-
Notifications
You must be signed in to change notification settings - Fork 282
/
msd_schema.go
433 lines (372 loc) · 31 KB
/
msd_schema.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
//
// Code generated by rdl 1.5.2 DO NOT EDIT.
//
package msd
import (
"log"
rdl "github.com/ardielle/ardielle-go/rdl"
)
var schema *rdl.Schema
func init() {
sb := rdl.NewSchemaBuilder("MSD")
sb.Version(1)
sb.Namespace("com.yahoo.athenz.msd")
sb.Comment("Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. The Micro Segmentation Defense (MSD) API")
tSimpleName := rdl.NewStringTypeBuilder("SimpleName")
tSimpleName.Comment("Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.")
tSimpleName.Pattern("[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tSimpleName.Build())
tCompoundName := rdl.NewStringTypeBuilder("CompoundName")
tCompoundName.Comment("A compound name. Most names in this API are compound names.")
tCompoundName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tCompoundName.Build())
tDomainName := rdl.NewStringTypeBuilder("DomainName")
tDomainName.Comment("A domain name is the general qualifier prefix, as its uniqueness is managed.")
tDomainName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tDomainName.Build())
tEntityName := rdl.NewStringTypeBuilder("EntityName")
tEntityName.Comment("An entity name is a short form of a resource name, including only the domain and entity.")
tEntityName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tEntityName.Build())
tEntityList := rdl.NewStringTypeBuilder("EntityList")
tEntityList.Comment("An Entity list is comma separated compound Names")
tEntityList.Pattern("(([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*,)*([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tEntityList.Build())
tServiceName := rdl.NewStringTypeBuilder("ServiceName")
tServiceName.Comment("A service name will generally be a unique subdomain.")
tServiceName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tServiceName.Build())
tActionName := rdl.NewStringTypeBuilder("ActionName")
tActionName.Comment("An action (operation) name.")
tActionName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tActionName.Build())
tResourceName := rdl.NewStringTypeBuilder("ResourceName")
tResourceName.Comment("A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.")
tResourceName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*(:([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*)?")
sb.AddType(tResourceName.Build())
tYBase64 := rdl.NewStringTypeBuilder("YBase64")
tYBase64.Comment("The Y-specific URL-safe Base64 variant.")
tYBase64.Pattern("[a-zA-Z0-9\\._-]+")
sb.AddType(tYBase64.Build())
tYEncoded := rdl.NewStringTypeBuilder("YEncoded")
tYEncoded.Comment("YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.")
tYEncoded.Pattern("[a-zA-Z0-9\\._%=-]*")
sb.AddType(tYEncoded.Build())
tAuthorityName := rdl.NewStringTypeBuilder("AuthorityName")
tAuthorityName.Comment("Used as the prefix in a signed assertion. This uniquely identifies a signing authority.")
tAuthorityName.Pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tAuthorityName.Build())
tPathElement := rdl.NewStringTypeBuilder("PathElement")
tPathElement.Comment("A uri-safe path element")
tPathElement.Pattern("[a-zA-Z0-9-\\._~=+@$,:]*")
sb.AddType(tPathElement.Build())
tTransportPolicySubjectDomainName := rdl.NewStringTypeBuilder("TransportPolicySubjectDomainName")
tTransportPolicySubjectDomainName.Comment("DomainName in TransportPolicySubject should allow * to indicate ANY")
tTransportPolicySubjectDomainName.Pattern("\\*|([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tTransportPolicySubjectDomainName.Build())
tTransportPolicySubjectServiceName := rdl.NewStringTypeBuilder("TransportPolicySubjectServiceName")
tTransportPolicySubjectServiceName.Comment("ServiceName in TransportPolicySubject should allow * to indicate ANY")
