openapi: 3.0.1 info: title: Flight Control API version: v1beta1 description: | [Flight Control](https://flightctl.io) is a service for declarative management of fleets of edge devices and their workloads. contact: name: The Flight Control Team url: https://flightctl.io email: team@flightctl.io license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html servers: - url: / tags: - name: authentication description: Operations for authentication. - name: authprovider description: Operations on AuthProvider resources. - name: certificatesigningrequest description: Operations on CertificateSigningRequest resources. - name: device description: Operations on Device resources. - name: deviceactions description: Operations for device actions. - name: enrollmentrequest description: Operations on EnrollmentRequest resources. - name: event description: Operations for retrieving events. - name: fleet description: Operations on Fleet resources. - name: label description: Operations for retrieving labels across different resources. - name: organization description: Operations for retrieving Organization resources. - name: repository description: Operations on Repository resources. - name: resourcesync description: Operations on ResourceSync resources. - name: version description: Operations for receiving service version. paths: /api/version: get: tags: - version description: Get service version. operationId: getVersion responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Version' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/auth/config: get: tags: - authentication description: Get authentication configuration. operationId: authConfig responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/AuthConfig' "418": description: Auth not configured content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/auth/validate: get: tags: - authentication description: Validate an authentication token. operationId: authValidate parameters: - name: Authorization in: header description: The authentication token to validate. schema: type: string responses: "200": description: Token valid content: application/json: schema: $ref: '#/components/schemas/Status' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Token invalid content: application/json: schema: $ref: '#/components/schemas/Status' "418": description: Auth not configured content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "500": description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/auth/permissions: get: tags: - authentication description: Get the list of available permissions for the authenticated user. operationId: authGetPermissions responses: "200": description: List of available permissions content: application/json: schema: $ref: '#/components/schemas/PermissionList' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "418": description: Auth not configured content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "500": description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/auth/{providername}/token: post: tags: - authentication description: OAuth2 token exchange endpoint. Proxies token requests to the configured authentication provider (PAM issuer) for authorization code flow with PKCE support. operationId: authToken parameters: - name: providername in: path required: true schema: type: string description: Name of the authentication provider to use. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TokenRequest' application/x-www-form-urlencoded: schema: $ref: '#/components/schemas/TokenRequest' responses: "200": description: Token response content: application/json: schema: $ref: '#/components/schemas/TokenResponse' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/TokenResponse' /api/v1/auth/userinfo: get: tags: - authentication description: OIDC UserInfo endpoint. Proxies the request to the configured authentication provider to retrieve user information. operationId: authUserInfo responses: "200": description: User information content: application/json: schema: $ref: '#/components/schemas/UserInfoResponse' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "418": description: Auth not configured content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "500": description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/resourcesyncs: get: tags: - resourcesync description: List ResourceSync resources. operationId: listResourceSyncs parameters: - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. required: false schema: type: string - name: labelSelector in: query description: A selector to restrict the list of returned objects by their labels. Defaults to everything. schema: type: string - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: limit in: query description: The maximum number of results returned in the list response. The server will set the 'continue' field in the list response if more results exist. The continue value may then be specified as parameter in a subsequent query. required: false schema: type: integer format: int32 responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ResourceSyncList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' post: tags: - resourcesync description: Create a ResourceSync resource. operationId: createResourceSync requestBody: content: application/json: schema: $ref: '#/components/schemas/ResourceSync' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/ResourceSync' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/resourcesyncs/{name}: get: tags: - resourcesync description: Get a ResourceSync resource. operationId: getResourceSync parameters: - name: name in: path description: The name of the ResourceSync resource to get. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ResourceSync' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - resourcesync description: Update a ResourceSync resource. operationId: replaceResourceSync parameters: - name: name in: path description: The name of the ResourceSync resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ResourceSync' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ResourceSync' "201": description: Created content: application/json: schema: $ref: '#/components/schemas/ResourceSync' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - resourcesync description: Patch a ResourceSync resource. operationId: patchResourceSync parameters: - name: name in: path description: The name of the ResourceSync resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ResourceSync' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' delete: tags: - resourcesync description: Delete a ResourceSync resource. operationId: deleteResourceSync parameters: - name: name in: path description: The name of the ResourceSync resource to delete. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/repositories: get: tags: - repository description: List Repository resources. operationId: listRepositories parameters: - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. required: false schema: type: string - name: labelSelector in: query description: A selector to restrict the list of returned objects by their labels. Defaults to everything. schema: type: string - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: limit in: query description: The maximum number of results returned in the list response. The server will set the 'continue' field in the list response if more results exist. The continue value may then be specified as parameter in a subsequent query. required: false schema: type: integer format: int32 responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/RepositoryList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' post: tags: - repository description: Create a Repository resource. operationId: createRepository requestBody: content: application/json: schema: $ref: '#/components/schemas/Repository' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Repository' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/repositories/{name}: get: tags: - repository description: Get a Repository resource. operationId: getRepository parameters: - name: name in: path description: The name of the Repository resource to get. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Repository' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - repository description: Update a Repository resource. operationId: replaceRepository parameters: - name: name in: path description: The name of the Repository resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Repository' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Repository' "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Repository' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' delete: tags: - repository description: Delete a Repository resource. operationId: deleteRepository parameters: - name: name in: path description: The name of the Repository resource to delete. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - repository description: Patch a Repository resource. operationId: patchRepository parameters: - name: name in: path description: The name of the Repository resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Repository' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/devices: get: tags: - device description: List Device resources. operationId: listDevices parameters: - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. required: false schema: type: string - name: labelSelector in: query description: A selector to restrict the list of returned objects by their labels. Defaults to everything. schema: type: string - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: limit in: query description: The maximum number of results returned in the list response. The server will set the 'continue' field in the list response if more results exist. The continue value may then be specified as parameter in a subsequent query. required: false schema: type: integer format: int32 - name: summaryOnly in: query description: A boolean flag to include only a summary of the devices. When set to true, the response will contain only the summary information. Only the 'owner' and 'labelSelector' parameters are supported when 'summaryOnly' is true. required: false schema: type: boolean responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/DeviceList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' post: tags: - device description: Create a Device resource. operationId: createDevice requestBody: content: application/json: schema: $ref: '#/components/schemas/Device' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Device' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/devices/{name}: get: tags: - device description: Get a Device resource. operationId: getDevice parameters: - name: name in: path description: The name of the Device resource to get. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Device' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - device description: Update a Device resource. operationId: replaceDevice parameters: - name: name in: path description: The name of the Device resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Device' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Device' "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Device' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' delete: tags: - device description: Delete a Device resource. operationId: deleteDevice parameters: - name: name in: path description: The name of the Device resource to delete. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - device description: Patch a Device resource. operationId: patchDevice parameters: - name: name in: path description: The name of the Device resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Device' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/devices/{name}/status: get: tags: - device description: Get the status of a Device resource. operationId: getDeviceStatus parameters: - name: name in: path description: The name of the Device resource to get. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Device' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - device description: Patch the status of a Device resource. operationId: patchDeviceStatus parameters: - name: name in: path description: The name of the Device resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Device' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - device description: Update the status of a Device resource. operationId: replaceDeviceStatus parameters: - name: name in: path description: The name of the Device resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Device' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Device' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/devices/{name}/decommission: put: tags: - device description: schedule the device to decommission operationId: decommissionDevice parameters: - name: name in: path description: The name of the Device resource to decommission. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/DeviceDecommission' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Device' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/devices/{name}/rendered: get: tags: - device description: Get the rendered device. operationId: getRenderedDevice parameters: - name: name in: path description: The name of the Device resource to get the rendered device specification for. required: true schema: type: string - name: knownRenderedVersion in: query description: The last known renderedVersion. required: false schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Device' "204": description: No Content content: {} "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/devices/{name}/lastseen: get: tags: - device description: Get the last seen timestamp of the Device resource. operationId: getDeviceLastSeen parameters: - name: name in: path description: The name of the Device resource to get the last seen timestamp for. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/DeviceLastSeen' "204": description: No Content content: {} "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/deviceactions/resume: post: tags: - deviceactions description: Resume devices based on label selector and/or field selector. operationId: resumeDevices x-rbac: resource: devices/resume action: update requestBody: content: application/json: schema: $ref: '#/components/schemas/DeviceResumeRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/DeviceResumeResponse' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/enrollmentconfig: get: tags: - enrollmentrequest description: Get enrollment information. operationId: getEnrollmentConfig parameters: - name: csr in: query description: The name of a CertificateSigningRequest resource to query for an issued certificate. If provided, the service will check if the CertificateSigningRequest contains an issued certificate and in this case include it the returned EnrollmentConfig. In all other case, the enrollment certificate field will be empty. required: false schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentConfig' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/enrollmentrequests: get: tags: - enrollmentrequest description: List EnrollmentRequest resources. operationId: listEnrollmentRequests parameters: - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. required: false schema: type: string - name: labelSelector in: query description: A selector to restrict the list of returned objects by their labels. Defaults to everything. schema: type: string - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: limit in: query description: The maximum number of results returned in the list response. The server will set the 'continue' field in the list response if more results exist. The continue value may then be specified as parameter in a subsequent query. required: false schema: type: integer format: int32 responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequestList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' post: tags: - enrollmentrequest description: Create an EnrollmentRequest resource. operationId: createEnrollmentRequest requestBody: content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/enrollmentrequests/{name}: get: tags: - enrollmentrequest description: Get an EnrollmentRequest resource. operationId: getEnrollmentRequest parameters: - name: name in: path description: The name of the EnrollmentRequest resource to get. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - enrollmentrequest description: Update an EnrollmentRequest resource. operationId: replaceEnrollmentRequest parameters: - name: name in: path description: The name of the EnrollmentRequest resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' "201": description: Created content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - enrollmentrequest description: Patch an EnrollmentRequest resource. operationId: patchEnrollmentRequest parameters: - name: name in: path description: The name of the EnrollmentRequest resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' delete: tags: - enrollmentrequest description: Delete an EnrollmentRequest resource. operationId: deleteEnrollmentRequest parameters: - name: name in: path description: The name of the EnrollmentRequest resource to delete. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/enrollmentrequests/{name}/status: get: tags: - enrollmentrequest description: Get the status of an EnrollmentRequest resource. operationId: getEnrollmentRequestStatus parameters: - name: name in: path description: The name of the EnrollmentRequest resource to get. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - enrollmentrequest description: Update the status of an EnrollmentRequest resource. operationId: replaceEnrollmentRequestStatus parameters: - name: name in: path description: The name of the EnrollmentRequest resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - enrollmentrequest description: Patch the status of an EnrollmentRequest resource. operationId: patchEnrollmentRequestStatus parameters: - name: name in: path description: The name of the EnrollmentRequest resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequest' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/enrollmentrequests/{name}/approval: put: tags: - enrollmentrequest description: Approve or deny an EnrollmentRequest. operationId: approveEnrollmentRequest parameters: - name: name in: path description: The name of the EnrollmentRequest to approve or deny. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequestApproval' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EnrollmentRequestApprovalStatus' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/certificatesigningrequests: get: tags: - certificatesigningrequest description: List CertificateSigningRequest resources. operationId: listCertificateSigningRequests parameters: - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. required: false schema: type: string - name: labelSelector in: query description: A selector to restrict the list of returned objects by their labels. Defaults to everything. schema: type: string - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: limit in: query description: The maximum number of results returned in the list response. The server will set the 'continue' field in the list response if more results exist. The continue value may then be specified as parameter in a subsequent query. required: false schema: type: integer format: int32 responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequestList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' post: tags: - certificatesigningrequest description: Create a CertificateSigningRequest resource. operationId: createCertificateSigningRequest requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/certificatesigningrequests/{name}: patch: tags: - certificatesigningrequest description: Patch a CertificateSigningRequest resource. operationId: patchCertificateSigningRequest parameters: - name: name in: path description: The name of the CertificateSigningRequest resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' get: tags: - certificatesigningrequest description: read the specified certificateSigningRequest operationId: getCertificateSigningRequest parameters: - name: name in: path description: The name of the CertificateSigningRequest resource to get. required: true schema: type: string uniqueItems: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - certificatesigningrequest description: replace the specified CertificateSigningRequest operationId: replaceCertificateSigningRequest parameters: - name: name in: path description: The name of the CertificateSigningRequest resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' "201": description: Created content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' delete: tags: - certificatesigningrequest description: delete a Certificate Signing Request operationId: deleteCertificateSigningRequest parameters: - name: name in: path description: The name of the CertificateSigningRequest resource to delete. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/certificatesigningrequests/{name}/approval: put: tags: - certificatesigningrequest description: Approve or deny a CertificateSigningRequest. operationId: updateCertificateSigningRequestApproval parameters: - name: name in: path description: The name of the CertificateSigningRequest to approve or deny. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/CertificateSigningRequest' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/fleets: get: tags: - fleet description: List Fleet resources. operationId: listFleets parameters: - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. required: false schema: type: string - name: labelSelector in: query description: A selector to restrict the list of returned objects by their labels. Defaults to everything. schema: type: string - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: limit in: query description: The maximum number of results returned in the list response. The server will set the 'continue' field in the list response if more results exist. The continue value may then be specified as parameter in a subsequent query. required: false schema: type: integer format: int32 - name: addDevicesSummary in: query description: Include a summary of the devices in the fleet. required: false schema: type: boolean responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/FleetList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' post: tags: - fleet description: Create a Fleet resource. operationId: createFleet requestBody: content: application/json: schema: $ref: '#/components/schemas/Fleet' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Fleet' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/fleets/{name}: get: tags: - fleet description: Get a Fleet resource. operationId: getFleet parameters: - name: name in: path description: The name of the Fleet resource to get. required: true schema: type: string - name: addDevicesSummary in: query description: Include a summary of the devices in the fleet. required: false schema: type: boolean responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Fleet' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - fleet description: Update a Fleet resource. operationId: replaceFleet parameters: - name: name in: path description: The name of the Fleet resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Fleet' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Fleet' "201": description: Created content: application/json: schema: $ref: '#/components/schemas/Fleet' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - fleet description: Patch a Fleet resource. operationId: patchFleet parameters: - name: name in: path description: The name of the Fleet resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Fleet' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' delete: tags: - fleet description: Delete a Fleet resource. operationId: deleteFleet parameters: - name: name in: path description: The name of the Fleet resource to delete. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/fleets/{name}/status: get: tags: - fleet description: read status of the specified Fleet operationId: getFleetStatus parameters: - name: name in: path description: The name of the Fleet resource to get. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Fleet' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - fleet description: Patch the status of a Fleet resource. operationId: patchFleetStatus parameters: - name: name in: path description: The name of the Fleet resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Fleet' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - fleet description: replace status of the specified Fleet operationId: replaceFleetStatus parameters: - name: name in: path description: The name of the Fleet resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/Fleet' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Fleet' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/fleets/{fleet}/templateversions: get: tags: - fleet description: list template versions operationId: listTemplateVersions parameters: - name: fleet in: path description: The owner of the template versions. required: true schema: type: string - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. required: false schema: type: string - name: labelSelector in: query description: A selector to restrict the list of returned objects by their labels. Defaults to everything. schema: type: string - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: limit in: query description: The maximum number of results returned in the list response. The server will set the 'continue' field in the list response if more results exist. The continue value may then be specified as parameter in a subsequent query. required: false schema: type: integer format: int32 responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/TemplateVersionList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/fleets/{fleet}/templateversions/{name}: get: tags: - fleet description: read the specified template version operationId: getTemplateVersion parameters: - name: fleet in: path description: The owner of the template version. required: true schema: type: string - name: name in: path description: The name of the template version. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/TemplateVersion' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' delete: tags: - fleet description: delete a template version operationId: deleteTemplateVersion parameters: - name: fleet in: path description: The owner of the template version. required: true schema: type: string - name: name in: path description: The name of the template version. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/labels: get: tags: - label description: | Retrieves a distinct list of labels for the specified resource type. operationId: listLabels parameters: - name: kind in: query description: The type of resource to retrieve labels from. required: true schema: type: string enum: - Device - name: labelSelector in: query description: A filter to retrieve labels only from resources that match the given label selector. schema: type: string - name: fieldSelector in: query description: A filter to retrieve labels only from resources that match the given field selector. schema: type: string - name: limit in: query description: The maximum number of distinct labels to return in the response. required: false schema: type: integer format: int32 responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/LabelList' examples: labelsExample: summary: Example response for labels value: - "environment=production" - "region=us-east-1" - "tier=backend" "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/events: get: tags: - event description: | Retrieves a list of events. operationId: listEvents parameters: - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: order in: query description: Sort order for the results by timestamp. Defaults to 'desc' (newest first). schema: type: string enum: - asc - desc default: desc - name: limit in: query description: The maximum number of events to return in the response. schema: type: integer format: int32 - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/EventList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/organizations: get: tags: - organization summary: List organizations description: Retrieves a list of organizations. Only returns organizations that the user has access to. operationId: listOrganizations parameters: - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/OrganizationList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/authproviders: get: tags: - authprovider description: List AuthProvider resources. operationId: listAuthProviders parameters: - name: continue in: query description: An optional parameter to query more results from the server. The value of the paramter must match the value of the 'continue' field in the previous list response. required: false schema: type: string - name: labelSelector in: query description: A selector to restrict the list of returned objects by their labels. Defaults to everything. schema: type: string - name: fieldSelector in: query description: A selector to restrict the list of returned objects by their fields, supporting operators like '=', '==', and '!=' (e.g., "key1=value1,key2!=value2"). schema: type: string - name: limit in: query description: The maximum number of results returned in the list response. The server will set the 'continue' field in the list response if more results exist. The continue value may then be specified as parameter in a subsequent query. required: false schema: type: integer format: int32 responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/AuthProviderList' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' post: tags: - authprovider description: Create an AuthProvider resource. operationId: createAuthProvider requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthProvider' required: true responses: "201": description: Created content: application/json: schema: $ref: '#/components/schemas/AuthProvider' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' /api/v1/authproviders/{name}: get: tags: - authprovider description: Get an AuthProvider resource. operationId: getAuthProvider parameters: - name: name in: path description: The name of the AuthProvider resource to get. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/AuthProvider' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' put: tags: - authprovider description: Update an AuthProvider resource. operationId: replaceAuthProvider parameters: - name: name in: path description: The name of the AuthProvider resource to update. required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthProvider' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/AuthProvider' "201": description: Created content: application/json: schema: $ref: '#/components/schemas/AuthProvider' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' patch: tags: - authprovider description: Patch an AuthProvider resource. operationId: patchAuthProvider parameters: - name: name in: path description: The name of the AuthProvider resource to patch. required: true schema: type: string requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/PatchRequest' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/AuthProvider' "400": description: Bad Request content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "409": description: Conflict content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' delete: tags: - authprovider description: Delete an AuthProvider resource. operationId: deleteAuthProvider parameters: - name: name in: path description: The name of the AuthProvider resource to delete. required: true schema: type: string responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/Status' "401": description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Status' "403": description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Status' "404": description: Not Found content: application/json: schema: $ref: '#/components/schemas/Status' "429": description: Too Many Requests content: application/json: schema: $ref: '#/components/schemas/Status' "503": description: Service Unavailable content: application/json: schema: $ref: '#/components/schemas/Status' components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT orgId: type: apiKey in: query name: org_id description: The UUID of the organization that owns the resource. Maps to an organizations metadata.name. schemas: ResourceKind: type: string enum: [CertificateSigningRequest, EnrollmentRequest, Device, Fleet, Repository, ResourceSync, TemplateVersion, AuthProvider] description: Resource types exposed via the API. DeviceDecommissionTargetType: type: string enum: - "Unenroll" - "FactoryReset" x-enum-varnames: - "DeviceDecommissionTargetTypeUnenroll" - "DeviceDecommissionTargetTypeFactoryReset" description: Specifies the desired decommissioning method of the device. DeviceDecommission: type: object properties: target: $ref: '#/components/schemas/DeviceDecommissionTargetType' required: - target description: Metadata about a device decommissioning request. DeviceResumeRequest: type: object additionalProperties: false properties: labelSelector: type: string description: A selector to restrict the list of devices to resume by their labels. Uses the same format as Kubernetes label selectors (e.g., "key1=value1,key2!