetting) Default settings that apply to all workspaces under a tenant. |
Responses
Request samples
- Payload
{- "name": "string",
- "setting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": null,
- "team": null,
- "serviceAccount": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": null,
- "perTryTimeout": null,
- "retryOn": null
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": null,
- "idleTime": null,
- "interval": null
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Get the details for the given settings object.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Modify the given settings in the given tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. | |
object (v2TrafficSetting) A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. When applied to a traffic group, missing fields will inherit values from the workspace-wide setting if any. | |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
Responses
Request samples
- Payload
{- "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
List all existing workspaces for the given tenant.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Responses
Response samples
- 200
- default
{- "workspaces": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
]
}
Create a new workspace. The workspace will own exclusively the namespaces configured in the namespaces selector for the workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2Workspace) A Workspace is a collection of related namespaces in one or more clusters. |
Responses
Request samples
- Payload
{- "name": "string",
- "workspace": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Get the details of an existing workspace
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Modify an existing workspace
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
object (v2ConfigGenerationMetadata)
| |
deletionProtectionEnabled | boolean When set, prevents the resource from being deleted. In order to delete the resource this
property needs to be set to |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
isolationBoundary | string Istio Isolation Boundary name to which this workspace belongs. If not provided explicitly, the workspace looks for an isolation boundary with name set as "global". Therefore, in order to move existing workspaces to isolation boundaries, and be a part of revisioned control plane, it is recommended to configure an isolation boundary with the name "global". |
required | object (`NamespaceSelector` selects a set of namespaces across one or more
clusters in a tenant. Namespace selectors can be used at Workspace
level to carve out a chunk of resources under a tenant into an
isolated configuration domain. They can be used in a Traffic,
Security, or a Gateway group to further scope the set of namespaces
that will belong to a specific configuration group.
Names in namespaces selector must be in the form `cluster/namespace`
where:
- cluster must be a cluster name or an `*` to mean all clusters
- namespace must be a namespace name, an `*` to mean all namespaces
or a prefix like `ns-*` to mean all those namespaces starting
by `ns-`) |
privileged | boolean If set to true, allows Gateways in the workspace to route to services in other workspaces. Set this to true for workspaces owning cluster-wide gateways shared by multiple teams. |
securityDomain | string Security domains can be used to group different resources under the same security domain.
Although security domain is not resource itself currently, it follows a fqn format
|
Responses
Request samples
- Payload
{- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}, - "deletionProtectionEnabled": true,
- "description": "string",
- "displayName": "string",
- "etag": "string",
- "isolationBoundary": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "securityDomain": "string"
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "namespaceSelector": {
- "names": [
- "string"
]
}, - "privileged": true,
- "isolationBoundary": "string",
- "securityDomain": "string",
- "deletionProtectionEnabled": true,
- "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
Delete an existing workspace. Note that deleting resources in TSB is a recursive operation. Deleting a workspace will delete all groups and configuration objects that exist in it.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
query Parameters
force | boolean Force the deletion of the object even if deletion protection is enabled. If this is set, then the object and all its children will be deleted even if any of them has the deletion protection enabled. |
Responses
Response samples
- 200
- default
{ }
List all settings available for the given workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Responses
Response samples
- 200
- default
{- "settings": [
- {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- null
], - "to": [
- null
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- null
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- null
], - "fromHeaders": [
- null
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": null
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": null,
- "header": null
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": null,
- "destinationCluster": null,
- "remoteAddress": null,
- "requestHeaders": null,
- "headerValueMatch": null
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": null,
- "retries": null,
- "maxRequests": null,
- "maxRequestsPerConnection": null
}, - "tcp": {
- "keepAlive": null,
- "maxConnections": null,
- "connectTimeout": null
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": null,
- "path": null,
- "ttl": null
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": null
}, - "maglev": {
- "tableSize": null
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "hostsReachability": {
- "hostnames": [
- {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
]
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
]
}
Create default settings for a workspace. Default settings will apply to the services owned by the workspace, unless more specific settings are provided at the group level.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
Request Body schema: application/jsonrequired
name required | string The short name for the resource to be created. |
required | object (v2WorkspaceSetting) Default security and traffic settings for all proxy workloads in the workspace. |
Responses
Request samples
- Payload
{- "name": "string",
- "settings": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": null,
- "team": null,
- "serviceAccount": null
}
], - "to": [
- {
- "paths": [ ],
- "methods": [ ]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": null,
- "claim": null
}
], - "fromHeaders": [
- {
- "name": null,
- "prefix": null
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": null
}, - "header": {
- "name": null,
- "value": null,
- "dontMatch": null
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": null,
- "descriptorKey": null
}, - "headerValueMatch": {
- "headers": { },
- "descriptorValue": null,
- "dontMatch": null
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": null,
- "perTryTimeout": null,
- "retryOn": null
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": null,
- "idleTime": null,
- "interval": null
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "hostsReachability": {
- "hostnames": [
- {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
]
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "hostsReachability": {
- "hostnames": [
- {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
]
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
Get the details of a settings object for the given workspace.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Responses
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "hostsReachability": {
- "hostnames": [
- {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
]
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}
Modify the given workspace settings.