tTransportPolicySubjectServiceName.Pattern("\\*|([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*")
sb.AddType(tTransportPolicySubjectServiceName.Build())
tTransportPolicyEnforcementState := rdl.NewEnumTypeBuilder("Enum", "TransportPolicyEnforcementState")
tTransportPolicyEnforcementState.Comment("Types of transport policy enforcement states")
tTransportPolicyEnforcementState.Element("ENFORCE", "")
tTransportPolicyEnforcementState.Element("REPORT", "")
sb.AddType(tTransportPolicyEnforcementState.Build())
tTransportPolicyProtocol := rdl.NewEnumTypeBuilder("Enum", "TransportPolicyProtocol")
tTransportPolicyProtocol.Comment("Types of transport policy protocols")
tTransportPolicyProtocol.Element("TCP", "")
tTransportPolicyProtocol.Element("UDP", "")
sb.AddType(tTransportPolicyProtocol.Build())
tTransportPolicyValidationStatus := rdl.NewEnumTypeBuilder("Enum", "TransportPolicyValidationStatus")
tTransportPolicyValidationStatus.Comment("Validation Status of transport policy vs network policy")
tTransportPolicyValidationStatus.Element("VALID", "")
tTransportPolicyValidationStatus.Element("INVALID", "")
tTransportPolicyValidationStatus.Element("PARTIAL", "")
sb.AddType(tTransportPolicyValidationStatus.Build())
tTransportPolicyTrafficDirection := rdl.NewEnumTypeBuilder("Enum", "TransportPolicyTrafficDirection")
tTransportPolicyTrafficDirection.Comment("Types of transport policy traffic direction")
tTransportPolicyTrafficDirection.Element("INGRESS", "")
tTransportPolicyTrafficDirection.Element("EGRESS", "")
sb.AddType(tTransportPolicyTrafficDirection.Build())
tTransportPolicySubject := rdl.NewStructTypeBuilder("Struct", "TransportPolicySubject")
tTransportPolicySubject.Comment("Subject for a transport policy")
tTransportPolicySubject.Field("domainName", "TransportPolicySubjectDomainName", false, nil, "Name of the domain")
tTransportPolicySubject.Field("serviceName", "TransportPolicySubjectServiceName", false, nil, "Name of the service")
sb.AddType(tTransportPolicySubject.Build())
tTransportPolicyCondition := rdl.NewStructTypeBuilder("Struct", "TransportPolicyCondition")
tTransportPolicyCondition.Comment("Transport policy condition. Used to specify additional restrictions for the subject of a transport policy")
tTransportPolicyCondition.Field("enforcementState", "TransportPolicyEnforcementState", false, nil, "State of transport policy enforcement ( ENFORCE / REPORT )")
tTransportPolicyCondition.ArrayField("instances", "String", true, "Acts as restrictions. If present, this transport policy should be restricted to only mentioned instances.")
sb.AddType(tTransportPolicyCondition.Build())
tPolicyPort := rdl.NewStructTypeBuilder("Struct", "PolicyPort")
tPolicyPort.Comment("generic policy port. Will be used by TransportPolicyPort and NetworkPolicyPort structs")
tPolicyPort.Field("port", "Int32", false, nil, "Start port of the port range. port and endPort will have same values for a single port definition.")
tPolicyPort.Field("endPort", "Int32", false, nil, "End port of the port range. port and endPort will have same values for a single port definition.")
sb.AddType(tPolicyPort.Build())
tTransportPolicyPort := rdl.NewStructTypeBuilder("PolicyPort", "TransportPolicyPort")
tTransportPolicyPort.Comment("Transport policy port")
tTransportPolicyPort.Field("protocol", "TransportPolicyProtocol", false, nil, "Protocol for this transport policy")
sb.AddType(tTransportPolicyPort.Build())
tTransportPolicyMatch := rdl.NewStructTypeBuilder("Struct", "TransportPolicyMatch")
tTransportPolicyMatch.Comment("Selector for the subject of a transport policy")
tTransportPolicyMatch.Field("athenzService", "TransportPolicySubject", false, nil, "Subject where this transport policy applies")
tTransportPolicyMatch.ArrayField("conditions", "TransportPolicyCondition", false, "List of additional requirements for restrictions. Requirements are ANDed.")