=value2"). fieldSelector: type: string description: A selector to restrict the list of devices to resume by their fields. Uses the same format as Kubernetes field selectors (e.g., "metadata.name=device1,status.phase!=Pending"). anyOf: - required: - labelSelector - required: - fieldSelector description: Request to resume devices based on label selector and/or field selector. At least one selector must be provided. example: labelSelector: "environment=production,tier=frontend" DeviceResumeResponse: type: object additionalProperties: false required: - resumedDevices properties: resumedDevices: type: integer description: Number of devices that were successfully resumed. description: Response from resuming devices. example: resumedDevices: 3 PatchRequest: type: array items: type: object additionalProperties: false required: - op - path properties: path: description: A JSON Pointer path. type: string value: description: The value to add or replace. op: description: The operation to perform. type: string enum: - add - replace - remove - test Repository: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/RepositorySpec' status: $ref: '#/components/schemas/RepositoryStatus' required: - apiVersion - kind - metadata - spec description: Repository represents a Git repository or an HTTP endpoint. HttpConfig: type: object description: Configuration for HTTP transport. additionalProperties: false properties: username: type: string description: The username for auth with HTTP transport. password: type: string description: The password for auth with HTTP transport. format: password tls.crt: type: string description: Base64 encoded TLS cert data. format: password tls.key: type: string description: Base64 encoded TLS cert key. format: password ca.crt: type: string description: Base64 encoded root CA. skipServerVerification: type: boolean description: Skip remote server verification. token: type: string description: The token for auth with HTTP transport. format: password HttpRepoSpec: type: object additionalProperties: false properties: url: type: string description: 'The HTTP URL to call or clone from.' type: $ref: "#/components/schemas/RepoSpecType" httpConfig: $ref: "#/components/schemas/HttpConfig" validationSuffix: type: string description: 'URL suffix used only for validating access to the repository. Users might use the URL field as a root URL to be used by config sources adding suffixes. This will help with the validation of the http endpoint.' required: - url - type - httpConfig SshConfig: type: object description: Configuration for SSH transport. additionalProperties: false properties: sshPrivateKey: type: string description: 'Base64 encoded private SSH key.' format: password privateKeyPassphrase: type: string description: 'The passphrase for sshPrivateKey.' format: password skipServerVerification: type: boolean description: 'Skip remote server verification.' SshRepoSpec: type: object additionalProperties: false properties: url: type: string description: 'The SSH Git repository URL to clone from.' type: $ref: "#/components/schemas/RepoSpecType" sshConfig: $ref: "#/components/schemas/SshConfig" required: - url - type - sshConfig GenericRepoSpec: type: object additionalProperties: false properties: url: type: string description: 'The (possibly remote) repository URL.' type: $ref: "#/components/schemas/RepoSpecType" required: - url - type OciAuthType: type: string description: The type of authentication for OCI registries. enum: - docker DockerAuth: type: object description: Docker-style authentication for OCI registries. additionalProperties: false properties: authType: $ref: "#/components/schemas/OciAuthType" username: type: string description: The username for registry authentication. password: type: string description: The password or token for registry authentication. format: password required: - authType - username - password OciAuth: type: object description: Authentication for OCI registries. discriminator: propertyName: authType mapping: docker: "#/components/schemas/DockerAuth" oneOf: - $ref: "#/components/schemas/DockerAuth" OciRepoSpec: type: object description: OCI container registry specification. additionalProperties: false properties: registry: type: string description: 'The OCI registry hostname, FQDN, or IP address with optional port (e.g., quay.io, registry.redhat.io, myregistry.com:5000, 192.168.1.1:5000, [::1]:5000).' scheme: type: string description: 'URL scheme for connecting to the registry.' enum: - http - https default: https type: $ref: "#/components/schemas/RepoSpecType" accessMode: type: string description: 'Access mode for the registry: "Read" for read-only (pull), "ReadWrite" for read-write (pull and push).' enum: - Read - ReadWrite default: Read ociAuth: $ref: "#/components/schemas/OciAuth" ca.crt: type: string description: Base64 encoded root CA. skipServerVerification: type: boolean description: Skip remote server verification. required: - registry - type RepositorySpec: type: object description: RepositorySpec describes a configuration repository. oneOf: - $ref: "#/components/schemas/GenericRepoSpec" - $ref: "#/components/schemas/HttpRepoSpec" - $ref: "#/components/schemas/SshRepoSpec" - $ref: "#/components/schemas/OciRepoSpec" RepositoryStatus: type: object description: RepositoryStatus represents information about the status of a repository. properties: conditions: type: array description: 'Current state of the repository.' items: $ref: '#/components/schemas/Condition' required: - conditions RepositoryList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of repositories.' items: $ref: '#/components/schemas/Repository' description: RepositoryList is a list of Repositories. required: - apiVersion - kind - metadata - items RepoSpecType: type: string description: 'RepoSpecType is the type of the repository.' enum: - git - http - oci Device: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/DeviceSpec' status: $ref: '#/components/schemas/DeviceStatus' required: - apiVersion - kind - metadata description: Device represents a physical device. DeviceConsole: type: object description: DeviceConsole represents the console connection information. properties: sessionMetadata: type: string description: Additional session metadata in the form of key=value pairs, can be used to initialize the type of terminal, console to be used, etc. sessionID: type: string description: The session ID for the console connection. required: - sessionMetadata - sessionID readOnly: true ConfigProviderSpec: oneOf: - $ref: "#/components/schemas/GitConfigProviderSpec" - $ref: "#/components/schemas/KubernetesSecretProviderSpec" - $ref: "#/components/schemas/InlineConfigProviderSpec" - $ref: "#/components/schemas/HttpConfigProviderSpec" GitConfigProviderSpec: type: object properties: name: type: string description: The name of the config provider. gitRef: type: object description: The reference to a Git configuration server. properties: repository: type: string description: The name of the Repository resource. targetRevision: type: string description: The revision to use from the Repository. path: type: string description: The path to the config in the Repository. required: - repository - targetRevision - path required: - name - gitRef KubernetesSecretProviderSpec: type: object properties: name: type: string description: The name of the config provider. secretRef: type: object description: The reference to a Kubernetes secret. properties: name: type: string description: The name of the secret. namespace: type: string description: The namespace of the secret. mountPath: type: string description: Path in the device's file system at which the secret should be mounted. required: - name - namespace - mountPath required: - name - secretRef InlineConfigProviderSpec: type: object properties: name: type: string description: The name of the config provider. inline: type: array description: A list of files to create on the device. items: $ref: '#/components/schemas/FileSpec' required: - name - inline FileSpec: allOf: - $ref: "#/components/schemas/FileContent" - $ref: "#/components/schemas/FileMetadata" - $ref: "#/components/schemas/AbsolutePath" - type: object required: - path - content FileContent: description: The content of a file. type: object properties: content: type: string description: The plain text (UTF-8) or base64-encoded content of the file. contentEncoding: $ref: "#/components/schemas/EncodingType" AbsolutePath: type: object description: Represents an absolute file path. properties: path: type: string description: The absolute path to a file on the system. Note that any existing file will be overwritten. example: "/var/log/app.log" RelativePath: type: object description: Represents a relative file path. properties: path: type: string description: A relative file path on the system. Note that any existing file will be overwritten. example: "src/index.js" EncodingType: type: string description: Specifies the encoding type used for data representation. enum: - plain - base64 x-enum-varnames: - "EncodingPlain" - "EncodingBase64" FileMetadata: description: File metadata. type: object properties: mode: type: integer description: The file's permission mode. You may specify the more familiar octal with a leading zero (e.g., 0644) or as a decimal without a leading zero (e.g., 420). Setuid/setgid/sticky bits are supported. If not specified, the permission mode for files defaults to 0644. user: type: string description: The file's owner, specified either as a name or numeric ID. Defaults to "root". group: type: string description: The file's group, specified either as a name or numeric ID. Defaults to "root". HttpConfigProviderSpec: type: object properties: name: type: string description: The name of the config provider. httpRef: type: object description: The reference to an HTTP configuration server. properties: repository: type: string description: The name of the repository resource to use as the sync source. suffix: type: string description: 'Part of the URL that comes after the base URL. It can include query parameters such as: "/path/to/endpoint?query=param".' filePath: type: string description: Path in the device's file system to which the content returned by the HTTP sever should be written. required: - repository - filePath required: - name - httpRef ApplicationProviderSpec: type: object allOf: - $ref: '#/components/schemas/ApplicationEnvVars' - type: object properties: name: type: string description: The application name must be 1–253 characters long, start with a letter or number, and contain no whitespace. appType: $ref: '#/components/schemas/AppType' required: - appType - oneOf: - $ref: '#/components/schemas/ImageApplicationProviderSpec' - $ref: '#/components/schemas/InlineApplicationProviderSpec' ImageApplicationProviderSpec: type: object allOf: - $ref: '#/components/schemas/ApplicationVolumeProviderSpec' - type: object properties: image: type: string description: Reference to the OCI image or artifact for the application package. ports: type: array description: Port mappings. items: $ref: '#/components/schemas/ApplicationPort' resources: $ref: '#/components/schemas/ApplicationResources' required: - image InlineApplicationProviderSpec: type: object allOf: - $ref: '#/components/schemas/ApplicationVolumeProviderSpec' - type: object properties: inline: type: array description: A list of application content. items: $ref: "#/components/schemas/ApplicationContent" required: - inline ApplicationVolumeProviderSpec: type: object properties: volumes: type: array description: List of application volumes. items: $ref: "#/components/schemas/ApplicationVolume" ApplicationVolume: allOf: - type: object description: Defines a named volume used by an application. properties: name: type: string description: Unique name of the volume used within the application. reclaimPolicy: $ref: "#/components/schemas/ApplicationVolumeReclaimPolicy" required: - name - oneOf: - $ref: "#/components/schemas/ImageVolumeProviderSpec" - $ref: "#/components/schemas/MountVolumeProviderSpec" - $ref: "#/components/schemas/ImageMountVolumeProviderSpec" ApplicationVolumeReclaimPolicy: type: string description: Defines how the agent handles a volume when the owning application is removed. default: Retain enum: - Retain VolumeMount: type: object description: Mount configuration for a volume. properties: path: type: string description: Mount path in the container with support for options. example: "/etc/nginx/conf.d:ro" required: - path ImageVolumeProviderSpec: type: object properties: image: $ref: '#/components/schemas/ImageVolumeSource' required: - image not: required: [mount] ImageVolumeSource: type: object description: Describes the source of an OCI-compliant image or artifact. properties: reference: type: string description: Reference to an OCI-compliant image or artifact in a registry. This may be a container image or another type of OCI artifact, as long as it conforms to the OCI image specification. pullPolicy: $ref: '#/components/schemas/ImagePullPolicy' required: - reference MountVolumeProviderSpec: type: object description: Named volume mount configuration. properties: mount: $ref: '#/components/schemas/VolumeMount' required: - mount not: required: [image] ImageMountVolumeProviderSpec: type: object description: Volume from OCI image mounted at specified path. properties: image: $ref: '#/components/schemas/ImageVolumeSource' mount: $ref: '#/components/schemas/VolumeMount' required: - image - mount ApplicationContent: allOf: - $ref: '#/components/schemas/FileContent' - $ref: '#/components/schemas/RelativePath' - type: object required: - path ApplicationEnvVars: type: object properties: envVars: type: object description: Environment variable key-value pairs, injected during runtime. The key and value each must be between 1 and 253 characters. additionalProperties: type: string ApplicationPort: type: string description: Port mapping in format "hostPort:containerPort" (e.g., "8080:80"). pattern: '^\d+:\d+$' example: "8080:80" ApplicationResourceLimits: type: object description: Resource limits for the application. properties: cpu: type: string description: CPU limit in cores. Format restricted based on application type. example: "0.75" memory: type: string description: Memory limit with optional unit. Format restricted based on application type. example: "256m" ApplicationResources: type: object description: Resource constraints for the application. properties: limits: $ref: '#/components/schemas/ApplicationResourceLimits' AppType: type: string description: The type of the application. enum: - "compose" - "quadlet" - "container" x-enum-varnames: - "AppTypeCompose" - "AppTypeQuadlet" - "AppTypeContainer" ResourceMonitor: oneOf: - $ref: '#/components/schemas/CpuResourceMonitorSpec' - $ref: '#/components/schemas/MemoryResourceMonitorSpec' - $ref: '#/components/schemas/DiskResourceMonitorSpec' discriminator: propertyName: monitorType mapping: CPU: '#/components/schemas/CpuResourceMonitorSpec' Memory: '#/components/schemas/MemoryResourceMonitorSpec' Disk: '#/components/schemas/DiskResourceMonitorSpec' required: - monitorType ResourceMonitorSpec: type: object description: Specification for monitoring a resource. properties: alertRules: type: array items: $ref: '#/components/schemas/ResourceAlertRule' description: Array of alert rules. Only one alert per severity is allowed. samplingInterval: type: string pattern: '^[1-9]\d*[smh]$' description: "Duration between monitor samples. Format: positive integer followed by 's' for seconds, 'm' for minutes, 'h' for hours." required: - monitorType - alertRules - samplingInterval CpuResourceMonitorSpec: allOf: - type: object required: [ monitorType ] properties: monitorType: type: string description: The type of resource to monitor. - $ref: '#/components/schemas/ResourceMonitorSpec' MemoryResourceMonitorSpec: allOf: - type: object required: [ monitorType ] properties: monitorType: type: string description: The type of resource to monitor. - $ref: '#/components/schemas/ResourceMonitorSpec' DiskResourceMonitorSpec: allOf: - $ref: '#/components/schemas/ResourceMonitorSpec' - type: object required: [ monitorType ] properties: monitorType: type: string description: The type of resource to monitor. - type: object description: Specification for monitoring disk usage. required: - path properties: path: type: string description: The directory path to monitor for disk usage. ResourceAlertRule: type: object properties: severity: $ref: '#/components/schemas/ResourceAlertSeverityType' duration: type: string pattern: '^\d+[smh]$' description: "Duration is the time over which the average usage is observed before alerting. Format: positive integer followed by 's' for seconds, 'm' for minutes, 'h' for hours." percentage: type: number description: The percentage of usage that triggers the alert. description: type: string description: A human-readable description of the alert. required: - severity - duration - percentage - description ResourceAlertSeverityType: type: string description: Severity of the alert. enum: - "Warning" - "Critical" - "Info" x-enum-varnames: - "ResourceAlertSeverityTypeWarning" - "ResourceAlertSeverityTypeCritical" - "ResourceAlertSeverityTypeInfo" DeviceLifecycleHookType: type: string enum: - 'BeforeUpdating' - 'AfterUpdating' - 'BeforeRebooting' - 'AfterRebooting' x-enum-varnames: - "DeviceLifecycleHookBeforeUpdating" - "DeviceLifecycleHookAfterUpdating" - "DeviceLifecycleHookBeforeRebooting" - "DeviceLifecycleHookAfterRebooting" HookAction: allOf: - type: object properties: if: type: array description: Conditions that must be met for the action to be executed. items: $ref: '#/components/schemas/HookCondition' timeout: type: string pattern: '^(?:[1-9]\d*)?\d[smh]$' description: The maximum duration allowed for the action to complete. The duration should be specified as a positive integer followed by a time unit. Supported time units are 's' for seconds, 'm' for minutes, and 'h' for hours. - oneOf: - $ref: '#/components/schemas/HookActionRun' # extend hook actions HookCondition: type: object oneOf: - $ref: '#/components/schemas/HookConditionPathOp' - $ref: '#/components/schemas/HookConditionExpression' # extend hook conditions HookConditionPathOp: type: object properties: path: type: string description: The absolute path to a file or directory that must have changed as condition for the action to be performed. op: type: array description: The operation(s) on files at or below the path that satisfy the path condition. items: $ref: '#/components/schemas/FileOperation' required: - path - op FileOperation: type: string enum: - "created" - "removed" - "updated" x-enum-varnames: - "FileOperationCreated" - "FileOperationRemoved" - "FileOperationUpdated" HookConditionExpression: type: string description: An expression that must evaluate to true as condition for the action to be performed. HookActionRun: type: object properties: run: type: string description: The command to be executed, including any arguments using standard shell syntax. This field supports multiple commands piped together, as if they were executed under a bash -c context. envVars: type: object description: Environment variable key-value pairs, injected during runtime. additionalProperties: type: string workDir: type: string description: The working directory to be used when running the command. required: - run DeviceUpdatePolicySpec: type: object description: Specifies the policy for managing device updates, including when updates should be downloaded and applied. properties: downloadSchedule: $ref: '#/components/schemas/UpdateSchedule' updateSchedule: $ref: '#/components/schemas/UpdateSchedule' UpdateSchedule: type: object description: Defines the schedule for automatic downloading and updates, including timing and optional timeout. properties: timeZone: $ref: '#/components/schemas/TimeZone' at: $ref: '#/components/schemas/CronExpression' startGraceDuration: $ref: '#/components/schemas/Duration' required: - at - startGraceDuration TimeZone: type: string description: Time zone identifiers follow the IANA format AREA/LOCATION, where AREA represents a continent or ocean, and LOCATION specifies a particular site within that area, for example America/New_York, Europe/Paris. Only unambiguous 3-character time zones are supported ("GMT", "UTC"). default: "Local" CronExpression: type: string description: 'Cron expression format for scheduling times. The format is `* * * * *`: - Minutes: `*` matches 0-59. - Hours: `*` matches 0-23. - Day of Month: `*` matches 1-31. - Month: `*` matches 1-12. - Day of Week: `*` matches 0-6. Supported operators: - `*`: Matches any value (e.g., `*` in hours matches every hour). - `-`: Range (e.g., `0-8` for 12 AM to 8 AM). - `,`: List (e.g., `1,12` for 1st and 12th minute). - `/`: Step (e.g., `*/12` for every 12th minute). - Single value (e.g., `8` matches the 8th minute). Example: `* 0-8,16-23 * * *`.' ImagePullPolicy: type: string description: Optional. Defaults to 'IfNotPresent'. When set to 'Always', the image is pulled every time. When set to 'Never', the image must already exist on the device. enum: - "Always" - "IfNotPresent" - "Never" x-enum-varnames: - "PullAlways" - "PullIfNotPresent" - "PullNever" default: IfNotPresent DeviceList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of Devices.' items: $ref: '#/components/schemas/Device' summary: $ref: '#/components/schemas/DevicesSummary' description: DeviceList is a list of Devices. required: - apiVersion - kind - metadata - items DeviceOsSpec: type: object description: DeviceOsSpec describes the target OS for the device. properties: image: type: string description: The target OS image name or URL. required: - image DeviceStatus: type: object description: DeviceStatus represents information about the status of a device. Status may trail the actual state of a device. required: - conditions - systemInfo - applications - applicationsSummary - resources - integrity - config - os - updated - summary - lifecycle properties: conditions: type: array description: Conditions represent the observations