path Parameters
organization required | string Organization name. |
tenant required | string Tenant name. |
workspace required | string Workspace name. |
setting required | string Setting name. |
Request Body schema: application/jsonrequired
Array of objects (v2EastWestGateway) Default east west gateway settings specifies workspace-wide east-west gateway configuration. This is used to configure east-west routing (required for fail-over) for the services that are not exposed on the gateways. All the services matching the specified criteria is picked up for exposing on the east-west gateway workload selected by the workload selector. In case, a service matches selectors in multiple items, the one which comes first is picked up. | |
object (v2SecuritySetting) A security setting applies configuration to a set of proxy workloads in a security group or a workspace. When applied to a security group, missing fields will inherit values from the workspace-wide setting if any. | |
object (v2TrafficSetting) A traffic setting applies configuration to a set of proxy workloads in a traffic group or a workspace. When applied to a traffic group, missing fields will inherit values from the workspace-wide setting if any. | |
description | string (A description of the resource.
$hide_from_yaml) |
displayName | string (User friendly name for the resource.
$hide_from_yaml) |
etag | string (The etag for the resource. This field is automatically computed and must be sent
on every update to the resource to prevent concurrent modifications.
$hide_from_yaml) |
object (v2FailoverSettings) Failover settings for all proxies connecting to a host exposed in this workspace/organization based on the settings definition scope. Note that this is a server side setting. | |
object (v2HostsReachability)
| |
Array of objects (v2RegionalFailover) Locality routing settings for all gateways in the workspace. Overrides any global settings. Please use FailoverSettings instead. If FailoverSettings is set, it takes precedence over this field. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect. |
Responses
Request samples
- Payload
{- "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "defaultSecuritySetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "description": "string",
- "displayName": "string",
- "etag": "string",
- "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}, - "hostsReachability": {
- "hostnames": [
- {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
]
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
Response samples
- 200
- default
{- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "defaultSecuritySetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "authentication": "UNSET",
- "authorization": {
- "mode": "UNSET",
- "serviceAccounts": [
- "string"
], - "http": {
- "external": {
- "uri": "string",
- "includeRequestHeaders": [
- "string"
], - "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}, - "local": {
- "rules": [
- {
- "name": "string",
- "from": [
- {
- "user": "string",
- "team": "string",
- "serviceAccount": "string"
}
], - "to": [
- {
- "paths": [
- null
], - "methods": [
- null
]
}
]
}
]
}
}, - "rules": {
- "allow": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
], - "denyAll": true,
- "deny": [
- {
- "from": {
- "fqn": "string"
}, - "to": {
- "fqn": "string"
}
}
]
}, - "identityMatch": "UNKNOWN"
}, - "authenticationSettings": {
- "trafficMode": "UNSET",
- "http": {
- "jwt": {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}, - "rules": {
- "jwt": [
- {
- "issuer": "string",
- "audiences": [
- "string"
], - "jwksUri": "string",
- "jwks": "string",
- "outputPayloadToHeader": "string",
- "outputClaimToHeaders": [
- {
- "header": "string",
- "claim": "string"
}
], - "fromHeaders": [
- {
- "name": "string",
- "prefix": "string"
}
]
}
]
}, - "oidc": {