sb.AddType(tTransportPolicyMatch.Build())
tTransportPolicyPeer := rdl.NewStructTypeBuilder("Struct", "TransportPolicyPeer")
tTransportPolicyPeer.Comment("Source or destination for a transport policy")
tTransportPolicyPeer.ArrayField("athenzServices", "TransportPolicySubject", false, "List of transport policy subjects")
tTransportPolicyPeer.ArrayField("ports", "TransportPolicyPort", false, "List of network traffic port part of this transport policy")
sb.AddType(tTransportPolicyPeer.Build())
tTransportPolicyEntitySelector := rdl.NewStructTypeBuilder("Struct", "TransportPolicyEntitySelector")
tTransportPolicyEntitySelector.Comment("Entity to which a transport policy applies. Describes the subject and port(s) for a transport policy.")
tTransportPolicyEntitySelector.Field("match", "TransportPolicyMatch", false, nil, "Requirements for selecting the subject for this transport policy.")
tTransportPolicyEntitySelector.ArrayField("ports", "TransportPolicyPort", false, "List of network traffic port of the subject eligible for the transport policy")
sb.AddType(tTransportPolicyEntitySelector.Build())
tTransportPolicyIngressRule := rdl.NewStructTypeBuilder("Struct", "TransportPolicyIngressRule")
tTransportPolicyIngressRule.Comment("Transport policy ingress rule")
tTransportPolicyIngressRule.Field("id", "Int64", false, nil, "Assertion id associated with this transport policy")
tTransportPolicyIngressRule.Field("lastModified", "Timestamp", false, nil, "Last modification timestamp of this transport policy")
tTransportPolicyIngressRule.Field("entitySelector", "TransportPolicyEntitySelector", false, nil, "Describes the entity to which this transport policy applies")
tTransportPolicyIngressRule.Field("from", "TransportPolicyPeer", true, nil, "Source of network traffic")
sb.AddType(tTransportPolicyIngressRule.Build())
tTransportPolicyEgressRule := rdl.NewStructTypeBuilder("Struct", "TransportPolicyEgressRule")
tTransportPolicyEgressRule.Comment("Transport policy egress rule")
tTransportPolicyEgressRule.Field("id", "Int64", false, nil, "Assertion id associated with this transport policy")
tTransportPolicyEgressRule.Field("lastModified", "Timestamp", false, nil, "Last modification timestamp of this transport policy")
tTransportPolicyEgressRule.Field("entitySelector", "TransportPolicyEntitySelector", false, nil, "Entity to which this transport policy applies")
tTransportPolicyEgressRule.Field("to", "TransportPolicyPeer", true, nil, "Destination of network traffic")
sb.AddType(tTransportPolicyEgressRule.Build())
tTransportPolicyRules := rdl.NewStructTypeBuilder("Struct", "TransportPolicyRules")
tTransportPolicyRules.Comment("Transport policy containing ingress and egress rules")
tTransportPolicyRules.ArrayField("ingress", "TransportPolicyIngressRule", false, "List of ingress rules")
tTransportPolicyRules.ArrayField("egress", "TransportPolicyEgressRule", false, "List of egress rules")
sb.AddType(tTransportPolicyRules.Build())
tTransportPolicyValidationRequest := rdl.NewStructTypeBuilder("Struct", "TransportPolicyValidationRequest")
tTransportPolicyValidationRequest.Comment("Transport policy request object to be validated")
tTransportPolicyValidationRequest.Field("entitySelector", "TransportPolicyEntitySelector", false, nil, "Describes the entity to which this transport policy applies")
tTransportPolicyValidationRequest.Field("peer", "TransportPolicyPeer", false, nil, "source or destination of the network traffic depending on direction")
tTransportPolicyValidationRequest.Field("id", "Int64", true, nil, "If present, assertion id associated with this transport policy")
tTransportPolicyValidationRequest.Field("trafficDirection", "TransportPolicyTrafficDirection", false, nil, "")
sb.AddType(tTransportPolicyValidationRequest.Build())
tTransportPolicyValidationResponse := rdl.NewStructTypeBuilder("Struct", "TransportPolicyValidationResponse")
tTransportPolicyValidationResponse.Comment("Response object of transport policy rule validation")
tTransportPolicyValidationResponse.Field("status", "TransportPolicyValidationStatus", false, nil, "")
tTransportPolicyValidationResponse.ArrayField("errors", "String", true, "")
tTransportPolicyValidationResponse.Field("updateTime", "Timestamp", true, nil, "most recent update timestamp in the backend")
tTransportPolicyValidationResponse.Field("id", "Int64", true, nil, "If present, assertion id associated with the transport policy")
sb.AddType(tTransportPolicyValidationResponse.Build())
tTransportPolicyValidationResponseList := rdl.NewStructTypeBuilder("Struct", "TransportPolicyValidationResponseList")
tTransportPolicyValidationResponseList.Comment("List of TransportPolicyValidationResponse")
tTransportPolicyValidationResponseList.ArrayField("responseList", "TransportPolicyValidationResponse", false, "list of transport policy validation response")
sb.AddType(tTransportPolicyValidationResponseList.Build())
tStaticWorkloadType := rdl.NewEnumTypeBuilder("Enum", "StaticWorkloadType")
tStaticWorkloadType.Comment("Enum representing defined types of static workloads.")