of a the current state of a device. items: $ref: '#/components/schemas/Condition' systemInfo: $ref: "#/components/schemas/DeviceSystemInfo" systemd: type: array description: List of systemd unit statuses. items: $ref: "#/components/schemas/SystemdUnitStatus" applications: type: array description: List of device application statuses. items: $ref: "#/components/schemas/DeviceApplicationStatus" applicationsSummary: $ref: "#/components/schemas/DeviceApplicationsSummaryStatus" resources: $ref: "#/components/schemas/DeviceResourceStatus" integrity: $ref: "#/components/schemas/DeviceIntegrityStatus" config: $ref: "#/components/schemas/DeviceConfigStatus" os: $ref: "#/components/schemas/DeviceOsStatus" updated: $ref: "#/components/schemas/DeviceUpdatedStatus" summary: $ref: "#/components/schemas/DeviceSummaryStatus" lastSeen: type: string description: "The last time the device was seen by the service (NOTE: this property is not returned by the API)." format: date-time x-go-json-ignore: true lifecycle: $ref: '#/components/schemas/DeviceLifecycleStatus' DeviceLastSeen: type: object description: DeviceLastSeen represents the last seen timestamp of a device. required: - lastSeen properties: lastSeen: type: string description: The last time the device was seen by the service. format: date-time DeviceSystemInfo: required: - architecture - bootID - operatingSystem - agentVersion type: object description: System information collected from the device. properties: architecture: type: string description: The Architecture reported by the device. bootID: type: string description: Boot ID reported by the device. operatingSystem: type: string description: The Operating System reported by the device. agentVersion: type: string description: The Agent version. customInfo: $ref: "#/components/schemas/CustomDeviceInfo" additionalProperties: type: string description: | Optional system attributes exposed by the agent. Each key corresponds to a configurable internal capability. CustomDeviceInfo: type: object description: User-defined information about the device. additionalProperties: type: string description: A user-defined custom property value. SystemdUnitStatus: type: object required: - unit - description - enableState - loadState - activeState - subState properties: unit: type: string description: The unit name (e.g., "sshd.service"). example: "sshd.service" description: type: string description: The human-readable description for the unit. maxLength: 2048 example: "OpenSSH server daemon" enableState: $ref: "#/components/schemas/SystemdEnableStateType" loadState: $ref: "#/components/schemas/SystemdLoadStateType" activeState: $ref: "#/components/schemas/SystemdActiveStateType" subState: type: string description: The low-level, unit-type-specific state. maxLength: 64 pattern: '^[a-z0-9-]+$' example: "running" SystemdEnableStateType: type: string description: The enable state of the unit file. enum: - "enabled" - "enabled-runtime" - "linked" - "linked-runtime" - "alias" - "masked" - "masked-runtime" - "static" - "disabled" - "indirect" - "generated" - "transient" - "bad" - "unknown" - "" x-enum-varnames: - "SystemdEnableStateEnabled" - "SystemdEnableStateEnabledRuntime" - "SystemdEnableStateLinked" - "SystemdEnableStateLinkedRuntime" - "SystemdEnableStateAlias" - "SystemdEnableStateMasked" - "SystemdEnableStateMaskedRuntime" - "SystemdEnableStateStatic" - "SystemdEnableStateDisabled" - "SystemdEnableStateIndirect" - "SystemdEnableStateGenerated" - "SystemdEnableStateTransient" - "SystemdEnableStateBad" - "SystemdEnableStateUnknown" - "SystemdEnableStateEmpty" SystemdLoadStateType: type: string description: The load state of the unit file. enum: - "stub" - "loaded" - "not-found" - "bad-setting" - "error" - "merged" - "masked" - "unknown" x-enum-varnames: - "SystemdLoadStateStub" - "SystemdLoadStateLoaded" - "SystemdLoadStateNotFound" - "SystemdLoadStateBadSetting" - "SystemdLoadStateError" - "SystemdLoadStateMerged" - "SystemdLoadStateMasked" - "SystemdLoadStateUnknown" SystemdActiveStateType: type: string description: The high-level unit activation state. enum: - "active" - "reloading" - "inactive" - "failed" - "activating" - "deactivating" - "maintenance" - "refreshing" - "unknown" x-enum-varnames: - "SystemdActiveStateActive" - "SystemdActiveStateReloading" - "SystemdActiveStateInactive" - "SystemdActiveStateFailed" - "SystemdActiveStateActivating" - "SystemdActiveStateDeactivating" - "SystemdActiveStateMaintenance" - "SystemdActiveStateRefreshing" - "SystemdActiveStateUnknown" DeviceApplicationStatus: type: object required: - name - ready - restarts - status - embedded - appType properties: name: type: string description: Human readable name of the application. ready: type: string description: The number of containers which are ready in the application. restarts: type: integer description: Number of restarts observed for the application. status: $ref: "#/components/schemas/ApplicationStatusType" embedded: type: boolean description: Whether the application is embedded in the bootc image. appType: $ref: "#/components/schemas/AppType" volumes: type: array description: Status of volumes used by this application. items: $ref: "#/components/schemas/ApplicationVolumeStatus" ApplicationVolumeStatus: type: object description: Status of a volume used by an application. required: - name - reference properties: name: type: string description: Name of the volume. reference: type: string description: Reference to the deployed OCI-compliant image or artifact backing the volume. DeviceApplicationsSummaryStatus: type: object description: A summary of the health of applications on the device. required: - status properties: status: $ref: "#/components/schemas/ApplicationsSummaryStatusType" info: type: string description: Human readable information detailing the last application transition. ApplicationsSummaryStatusType: type: string description: Status of all applications on the device. enum: - "Healthy" - "Degraded" - "Error" - "Unknown" - "NoApplications" x-enum-varnames: - "ApplicationsSummaryStatusHealthy" - "ApplicationsSummaryStatusDegraded" - "ApplicationsSummaryStatusError" - "ApplicationsSummaryStatusUnknown" - "ApplicationsSummaryStatusNoApplications" ApplicationStatusType: type: string description: Status of a single application on the device. enum: - "Preparing" - "Starting" - "Running" - "Error" - "Unknown" - "Completed" x-enum-varnames: - "ApplicationStatusPreparing" - "ApplicationStatusStarting" - "ApplicationStatusRunning" - "ApplicationStatusError" - "ApplicationStatusUnknown" - "ApplicationStatusCompleted" DeviceOsStatus: type: object description: Current status of the device OS. required: - image - imageDigest properties: image: type: string description: Version of the OS image. imageDigest: type: string description: The digest of the OS image (e.g. sha256:a0...). DeviceConfigStatus: type: object description: Current status of the device config. required: - renderedVersion properties: renderedVersion: type: string description: Rendered version of the device config. DeviceSummaryStatus: type: object description: A summary of the health of the device hardware and operating system resources. required: - status properties: status: $ref: "#/components/schemas/DeviceSummaryStatusType" info: type: string description: Human readable information detailing the last device status transition. DeviceSummaryStatusType: type: string description: Status of the device. enum: - "Online" - "Degraded" - "Error" - "Rebooting" - "PoweredOff" - "Unknown" - "AwaitingReconnect" - "ConflictPaused" x-enum-varnames: - "DeviceSummaryStatusOnline" - "DeviceSummaryStatusDegraded" - "DeviceSummaryStatusError" - "DeviceSummaryStatusRebooting" - "DeviceSummaryStatusPoweredOff" - "DeviceSummaryStatusUnknown" - "DeviceSummaryStatusAwaitingReconnect" - "DeviceSummaryStatusConflictPaused" DeviceUpdatedStatus: type: object description: Current status of the device update. required: - status properties: status: $ref: "#/components/schemas/DeviceUpdatedStatusType" info: type: string description: Human readable information about the last device update transition. DeviceUpdatedStatusType: type: string description: Status type of the device update. enum: - "UpToDate" - "OutOfDate" - "Updating" - "Unknown" x-enum-varnames: - "DeviceUpdatedStatusUpToDate" - "DeviceUpdatedStatusOutOfDate" - "DeviceUpdatedStatusUpdating" - "DeviceUpdatedStatusUnknown" DeviceLifecycleStatus: type: object required: - status properties: status: $ref: "#/components/schemas/DeviceLifecycleStatusType" info: type: string description: Human readable information about the device lifecycle status. description: Current status of the device lifecycle. DeviceIntegrityCheckStatus: type: object description: DeviceIntegrityCheckStatus represents the status of the integrity check performed on the device. required: - status properties: status: $ref: "#/components/schemas/DeviceIntegrityCheckStatusType" info: type: string description: Human-readable information about the integrity check status. DeviceIntegrityCheckStatusType: type: string description: Status of the integrity check performed on the device. enum: - "Unknown" - "Unsupported" - "Failed" - "Verified" x-enum-varnames: - "DeviceIntegrityCheckStatusUnknown" - "DeviceIntegrityCheckStatusUnsupported" - "DeviceIntegrityCheckStatusFailed" - "DeviceIntegrityCheckStatusVerified" DeviceLifecycleStatusType: type: string enum: - "Unknown" - "Enrolled" - "Decommissioning" - "Decommissioned" x-enum-varnames: - "DeviceLifecycleStatusUnknown" - "DeviceLifecycleStatusEnrolled" - "DeviceLifecycleStatusDecommissioning" - "DeviceLifecycleStatusDecommissioned" description: Status type of the device lifecycle. DeviceIntegrityStatus: type: object description: Summary status of the integrity of the device. required: - status properties: deviceIdentity: $ref: "#/components/schemas/DeviceIntegrityCheckStatus" tpm: $ref: "#/components/schemas/DeviceIntegrityCheckStatus" status: $ref: "#/components/schemas/DeviceIntegrityStatusSummaryType" info: type: string description: Human readable information about the last integrity transition. lastVerified: type: string format: date-time description: Timestamp of the last integrity verification. DeviceIntegrityStatusSummaryType: type: string description: Status of the integrity of the device. enum: - "Verified" - "Failed" - "Unknown" - "Unsupported" x-enum-varnames: - "DeviceIntegrityStatusVerified" - "DeviceIntegrityStatusFailed" - "DeviceIntegrityStatusUnknown" - "DeviceIntegrityStatusUnsupported" DeviceResourceStatus: type: object description: Current status of the resources of the device. required: - cpu - memory - disk properties: cpu: $ref: "#/components/schemas/DeviceResourceStatusType" memory: $ref: "#/components/schemas/DeviceResourceStatusType" disk: $ref: "#/components/schemas/DeviceResourceStatusType" DeviceResourceStatusType: type: string description: The types of resource statuses. enum: - "Healthy" - "Warning" - "Critical" - "Error" - "Unknown" x-enum-varnames: - "DeviceResourceStatusHealthy" - "DeviceResourceStatusWarning" - "DeviceResourceStatusCritical" - "DeviceResourceStatusError" - "DeviceResourceStatusUnknown" EnrollmentRequestApproval: type: object description: EnrollmentRequestApproval contains information about the approval of a device enrollment request. properties: labels: type: object additionalProperties: type: string description: A set of labels to apply to the device. approved: type: boolean description: Indicates whether the request has been approved. required: - approved EnrollmentRequestApprovalStatus: description: EnrollmentRequestApprovalStatus represents information about the status of a device enrollment request approval. allOf: - $ref: "#/components/schemas/EnrollmentRequestApproval" - type: object description: EnrollmentRequestApprovalStatus contains information about the status of approval of a device enrollment request. properties: approvedBy: type: string description: The name of the approver. approvedAt: type: string format: date-time description: The time at which the request was approved. required: - approvedBy - approvedAt EnrollmentServiceAuth: type: object description: EnrollmentServiceAuth contains the client authentication information for a Flight Control enrollment service. properties: client-certificate-data: type: string description: ClientCertificateData contains PEM-encoded data from a client cert file for TLS. client-key-data: type: string description: ClientKeyData contains PEM-encoded data from a client key file for TLS. required: - client-certificate-data - client-key-data EnrollmentServiceService: type: object description: EnrollmentServiceService contains information about connecting to a Flight Control enrollment service. properties: certificate-authority-data: type: string description: CertificateAuthorityData contains PEM-encoded certificate authority certificates. server: type: string description: Server is the address of the Flight Control enrollment service (https://hostname:port). required: - certificate-authority-data - server EnrollmentService: type: object description: EnrollmentService contains information about how to communicate with a Flight Control enrollment service. properties: authentication: $ref: '#/components/schemas/EnrollmentServiceAuth' service: $ref: '#/components/schemas/EnrollmentServiceService' enrollment-ui-endpoint: type: string description: The URL of the UI that the agent uses to print the QR code and link for enrolling the device. required: - authentication - service - enrollment-ui-endpoint EnrollmentConfig: type: object properties: enrollment-service: $ref: '#/components/schemas/EnrollmentService' required: - enrollment-service EnrollmentRequest: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/EnrollmentRequestSpec' status: $ref: '#/components/schemas/EnrollmentRequestStatus' required: - apiVersion - kind - metadata - spec description: EnrollmentRequest represents a request for approval to enroll a device. EnrollmentRequestList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of EnrollmentRequest.' items: $ref: '#/components/schemas/EnrollmentRequest' required: - apiVersion - kind - metadata - items description: EnrollmentRequestList is a list of EnrollmentRequest. EnrollmentRequestSpec: required: - csr type: object properties: csr: type: string description: 'The PEM-encoded PKCS#10 certificate signing request.' deviceStatus: $ref: '#/components/schemas/DeviceStatus' labels: type: object additionalProperties: type: string description: 'A set of labels that the service will apply to this device when its enrollment is approved.' knownRenderedVersion: type: string description: 'The rendered version of the device from desired.json (optional).' description: EnrollmentRequestSpec is a description of a EnrollmentRequest's target state. EnrollmentRequestStatus: type: object properties: certificate: type: string description: 'The PEM-encoded signed certificate.' conditions: type: array description: 'Current state of the EnrollmentRequest.' items: $ref: '#/components/schemas/Condition' approval: $ref: '#/components/schemas/EnrollmentRequestApprovalStatus' required: - conditions description: EnrollmentRequestStatus represents information about the status of a EnrollmentRequest. ResourceSync: type: object description: ResourceSync represents a reference to one or more files in a repository to sync to resource definitions. properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/ResourceSyncSpec' status: $ref: '#/components/schemas/ResourceSyncStatus' required: - apiVersion - kind - metadata - spec ResourceSyncSpec: type: object description: ResourceSyncSpec describes the file(s) to sync from a repository. properties: repository: type: string description: The name of the repository resource to use as the sync source. targetRevision: type: string description: The desired revision in the repository. path: type: string description: The path of a file or directory in the repository. If a directory, the directory should contain only resource definitions with no subdirectories. Each file should contain the definition of one or more resources. required: - repository - targetRevision - path ResourceSyncStatus: type: object properties: observedCommit: type: string description: The last commit hash that was synced. observedGeneration: type: integer format: int64 description: The last generation that was synced. conditions: type: array description: Current state of a resourcesync. items: $ref: '#/components/schemas/Condition' required: - conditions description: ResourceSyncStatus represents information about the status of a ResourceSync. ResourceSyncList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of resourcesync.' items: $ref: '#/components/schemas/ResourceSync' required: - apiVersion - kind - metadata - items Fleet: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/FleetSpec' status: $ref: '#/components/schemas/FleetStatus' required: - apiVersion - kind - metadata - spec description: Fleet represents a set of devices. FleetList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of Fleets.' items: $ref: '#/components/schemas/Fleet' required: - apiVersion - kind - metadata - items description: FleetList is a list of Fleets. DisruptionBudget: type: object properties: groupBy: type: array items: type: string pattern: '^([A-Za-z0-9][-A-Za-z0-9_/.]*)?[A-Za-z0-9]$' description: List of label keys to perform grouping for the disruption budget. minAvailable: type: integer minimum: 1 description: The maximum number of unavailable devices allowed during rollout. maxUnavailable: minimum: 1 type: integer description: The minimum number of required available devices during rollout. description: DisruptionBudget defines the level of allowed disruption when rollout is in progress. Percentage: type: string description: Percentage is the string format representing percentage string. Batch: type: object properties: selector: $ref: '#/components/schemas/LabelSelector' successThreshold: $ref: '#/components/schemas/Percentage' limit: description: The maximum number or percentage of devices to update in the batch. oneOf: - $ref: '#/components/schemas/Percentage' - type: integer minimum: 1 description: Batch is an element in batch sequence. Duration: type: string pattern: '^(?:[1-9]\d*)?\d[smh]$' description: 'The maximum duration allowed for the action to complete. The duration should be specified as a positive integer followed by a time unit. Supported time units are: `s` for seconds, `m` for minutes, `h` for hours.' RolloutStrategy: type: string description: The strategy of choice for device selection in rollout policy. enum: ['BatchSequence'] BatchSequence: type: object description: BatchSequence defines the list of batches to be executed in sequence. required: - strategy properties: strategy: $ref: '#/components/schemas/RolloutStrategy' sequence: type: array description: A list of batch definitions. minItems: 1 items: $ref: '#/components/schemas/Batch' RolloutDeviceSelection: type: object description: Describes how to select devices for rollout. oneOf: - $ref: '#/components/schemas/BatchSequence' discriminator: propertyName: strategy mapping: BatchSequence: '#/components/schemas/BatchSequence' RolloutPolicy: type: object properties: disruptionBudget: $ref: '#/components/schemas/DisruptionBudget' deviceSelection: $ref: '#/components/schemas/RolloutDeviceSelection' successThreshold: $ref: '#/components/schemas/Percentage' defaultUpdateTimeout: $ref: '#/components/schemas/Duration' description: RolloutPolicy is the rollout policy of the fleet. FleetSpec: type: object description: FleetSpec is a description of a fleet's target state. properties: selector: $ref: '#/components/schemas/LabelSelector' rolloutPolicy: $ref: '#/components/schemas/RolloutPolicy' template: type: object description: The template for the devices in the fleet. properties: metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/DeviceSpec' required: - spec required: - template DeviceSpec: type: object description: DeviceSpec describes a device. properties: updatePolicy: $ref: '#/components/schemas/DeviceUpdatePolicySpec' os: $ref: '#/components/schemas/DeviceOsSpec' config: type: array description: List of config providers. items: $ref: '#/components/schemas/ConfigProviderSpec' applications: type: array description: List of application providers. items: $ref: '#/components/schemas/ApplicationProviderSpec' systemd: type: object description: The systemd services to monitor. properties: matchPatterns: type: array description: A list of match patterns. items: type: string description: A single systemd unit name, with or without suffix, or a shell-style glob pattern to match against currently loaded units. pattern: '^[0-9a-zA-Z:\-_.\\\[\]!\-\*\?]+(@[0-9a-zA-Z:\-_.\\\[\]!\-\*\?]+)?(\.[a-zA-Z\[\]!\-\*\?]+)?