- "grantType": "DEFAULT_GRANT_TYPE",
- "clientId": "string",
- "clientTokenSecret": "string",
- "redirectUri": "string",
- "provider": {
- "issuer": "string",
- "authorizationEndpoint": "string",
- "tokenEndpoint": "string",
- "jwksUri": "string",
- "jwks": "string"
}, - "authType": "DEFAULT_AUTH_TYPE",
- "authScopes": [
- "string"
], - "redirectPathMatcher": "string",
- "signoutPath": "string"
}
}
}, - "waf": {
- "rules": [
- "string"
]
}, - "propagationStrategy": "REPLACE",
- "extension": [
- {
- "fqn": "string",
- "config": { },
- "match": [
- {
- "mode": "UNDEFINED",
- "ports": [
- {
- "number": 0
}
]
}
]
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "defaultTrafficSetting": {
- "fqn": "string",
- "displayName": "string",
- "etag": "string",
- "description": "string",
- "reachability": {
- "mode": "UNSET",
- "hosts": [
- "string"
]
}, - "resilience": {
- "httpRequestTimeout": "string",
- "httpRetries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "tcpKeepalive": true,
- "keepAlive": {
- "tcp": {
- "downstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "upstream": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "egress": {
- "host": "string",
- "port": 0
}, - "rateLimiting": {
- "settings": {
- "rules": [
- {
- "dimensions": [
- {
- "remoteAddress": {
- "value": "string"
}, - "header": {
- "name": "string",
- "value": {
- "exact": null,
- "prefix": null,
- "regex": null
}, - "dontMatch": true
}
}
], - "limit": {
- "requestsPerUnit": 0,
- "unit": "UNKNOWN"
}
}
], - "failClosed": true,
- "timeout": "string"
}, - "externalService": {
- "domain": "string",
- "failClosed": true,
- "rateLimitServerUri": "string",
- "rules": [
- {
- "dimensions": [
- {
- "sourceCluster": { },
- "destinationCluster": { },
- "remoteAddress": { },
- "requestHeaders": {
- "headerName": "string",
- "descriptorKey": "string"
}, - "headerValueMatch": {
- "headers": {
- "property1": null,
- "property2": null
}, - "descriptorValue": "string",
- "dontMatch": true
}
}
]
}
], - "timeout": "string",
- "tls": {
- "mode": "DISABLED",
- "files": {
- "clientCertificate": "string",
- "privateKey": "string",
- "caCertificates": "string"
}, - "secretName": "string",
- "subjectAltNames": [
- "string"
]
}
}
}, - "upstreamTrafficSettings": [
- {
- "hosts": [
- "string"
], - "settings": {
- "resilience": {
- "connectionPool": {
- "http": {
- "requestTimeout": "string",
- "retries": {
- "attempts": 0,
- "perTryTimeout": "string",
- "retryOn": "string"
}, - "maxRequests": 0,
- "maxRequestsPerConnection": 0
}, - "tcp": {
- "keepAlive": {
- "probes": 0,
- "idleTime": 0,
- "interval": 0
}, - "maxConnections": 0,
- "connectTimeout": "string"
}
}, - "circuitBreakerSensitivity": "UNSET"
}, - "loadBalancer": {
- "simple": "UNSPECIFIED",
- "consistentHash": {
- "httpHeaderName": "string",
- "httpCookie": {
- "name": "string",
- "path": "string",
- "ttl": "string"
}, - "useSourceIp": true,
- "httpQueryParameterName": "string",
- "ringHash": {
- "minimumRingSize": 0
}, - "maglev": {
- "tableSize": 0
}
}
}
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}, - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
], - "defaultEastWestGatewaySettings": [
- {
- "workloadSelector": {
- "namespace": "string",
- "labels": {
- "property1": "string",
- "property2": "string"
}
}, - "exposedServices": [
- {
- "serviceLabels": {
- "property1": "string",
- "property2": "string"
}
}
], - "configGenerationMetadata": {
- "labels": {
- "property1": "string",
- "property2": "string"
}, - "annotations": {
- "property1": "string",
- "property2": "string"
}
}
}
], - "hostsReachability": {
- "hostnames": [
- {
- "exact": "string",
- "prefix": "string",
- "regex": "string"
}
]
}, - "failoverSettings": {
- "topologyChoice": "NONE",
- "failoverPriority": [
- "string"
], - "regionalFailover": [
- {
- "from": "string",
- "to": "string"
}
]
}
}