tStaticWorkloadType.Element("VIP", "represents a virtual ip construct")
tStaticWorkloadType.Element("ENTERPRISE_APPLIANCE", "represents generic network devices which can not be bootstrapped with an identity due to limitations")
tStaticWorkloadType.Element("CLOUD_LB", "represents a public cloud load balancer ( for ingress to public cloud )")
tStaticWorkloadType.Element("CLOUD_NAT", "represents a public cloud NAT gateway ( for egress from public cloud )")
tStaticWorkloadType.Element("EXTERNAL_APPLIANCE", "Appliance present outside of enterprise deployment locations. For SaaS / Third Party / Vendor use cases")
tStaticWorkloadType.Element("VIP_LB", "represents a virtual ip backed by a load balancer")
sb.AddType(tStaticWorkloadType.Build())
tDynamicWorkload := rdl.NewStructTypeBuilder("Struct", "DynamicWorkload")
tDynamicWorkload.Comment("workload type describing workload bootstrapped with an identity")
tDynamicWorkload.Field("domainName", "DomainName", false, nil, "name of the domain")
tDynamicWorkload.Field("serviceName", "EntityName", false, nil, "name of the service")
tDynamicWorkload.Field("uuid", "String", false, nil, "unique identifier for the workload, usually defined by provider")
tDynamicWorkload.ArrayField("ipAddresses", "String", false, "list of IP addresses associated with the workload, optional for getWorkloadsByIP API call")
tDynamicWorkload.Field("hostname", "String", false, nil, "hostname associated with the workload")
tDynamicWorkload.Field("provider", "String", false, nil, "infrastructure provider e.g. Kubernetes, AWS, Azure, openstack etc.")
tDynamicWorkload.Field("updateTime", "Timestamp", false, nil, "most recent update timestamp in the backend")
tDynamicWorkload.Field("certExpiryTime", "Timestamp", false, nil, "certificate expiry time (ex: getNotAfter)")
tDynamicWorkload.Field("certIssueTime", "Timestamp", true, nil, "certificate issue time (ex: getNotBefore)")
sb.AddType(tDynamicWorkload.Build())
tWorkload := rdl.NewStructTypeBuilder("DynamicWorkload", "Workload")
tWorkload.Comment("kept for backward compatibility sake. Will be eventually deprecated in favor of DynamicWorkload")
sb.AddType(tWorkload.Build())
tStaticWorkload := rdl.NewStructTypeBuilder("Struct", "StaticWorkload")
tStaticWorkload.Comment("workload type describing workload indirectly associated with an identity ( without bootstrap )")
tStaticWorkload.Field("domainName", "DomainName", false, nil, "name of the domain")
tStaticWorkload.Field("serviceName", "EntityName", false, nil, "name of the service")
tStaticWorkload.Field("type", "StaticWorkloadType", false, nil, "value representing one of the StaticWorkloadType enum")
tStaticWorkload.ArrayField("ipAddresses", "String", true, "list of IP addresses associated with the workload, optional for getWorkloadsByIP API call")
tStaticWorkload.Field("name", "String", true, nil, "name associated with the workload. In most cases will be a FQDN")
