Returns metadata about what cloud identities can be set up on this instance

GET 
/api/v2/cloudidentitymeta

Returns metadata about what cloud identities can be set up on this instance

Request

Responses

200

Metadata describing how to set up cloud identities

application/json

Schema

Schema

aws

required

AWS describes the methods to set up a CloudAccessConfig to access AWS accounts.

supportedIdentityTypes string[]required

SupportedIdentityTypes are the types of CloudIdentity that can be used to access AWS accounts in this instance of Wayfinder.

azure

required

Azure describes the methods to set up a CloudAccessConfig to access Azure subscriptions.

supportedIdentityTypes string[]required

SupportedIdentityTypes are the types of CloudIdentity that can be used to access Azure subscriptions in this instance of Wayfinder.

gcp

required

GCP describes the methods to set up a CloudAccessConfig to access GCP projects

supportedIdentityTypes string[]required

SupportedIdentityTypes are the types of CloudIdentity that can be used to access GCP projects in this instance of Wayfinder.

hostCloud string

HostCloud is where this instance of Wayfinder is running. May be empty if Wayfinder is installed in a non-cloud environment.

hostRegion string

HostRegion is the region of the host cloud where Wayfinder is running, if known.

workloadIdentity

WorkloadIdentity contains the spec of a CloudIdentity suitable to use the workload identity (credential-less) provided to Wayfinder at install time.

aws

AWS is the cloud-specific settings for this cloud identity for AWS

roleARN string

RoleARN is the IAM role being used when type is AWSIAMRoleForServiceAccount. If provided, will be used to validate on usage that Wayfinder is in the expected role.

userARN string

UserARN is the IAM user being used when type is AWSIAMUserKey. If provided, will be used to validate on usage that Wayfinder is in the expected user.

azure

Azure is the cloud-specific settings for this cloud identity for Azure

clientID string

ClientID is the client ID that this Azure identity references. If provided, will be used to validate on usage that Wayfinder is using the expected client ID.

tenantID string

TenantID is the tenant in which this Azure identity resides.

cloud stringrequired

Cloud defines which cloud provider this credential is for

credentialsInputData

object

CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API.

If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references.

property name* string

credentialsUpdated string

CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Wayfinder, update this field to trigger re-verification of this credential.

gcp

GCP is the cloud-specific settings for this cloud identity for GCP

serviceAccount string

ServiceAccount is the GCP service account email that this GCP identity references. If provided, will be used to validate on usage that Wayfinder is using the expected service account.

secretRef

SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Wayfinder.

Where CredentialsInputData is specified but this is left blank, Wayfinder will assign this value.

name string

name is unique within a namespace to reference a secret resource.

namespace string

namespace defines the space within which the secret name must be unique.

type string

Type is the identity type in cloud that this represents

workloadIdentityCloudIdentity

WorkloadIdentityCloudIdentity is the reference to this instances CloudIdentity object representing the workload identity, if configured. If null, no cloud identity has yet been configured for this cloud.

cloud string

Cloud that this cloud identity references.

name stringrequired

Name for the credential, specify empty for implicit credentials

namespace string

Namespace is deprecated, included only for backwards-compatibility with v2beta1. Deprecated: No namespace field will be present in v2 for a cloud identity reference.

workloadIdentityType string

WorkloadIdentityType defines the cloud identity type to use for zero-credential access on this instance of Wayfinder. If unpopulated, there is no supported workload identity type in this environment.

Example (from schema)

{
  "aws": {
    "supportedIdentityTypes": [
      "string"
    ]
  },
  "azure": {
    "supportedIdentityTypes": [
      "string"
    ]
  },
  "gcp": {
    "supportedIdentityTypes": [
      "string"
    ]
  },
  "hostCloud": "string",
  "hostRegion": "string",
  "workloadIdentity": {
    "aws": {
      "roleARN": "string",
      "userARN": "string"
    },
    "azure": {
      "clientID": "string",
      "tenantID": "string"
    },
    "cloud": "string",
    "credentialsInputData": {},
    "credentialsUpdated": "string",
    "gcp": {
      "serviceAccount": "string"
    },
    "secretRef": {
      "name": "string",
      "namespace": "string"
    },
    "type": "string"
  },
  "workloadIdentityCloudIdentity": {
    "cloud": "string",
    "name": "string",
    "namespace": "string"
  },
  "workloadIdentityType": "string"
}

401

If not authenticated

403

If authenticated but not authorized

500

A generic API error containing the cause of the error

application/json

Schema

Schema

code int32required
detail stringrequired
message stringrequired
uri stringrequired
verb stringrequired

Example (from schema)

{
  "code": 0,
  "detail": "string",
  "message": "string",
  "uri": "string",
  "verb": "string"
}

Loading...