Returns metadata about what cloud identities can be set up on this instance
GET/api/v2/cloudidentitymeta
Returns metadata about what cloud identities can be set up on this instance
Request
Responses
- 200
- 401
- 403
- 500
Metadata describing how to set up cloud identities
- application/json
- Schema
- Example (from schema)
Schema
aws
required
AWS describes the methods to set up a CloudAccessConfig to access AWS accounts.
SupportedIdentityTypes are the types of CloudIdentity that can be used to access AWS accounts in this instance of Wayfinder.
azure
required
Azure describes the methods to set up a CloudAccessConfig to access Azure subscriptions.
SupportedIdentityTypes are the types of CloudIdentity that can be used to access Azure subscriptions in this instance of Wayfinder.
gcp
required
GCP describes the methods to set up a CloudAccessConfig to access GCP projects
SupportedIdentityTypes are the types of CloudIdentity that can be used to access GCP projects in this instance of Wayfinder.
HostCloud is where this instance of Wayfinder is running. May be empty if Wayfinder is installed in a non-cloud environment.
HostRegion is the region of the host cloud where Wayfinder is running, if known.
workloadIdentity
WorkloadIdentity contains the spec of a CloudIdentity suitable to use the workload identity (credential-less) provided to Wayfinder at install time.
aws
AWS is the cloud-specific settings for this cloud identity for AWS
RoleARN is the IAM role being used when type is AWSIAMRoleForServiceAccount. If provided, will be used to validate on usage that Wayfinder is in the expected role.
UserARN is the IAM user being used when type is AWSIAMUserKey. If provided, will be used to validate on usage that Wayfinder is in the expected user.
azure
Azure is the cloud-specific settings for this cloud identity for Azure
ClientID is the client ID that this Azure identity references. If provided, will be used to validate on usage that Wayfinder is using the expected client ID.
TenantID is the tenant in which this Azure identity resides.
Cloud defines which cloud provider this credential is for
credentialsInputData
object
CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API.
If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references.
CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Wayfinder, update this field to trigger re-verification of this credential.
gcp
GCP is the cloud-specific settings for this cloud identity for GCP
ServiceAccount is the GCP service account email that this GCP identity references. If provided, will be used to validate on usage that Wayfinder is using the expected service account.
secretRef
SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Wayfinder.
Where CredentialsInputData is specified but this is left blank, Wayfinder will assign this value.
name is unique within a namespace to reference a secret resource.
namespace defines the space within which the secret name must be unique.
Type is the identity type in cloud that this represents
workloadIdentityCloudIdentity
WorkloadIdentityCloudIdentity is the reference to this instances CloudIdentity object representing the workload identity, if configured. If null, no cloud identity has yet been configured for this cloud.
Cloud that this cloud identity references.
Name for the credential, specify empty for implicit credentials
Namespace is deprecated, included only for backwards-compatibility with v2beta1. Deprecated: No namespace field will be present in v2 for a cloud identity reference.
WorkloadIdentityType defines the cloud identity type to use for zero-credential access on this instance of Wayfinder. If unpopulated, there is no supported workload identity type in this environment.
{
"aws": {
"supportedIdentityTypes": [
"string"
]
},
"azure": {
"supportedIdentityTypes": [
"string"
]
},
"gcp": {
"supportedIdentityTypes": [
"string"
]
},
"hostCloud": "string",
"hostRegion": "string",
"workloadIdentity": {
"aws": {
"roleARN": "string",
"userARN": "string"
},
"azure": {
"clientID": "string",
"tenantID": "string"
},
"cloud": "string",
"credentialsInputData": {},
"credentialsUpdated": "string",
"gcp": {
"serviceAccount": "string"
},
"secretRef": {
"name": "string",
"namespace": "string"
},
"type": "string"
},
"workloadIdentityCloudIdentity": {
"cloud": "string",
"name": "string",
"namespace": "string"
},
"workloadIdentityType": "string"
}
If not authenticated
If authenticated but not authorized
A generic API error containing the cause of the error
- application/json
- Schema
- Example (from schema)
Schema
{
"code": 0,
"detail": "string",
"message": "string",
"uri": "string",
"verb": "string"
}