tStaticWorkload.Field("updateTime", "Timestamp", true, nil, "most recent update timestamp in the backend")
sb.AddType(tStaticWorkload.Build())
tWorkloadOptions := rdl.NewStructTypeBuilder("Struct", "WorkloadOptions")
tWorkloadOptions.Field("ipChanged", "Bool", false, nil, "boolean flag to signal a change in IP state")
sb.AddType(tWorkloadOptions.Build())
tWorkloads := rdl.NewStructTypeBuilder("Struct", "Workloads")
tWorkloads.Comment("list of workloads")
tWorkloads.ArrayField("workloadList", "Workload", false, "list of workloads")
tWorkloads.ArrayField("dynamicWorkloadList", "DynamicWorkload", true, "list of dynamic workloads")
tWorkloads.ArrayField("staticWorkloadList", "StaticWorkload", true, "list of static workloads")
sb.AddType(tWorkloads.Build())
tNetworkPolicyChangeEffect := rdl.NewEnumTypeBuilder("Enum", "NetworkPolicyChangeEffect")
tNetworkPolicyChangeEffect.Comment("IMPACT indicates that a change in network policy will interfere with workings of one or more transport policies NO_IMAPCT indicates that a change in network policy will not interfere with workings of any transport policy")
tNetworkPolicyChangeEffect.Element("IMPACT", "")
tNetworkPolicyChangeEffect.Element("NO_IMPACT", "")
sb.AddType(tNetworkPolicyChangeEffect.Build())
tIPBlock := rdl.NewStructTypeBuilder("Struct", "IPBlock")
tIPBlock.Comment("Struct representing ip blocks used by network policy in CIDR (Classless inter-domain routing) format")
tIPBlock.Field("cidr", "String", false, nil, "cidr notation. can be used for ipv4 or ipv6")
sb.AddType(tIPBlock.Build())
tNetworkPolicyPort := rdl.NewStructTypeBuilder("PolicyPort", "NetworkPolicyPort")
tNetworkPolicyPort.Comment("network policy port.")
tNetworkPolicyPort.Field("protocol", "TransportPolicyProtocol", false, nil, "protocol used by the network policy")
sb.AddType(tNetworkPolicyPort.Build())
tNetworkPolicyPorts := rdl.NewStructTypeBuilder("Struct", "NetworkPolicyPorts")
tNetworkPolicyPorts.Comment("allows creating a unique tuple of source and destination ports")
tNetworkPolicyPorts.ArrayField("sourcePorts", "NetworkPolicyPort", false, "list of source ports")
tNetworkPolicyPorts.ArrayField("destinationPorts", "NetworkPolicyPort", false, "list of destination ports")
sb.AddType(tNetworkPolicyPorts.Build())
tNetworkPolicyChangeImpactRequest := rdl.NewStructTypeBuilder("Struct", "NetworkPolicyChangeImpactRequest")
tNetworkPolicyChangeImpactRequest.Comment("struct representing input details for evaluating network policies change impact on transport policies")
tNetworkPolicyChangeImpactRequest.ArrayField("from", "IPBlock", false, "from ip address range list in cidr format")
tNetworkPolicyChangeImpactRequest.ArrayField("to", "IPBlock", false, "to ip address range list in cidr format")
tNetworkPolicyChangeImpactRequest.ArrayField("ports", "NetworkPolicyPorts", false, "list of ports. Facilitates multiple transports for the same source and destinations.")
