Skip to main content
logoTetrate Service BridgeVersion: next

Segmentation Troubleshooting Service

Alpha early access

The segmentation feature is in an early access alpha state. Before trying this in a non production environment, please reach out to Tetrate first.

Troubleshooting

The Troubleshooting service provides methods to debug segmentation policies and rules.

Operations

ResourceAccess

OperationsRequest

Request message for retrieving allowed operations between resources.

FieldDescriptionValidation Rule

orgFqn

string
REQUIRED
FQN of the organization the user belongs to. Used for authorization.

string = {
  min_len: 1
}

sourceFqn

string
REQUIRED
FQN of the source resource from which operations are retrieved.

string = {
  min_len: 1
}

targetFqn

string
REQUIRED
FQN of the target resource on which the source resource is permitted to perform operations.

string = {
  min_len: 1
}

OperationsResponse

The response contains the operations that are allowed from a source resource to a given target.

FieldDescriptionValidation Rule

operations

List of string
The actual operations list. Example:

- connect

ResourceAccessRequest

Request message for retrieving allowed access relationships between resources. Either source_fqn or target_fqn must be set, but not both.

  • If source_fqn is set, returns the target resources the source is allowed to access.

  • If target_fqn is set, returns the source resources allowed to access the target.

FieldDescriptionValidation Rule

orgFqn

string
REQUIRED
FQN of the organization the user belongs to. Used for authorization.

string = {
  min_len: 1
}

sourceFqn

string oneof _resource_fqn
FQN of the source resource. If set, retrieves the list of target resources the source is allowed to access.

targetFqn

string oneof _resource_fqn
FQN of the target resource. If set, retrieves the list of source resources allowed to access the target.

ResourceAccessResponse

Response message for an ResourceAccessRequest.

FieldDescriptionValidation Rule

accesses

map<string, google.protobuf.ListValue>
Accesses is a map where each key is an operation (e.g., "connect") and its value is a list of FQNs the source or target is allowed to perform the operation to. Example: For a source organizations/tetrate/tenants/dev/workspaces/eshop, the accesses are:

connect:
- organizations/tetrate/tenants/dev/workspaces/eshop
- organizations/tetrate/tenants/dev/workspaces/apps
- organizations/tetrate/clusters/app-cluster-2/namespaces/dev-payments
- organizations/tetrate/clusters/app-cluster-1/namespaces/app1

That means that the source is allowed to connect to these 4 resources and their descendants.