Tetrate Service BridgeVersion: next

Segmentation Troubleshooting Service

APIs to troubleshoot Segmentation.

Troubleshooting

The Troubleshooting service provides methods to debug segmentation policies and rules.

Operations

ResourceAccess

OperationsRequest

Request message for retrieving allowed operations between resources.

Field	Description	Validation Rule
orgFqn	string REQUIRED FQN of the organization the user belongs to. Used for authorization.	string = { min_len: `1` }
sourceFqn	string REQUIRED FQN of the source resource from which operations are retrieved.	string = { min_len: `1` }
targetFqn	string REQUIRED FQN of the target resource on which the source resource is permitted to perform operations.	string = { min_len: `1` }

OperationsResponse

The response contains the operations that are allowed from a source resource to a given target.

Field	Description	Validation Rule
operations	List of string The actual operations list. Example: `- connect`	–

ResourceAccessRequest

Request message for retrieving allowed access relationships between resources. Either source_fqn or target_fqn must be set, but not both.

If source_fqn is set, returns the target resources the source is allowed to access.
If target_fqn is set, returns the source resources allowed to access the target.

Field	Description	Validation Rule
orgFqn	string REQUIRED FQN of the organization the user belongs to. Used for authorization.	string = { min_len: `1` }
sourceFqn	string ^{oneof _resource_fqn} FQN of the source resource. If set, retrieves the list of target resources the source is allowed to access.	–
targetFqn	string ^{oneof _resource_fqn} FQN of the target resource. If set, retrieves the list of source resources allowed to access the target.	–

ResourceAccessResponse

Response message for an ResourceAccessRequest.

Field Description Validation Rule

Field	Description	Validation Rule
accesses	map<string, google.protobuf.ListValue> Accesses is a map where each key is an operation (e.g., "connect") and its value is a list of FQNs the source or target is allowed to perform the operation to. Example: For a source `organizations/tetrate/tenants/dev/workspaces/eshop`, the accesses are: `connect: - organizations/tetrate/tenants/dev/workspaces/eshop - organizations/tetrate/tenants/dev/workspaces/apps - organizations/tetrate/clusters/app-cluster-2/namespaces/dev-payments - organizations/tetrate/clusters/app-cluster-1/namespaces/app1` That means that the source is allowed to connect to these 4 resources and their descendants.	–

accesses

map<string, google.protobuf.ListValue>
Accesses is a map where each key is an operation (e.g., "connect") and its value is a list of FQNs the source or target is allowed to perform the operation to. Example: For a source organizations/tetrate/tenants/dev/workspaces/eshop, the accesses are:

connect:
- organizations/tetrate/tenants/dev/workspaces/eshop
- organizations/tetrate/tenants/dev/workspaces/apps
- organizations/tetrate/clusters/app-cluster-2/namespaces/dev-payments
- organizations/tetrate/clusters/app-cluster-1/namespaces/app1

That means that the source is allowed to connect to these 4 resources and their descendants.

–

Troubleshooting​

Operations​

ResourceAccess​

OperationsRequest​

OperationsResponse​

ResourceAccessRequest​

ResourceAccessResponse​