sb.AddType(tNetworkPolicyChangeImpactRequest.Build())
tNetworkPolicyChangeImpactDetail := rdl.NewStructTypeBuilder("Struct", "NetworkPolicyChangeImpactDetail")
tNetworkPolicyChangeImpactDetail.Field("domain", "DomainName", false, nil, "Name of the domain of the corresponding transport policy")
tNetworkPolicyChangeImpactDetail.Field("policy", "EntityName", false, nil, "Name of the Athenz policy corresponding to transport policy")
tNetworkPolicyChangeImpactDetail.Field("transportPolicyId", "Int64", false, nil, "Unique id of the transport policy")
sb.AddType(tNetworkPolicyChangeImpactDetail.Build())
tNetworkPolicyChangeImpactResponse := rdl.NewStructTypeBuilder("Struct", "NetworkPolicyChangeImpactResponse")
tNetworkPolicyChangeImpactResponse.Comment("struct representing response of evaluating network policies change impact on transport policies")
tNetworkPolicyChangeImpactResponse.Field("effect", "NetworkPolicyChangeEffect", false, nil, "enum indicating effect of network policy change on one or more transport policies")
tNetworkPolicyChangeImpactResponse.ArrayField("details", "NetworkPolicyChangeImpactDetail", true, "if the above enum value is IMPACT then this optional object contains more details about the impacted transport policies")
sb.AddType(tNetworkPolicyChangeImpactResponse.Build())
mGetTransportPolicyRules := rdl.NewResourceBuilder("TransportPolicyRules", "GET", "/transportpolicies")
mGetTransportPolicyRules.Comment("API endpoint to get the transport policy rules defined in Athenz")
mGetTransportPolicyRules.Input("matchingTag", "String", false, "", "If-None-Match", false, nil, "Retrieved from the previous request, this timestamp specifies to the server to return any policies modified since this time")
mGetTransportPolicyRules.Output("tag", "String", "ETag", false, "The current latest modification timestamp is returned in this header")
mGetTransportPolicyRules.Auth("", "", true, "")
mGetTransportPolicyRules.Exception("BAD_REQUEST", "ResourceError", "")
mGetTransportPolicyRules.Exception("FORBIDDEN", "ResourceError", "")
mGetTransportPolicyRules.Exception("NOT_FOUND", "ResourceError", "")
mGetTransportPolicyRules.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mGetTransportPolicyRules.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mGetTransportPolicyRules.Build())
mValidateTransportPolicy := rdl.NewResourceBuilder("TransportPolicyValidationResponse", "POST", "/transportpolicy/validate")
mValidateTransportPolicy.Comment("API to validate microsegmentation policies against network policies")
mValidateTransportPolicy.Name("validateTransportPolicy")
mValidateTransportPolicy.Input("transportPolicy", "TransportPolicyValidationRequest", false, "", "", false, nil, "Struct representing microsegmentation policy entered by the user")
mValidateTransportPolicy.Auth("", "", true, "")
mValidateTransportPolicy.Exception("BAD_REQUEST", "ResourceError", "")
mValidateTransportPolicy.Exception("FORBIDDEN", "ResourceError", "")
mValidateTransportPolicy.Exception("NOT_FOUND", "ResourceError", "")
mValidateTransportPolicy.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mValidateTransportPolicy.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mValidateTransportPolicy.Build())
mGetTransportPolicyValidationStatus := rdl.NewResourceBuilder("TransportPolicyValidationResponseList", "GET", "/domain/{domainName}/transportpolicy/validationstatus")
mGetTransportPolicyValidationStatus.Comment("API to get transport policy validation response for transport policies of a domain")
mGetTransportPolicyValidationStatus.Name("getTransportPolicyValidationStatus")
mGetTransportPolicyValidationStatus.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
mGetTransportPolicyValidationStatus.Auth("", "", true, "")
mGetTransportPolicyValidationStatus.Exception("BAD_REQUEST", "ResourceError", "")
mGetTransportPolicyValidationStatus.Exception("FORBIDDEN", "ResourceError", "")
mGetTransportPolicyValidationStatus.Exception("NOT_FOUND", "ResourceError", "")
