Skip to main content

Returns metadata about what cloud identities can be set up on this instance

GET 

/api/v2/cloudidentitymeta

Returns metadata about what cloud identities can be set up on this instance

Request

Responses

Metadata describing how to set up cloud identities

Schema

    aws

    required

    AWS describes the methods to set up a CloudAccessConfig to access AWS accounts.

    supportedIdentityTypes string[]required

    SupportedIdentityTypes are the types of CloudIdentity that can be used to access AWS accounts in this instance of Wayfinder.

    azure

    required

    Azure describes the methods to set up a CloudAccessConfig to access Azure subscriptions.

    supportedIdentityTypes string[]required

    SupportedIdentityTypes are the types of CloudIdentity that can be used to access Azure subscriptions in this instance of Wayfinder.

    gcp

    required

    GCP describes the methods to set up a CloudAccessConfig to access GCP projects

    supportedIdentityTypes string[]required

    SupportedIdentityTypes are the types of CloudIdentity that can be used to access GCP projects in this instance of Wayfinder.

    hostCloud string

    HostCloud is where this instance of Wayfinder is running. May be empty if Wayfinder is installed in a non-cloud environment.

    hostRegion string

    HostRegion is the region of the host cloud where Wayfinder is running, if known.

    workloadIdentity

    WorkloadIdentity contains the spec of a CloudIdentity suitable to use the workload identity (credential-less) provided to Wayfinder at install time.

    aws

    AWS is the cloud-specific settings for this cloud identity for AWS

    roleARN string

    RoleARN is the IAM role being used when type is AWSIAMRoleForServiceAccount. If provided, will be used to validate on usage that Wayfinder is in the expected role.

    userARN string

    UserARN is the IAM user being used when type is AWSIAMUserKey. If provided, will be used to validate on usage that Wayfinder is in the expected user.

    azure

    Azure is the cloud-specific settings for this cloud identity for Azure

    clientID string

    ClientID is the client ID that this Azure identity references. If provided, will be used to validate on usage that Wayfinder is using the expected client ID.

    tenantID string

    TenantID is the tenant in which this Azure identity resides.

    cloud stringrequired

    Cloud defines which cloud provider this credential is for

    credentialsInputData

    object

    CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API.

    If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references.

    property name* string
    credentialsUpdated string

    CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Wayfinder, update this field to trigger re-verification of this credential.

    gcp

    GCP is the cloud-specific settings for this cloud identity for GCP

    serviceAccount string

    ServiceAccount is the GCP service account email that this GCP identity references. If provided, will be used to validate on usage that Wayfinder is using the expected service account.

    secretRef

    SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Wayfinder.

    Where CredentialsInputData is specified but this is left blank, Wayfinder will assign this value.

    name string

    name is unique within a namespace to reference a secret resource.

    namespace string

    namespace defines the space within which the secret name must be unique.

    type string

    Type is the identity type in cloud that this represents

    workloadIdentityCloudIdentity

    WorkloadIdentityCloudIdentity is the reference to this instances CloudIdentity object representing the workload identity, if configured. If null, no cloud identity has yet been configured for this cloud.

    cloud string

    Cloud that this cloud identity references.

    name stringrequired

    Name for the credential, specify empty for implicit credentials

    namespace string

    Namespace is deprecated, included only for backwards-compatibility with v2beta1. Deprecated: No namespace field will be present in v2 for a cloud identity reference.

    workloadIdentityType string

    WorkloadIdentityType defines the cloud identity type to use for zero-credential access on this instance of Wayfinder. If unpopulated, there is no supported workload identity type in this environment.

Loading...