mGetTransportPolicyValidationStatus.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mGetTransportPolicyValidationStatus.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mGetTransportPolicyValidationStatus.Build())
mGetWorkloadsByService := rdl.NewResourceBuilder("Workloads", "GET", "/domain/{domainName}/service/{serviceName}/workloads")
mGetWorkloadsByService.Name("getWorkloadsByService")
mGetWorkloadsByService.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
mGetWorkloadsByService.Input("serviceName", "EntityName", true, "", "", false, nil, "name of the service")
mGetWorkloadsByService.Input("matchingTag", "String", false, "", "If-None-Match", false, nil, "Retrieved from the previous request, this timestamp specifies to the server to return any workloads modified since this time")
mGetWorkloadsByService.Output("tag", "String", "ETag", false, "The current latest modification timestamp is returned in this header")
mGetWorkloadsByService.Auth("", "", true, "")
mGetWorkloadsByService.Exception("BAD_REQUEST", "ResourceError", "")
mGetWorkloadsByService.Exception("FORBIDDEN", "ResourceError", "")
mGetWorkloadsByService.Exception("NOT_FOUND", "ResourceError", "")
mGetWorkloadsByService.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mGetWorkloadsByService.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mGetWorkloadsByService.Build())
mGetWorkloadsByIP := rdl.NewResourceBuilder("Workloads", "GET", "/workloads/{ip}")
mGetWorkloadsByIP.Name("getWorkloadsByIP")
mGetWorkloadsByIP.Input("ip", "String", true, "", "", false, nil, "ip address to query")
mGetWorkloadsByIP.Input("matchingTag", "String", false, "", "If-None-Match", false, nil, "Retrieved from the previous request, this timestamp specifies to the server to return any workloads modified since this time")
mGetWorkloadsByIP.Output("tag", "String", "ETag", false, "The current latest modification timestamp is returned in this header")
mGetWorkloadsByIP.Auth("", "", true, "")
mGetWorkloadsByIP.Exception("BAD_REQUEST", "ResourceError", "")
mGetWorkloadsByIP.Exception("FORBIDDEN", "ResourceError", "")
mGetWorkloadsByIP.Exception("NOT_FOUND", "ResourceError", "")
mGetWorkloadsByIP.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mGetWorkloadsByIP.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mGetWorkloadsByIP.Build())
mPutDynamicWorkload := rdl.NewResourceBuilder("WorkloadOptions", "PUT", "/domain/{domainName}/service/{serviceName}/workload/dynamic")
mPutDynamicWorkload.Comment("Api to perform a dynamic workload PUT operation for a domain and service Workload details are obtained from the service certificate")
mPutDynamicWorkload.Name("putDynamicWorkload")
mPutDynamicWorkload.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
mPutDynamicWorkload.Input("serviceName", "EntityName", true, "", "", false, nil, "name of the service")
mPutDynamicWorkload.Input("options", "WorkloadOptions", false, "", "", false, nil, "metadata about the dynamic workload")
mPutDynamicWorkload.Auth("", "", true, "")
mPutDynamicWorkload.Expected("NO_CONTENT")
mPutDynamicWorkload.Exception("BAD_REQUEST", "ResourceError", "")
mPutDynamicWorkload.Exception("FORBIDDEN", "ResourceError", "")
mPutDynamicWorkload.Exception("NOT_FOUND", "ResourceError", "")
mPutDynamicWorkload.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mPutDynamicWorkload.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mPutDynamicWorkload.Build())
mDeleteDynamicWorkload := rdl.NewResourceBuilder("WorkloadOptions", "DELETE", "/domain/{domainName}/service/{serviceName}/instanceId/{instanceId}/workload/dynamic")
mDeleteDynamicWorkload.Comment("Api to perform a dynamic workload DELETE operation for a domain, service, and instance")
mDeleteDynamicWorkload.Name("deleteDynamicWorkload")
mDeleteDynamicWorkload.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
mDeleteDynamicWorkload.Input("serviceName", "EntityName", true, "", "", false, nil, "name of the service")
mDeleteDynamicWorkload.Input("instanceId", "PathElement", true, "", "", false, nil, "unique instance id within provider's namespace")
mDeleteDynamicWorkload.Auth("update", "{domainName}:service.{serviceName}", false, "")
mDeleteDynamicWorkload.Expected("NO_CONTENT")
mDeleteDynamicWorkload.Exception("BAD_REQUEST", "ResourceError", "")
mDeleteDynamicWorkload.Exception("FORBIDDEN", "ResourceError", "")
mDeleteDynamicWorkload.Exception("NOT_FOUND", "ResourceError", "")
mDeleteDynamicWorkload.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mDeleteDynamicWorkload.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mDeleteDynamicWorkload.Build())
mPutStaticWorkload := rdl.NewResourceBuilder("StaticWorkload", "PUT", "/domain/{domainName}/service/{serviceName}/workload/static")
mPutStaticWorkload.Comment("Api to perform a static workload PUT operation for a domain and service")
mPutStaticWorkload.Name("putStaticWorkload")
mPutStaticWorkload.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
mPutStaticWorkload.Input("serviceName", "EntityName", true, "", "", false, nil, "name of the service")
mPutStaticWorkload.Input("staticWorkload", "StaticWorkload", false, "", "", false, nil, "Struct representing static workload entered by the user")
mPutStaticWorkload.Auth("update", "{domainName}:service.{serviceName}", false, "")
mPutStaticWorkload.Expected("NO_CONTENT")
mPutStaticWorkload.Exception("BAD_REQUEST", "ResourceError", "")
mPutStaticWorkload.Exception("FORBIDDEN", "ResourceError", "")
mPutStaticWorkload.Exception("NOT_FOUND", "ResourceError", "")
mPutStaticWorkload.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mPutStaticWorkload.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mPutStaticWorkload.Build())
mDeleteStaticWorkload := rdl.NewResourceBuilder("StaticWorkload", "DELETE", "/domain/{domainName}/service/{serviceName}/instanceId/{instanceId}/workload/static")
mDeleteStaticWorkload.Comment("Api to perform a static workload DELETE operation for a domain, service, and instance")
mDeleteStaticWorkload.Name("deleteStaticWorkload")
mDeleteStaticWorkload.Input("domainName", "DomainName", true, "", "", false, nil, "name of the domain")
mDeleteStaticWorkload.Input("serviceName", "EntityName", true, "", "", false, nil, "name of the service")
mDeleteStaticWorkload.Input("instanceId", "PathElement", true, "", "", false, nil, "unique instance id within provider's namespace")
mDeleteStaticWorkload.Auth("update", "{domainName}:service.{serviceName}", false, "")
mDeleteStaticWorkload.Expected("NO_CONTENT")
mDeleteStaticWorkload.Exception("BAD_REQUEST", "ResourceError", "")
mDeleteStaticWorkload.Exception("FORBIDDEN", "ResourceError", "")
mDeleteStaticWorkload.Exception("NOT_FOUND", "ResourceError", "")
mDeleteStaticWorkload.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mDeleteStaticWorkload.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mDeleteStaticWorkload.Build())
mEvaluateNetworkPolicyChange := rdl.NewResourceBuilder("NetworkPolicyChangeImpactResponse", "POST", "/transportpolicy/evaluatenetworkpolicychange")
mEvaluateNetworkPolicyChange.Comment("API to evaluate network policies change impact on transport policies")
mEvaluateNetworkPolicyChange.Name("evaluateNetworkPolicyChange")
mEvaluateNetworkPolicyChange.Input("detail", "NetworkPolicyChangeImpactRequest", false, "", "", false, nil, "Struct representing a network policy present in the system")
mEvaluateNetworkPolicyChange.Auth("", "", true, "")
mEvaluateNetworkPolicyChange.Exception("BAD_REQUEST", "ResourceError", "")
mEvaluateNetworkPolicyChange.Exception("FORBIDDEN", "ResourceError", "")
mEvaluateNetworkPolicyChange.Exception("NOT_FOUND", "ResourceError", "")
mEvaluateNetworkPolicyChange.Exception("TOO_MANY_REQUESTS", "ResourceError", "")
mEvaluateNetworkPolicyChange.Exception("UNAUTHORIZED", "ResourceError", "")
sb.AddResource(mEvaluateNetworkPolicyChange.Build())
var err error
schema, err = sb.BuildParanoid()
if err != nil {
log.Fatalf("rdl: schema build failed: %s", err)
}
}
func MSDSchema() *rdl.Schema {
return schema
}