$' # SystemD unit pattern supports all allowed formats for unit files and glob searches including templated services maxLength: 256 resources: type: array description: 'Array of resource monitor configurations.' items: $ref: '#/components/schemas/ResourceMonitor' consoles: type: array description: The list of active console sessions. items: $ref: '#/components/schemas/DeviceConsole' decommissioning: $ref: '#/components/schemas/DeviceDecommission' FleetRolloutStatus: type: object description: FleetRolloutStatus represents information about the status of a fleet rollout. properties: currentBatch: type: integer description: The batch number currently being rolled out. FleetStatus: type: object description: FleetStatus represents information about the status of a fleet. Status may trail the actual state of a fleet, especially if devices of a fleet have not contacted the management service in a while. properties: rollout: $ref: '#/components/schemas/FleetRolloutStatus' conditions: type: array description: Current state of the fleet. items: $ref: '#/components/schemas/Condition' devicesSummary: $ref: '#/components/schemas/DevicesSummary' required: - conditions DevicesSummary: type: object description: A summary of the devices in the fleet returned when fetching a single Fleet. required: - total - applicationStatus - summaryStatus - updateStatus properties: total: type: integer format: int64 description: The total number of devices in the fleet. applicationStatus: type: object default: {} additionalProperties: type: integer format: int64 description: A breakdown of the devices in the fleet by "application" status. summaryStatus: type: object default: {} additionalProperties: type: integer format: int64 description: A breakdown of the devices in the fleet by "summary" status. updateStatus: type: object default: {} additionalProperties: type: integer format: int64 description: A breakdown of the devices in the fleet by "updated" status. TemplateVersion: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/TemplateVersionSpec' status: $ref: '#/components/schemas/TemplateVersionStatus' required: - apiVersion - kind - metadata - spec description: TemplateVersion represents a version of a template. TemplateVersionSpec: type: object description: TemplateVersionSpec describes a version of a device template. properties: fleet: type: string description: The fleet whose template this refers to. required: - fleet TemplateVersionStatus: description: TemplateVersionStatus represents information about the status of a template version. allOf: - $ref: '#/components/schemas/DeviceSpec' - type: object properties: updatedAt: type: string description: The time at which the template was last updated. format: date-time conditions: type: array description: Current state of the device. items: $ref: '#/components/schemas/Condition' required: - conditions TemplateVersionList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of TemplateVersions.' items: $ref: '#/components/schemas/TemplateVersion' required: - apiVersion - kind - metadata - items description: TemplateVersionList is a list of TemplateVersions. AuthConfig: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' providers: type: array description: List of all available authentication providers. items: $ref: '#/components/schemas/AuthProvider' defaultProvider: type: string description: Name of the default authentication provider. organizationsEnabled: type: boolean description: Whether organizations are enabled for authentication. required: - apiVersion TokenRequest: type: object required: - grant_type - client_id properties: grant_type: type: string enum: [refresh_token, authorization_code] description: OAuth2 grant type. x-oapi-codegen-extra-tags: form: grant_type client_id: type: string description: OAuth2 client identifier. x-oapi-codegen-extra-tags: form: client_id refresh_token: type: string nullable: true description: Refresh token for refresh_token grant. x-oapi-codegen-extra-tags: form: refresh_token,omitempty code: type: string nullable: true description: Authorization code for authorization_code grant. x-oapi-codegen-extra-tags: form: code,omitempty scope: type: string nullable: true description: OAuth2 scope. x-oapi-codegen-extra-tags: form: scope,omitempty code_verifier: type: string nullable: true description: PKCE code verifier. x-oapi-codegen-extra-tags: form: code_verifier,omitempty redirect_uri: type: string nullable: true description: OAuth2 redirect URI (required for authorization_code grant if included in authorization request). x-oapi-codegen-extra-tags: form: redirect_uri,omitempty description: OAuth2 token request TokenResponse: type: object properties: access_token: type: string description: OAuth2 access token. token_type: type: string enum: [Bearer] description: Token type. id_token: type: string description: OIDC ID token (JWT). Present when using OIDC with openid scope. refresh_token: type: string description: OAuth2 refresh token. expires_in: type: integer description: Token expiration time in seconds. error: type: string description: OAuth2 error code. error_description: type: string description: OAuth2 error description. description: OAuth2 token response UserInfoResponse: type: object properties: sub: type: string description: Subject identifier. preferred_username: type: string description: Preferred username. name: type: string description: Full name. organizations: type: array items: $ref: '#/components/schemas/Organization' description: User organizations. error: type: string description: Error code. description: OIDC UserInfo response ListMeta: type: object properties: continue: type: string description: May be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. remainingItemCount: type: integer description: The number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact. format: int64 description: ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}. ObjectMeta: type: object properties: creationTimestamp: type: string description: The time the object was created. format: date-time deletionTimestamp: type: string description: The time the object will be deleted. format: date-time name: type: string description: The name of the object. labels: type: object description: Map of string keys and values that can be used to organize and categorize (scope and select) objects. additionalProperties: type: string generation: type: integer description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. format: int64 owner: type: string description: A resource that owns this resource, in "kind/name" format. annotations: type: object additionalProperties: type: string description: Properties set by the service. resourceVersion: type: string description: An opaque string that identifies the server's internal version of an object. description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. MatchExpression: properties: key: type: string description: The label key that the selector applies to. operator: type: string description: The operation to apply when matching. enum: [In, NotIn, Exists, DoesNotExist] values: type: array description: The list of values to match. items: type: string required: - key - operator MatchExpressions: type: array description: A list of match expressions. minItems: 1 items: $ref: '#/components/schemas/MatchExpression' LabelSelector: type: object description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. Empty/null label selectors match nothing. properties: matchLabels: type: object description: A map of {key,value} pairs. additionalProperties: type: string matchExpressions: $ref: '#/components/schemas/MatchExpressions' LabelList: type: array items: type: string description: | A list of distinct labels, where each item is formatted as "key=value". example: - "environment=production" - "region=us-east-1" - "tier=backend" Status: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' code: type: integer format: int32 description: Suggested HTTP return code for this status, 0 if not set. message: type: string description: A human-readable description of the status of this operation. reason: type: string description: A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. status: type: string description: 'Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.' description: Status is a return value for calls that don't return other objects. required: - apiVersion - kind - status - code - reason - message Condition: required: - type - status - lastTransitionTime - reason - message type: object properties: type: $ref: '#/components/schemas/ConditionType' status: $ref: '#/components/schemas/ConditionStatus' observedGeneration: type: integer format: int64 description: The .metadata.generation that the condition was set based upon. lastTransitionTime: type: string format: date-time description: The last time the condition transitioned from one status to another. message: type: string description: Human readable message indicating details about last transition. reason: type: string description: A (brief) reason for the condition's last transition. description: Condition contains details for one aspect of the current state of this API Resource. ConditionType: type: string description: Type of condition in CamelCase. enum: - 'Approved' # EnrollmentRequest - 'TPMVerified' # EnrollmentRequest - 'Approved' # CertificateSigningRequest - 'Denied' # CertificateSigningRequest - 'Failed' # CertificateSigningRequest - 'TPMVerified' # CertificateSigningRequest - 'Accessible' # Repository - 'Accessible' # ResourceSync - 'ResourceParsed' # ResourceSync - 'Synced' # ResourceSync - 'Valid' # Fleet - 'RolloutInProgress' # Fleet - 'Updating' # Device - 'SpecValid' # Device (service condition) - 'MultipleOwners' # Device (service condition) - 'DeviceDecommissioning' # Device x-enum-varnames: - EnrollmentRequestApproved - EnrollmentRequestTPMVerified - CertificateSigningRequestApproved - CertificateSigningRequestDenied - CertificateSigningRequestFailed - CertificateSigningRequestTPMVerified - RepositoryAccessible - ResourceSyncAccessible - ResourceSyncResourceParsed - ResourceSyncSynced - FleetValid - FleetRolloutInProgress - DeviceUpdating - DeviceSpecValid - DeviceMultipleOwners - DeviceDecommissioning ConditionStatus: type: string description: Status of the condition, one of True, False, Unknown. enum: - 'True' - 'False' - 'Unknown' x-enum-varnames: - 'ConditionStatusTrue' - 'ConditionStatusFalse' - 'ConditionStatusUnknown' CertificateSigningRequest: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/CertificateSigningRequestSpec' status: $ref: '#/components/schemas/CertificateSigningRequestStatus' required: - apiVersion - kind - metadata - spec description: 'CertificateSigningRequest represents a request for a signed certificate from the CA.' CertificateSigningRequestList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of CertificateSigningRequest.' items: $ref: '#/components/schemas/CertificateSigningRequest' required: - apiVersion - kind - metadata - items description: CertificateSigningRequestList is a list of CertificateSigningRequest. CertificateSigningRequestSpec: description: Wrapper around a user-created CSR, modeled on kubernetes io.k8s.api.certificates.v1.CertificateSigningRequestSpec. properties: expirationSeconds: description: Requested duration of validity for the certificate. format: int32 type: integer extra: additionalProperties: items: type: string type: array description: Extra attributes of the user that created the CSR, populated by the API server on creation and immutable. type: object request: description: The base64-encoded PEM-encoded PKCS#10 CSR. Matches the spec.request field in a kubernetes CertificateSigningRequest resource. format: byte type: string signerName: description: Indicates the requested signer, and is a qualified name. type: string uid: description: UID of the user that created the CSR, populated by the API server on creation and immutable. type: string usages: description: Usages specifies a set of key usages requested in the issued certificate. items: type: string type: array username: description: Name of the user that created the CSR, populated by the API server on creation and immutable. type: string required: - request - signerName type: object CertificateSigningRequestStatus: description: Indicates approval/denial/failure status of the CSR, and contains the issued certificate if any exists. properties: certificate: description: The issued signed certificate, immutable once populated. format: byte type: string conditions: type: array description: Conditions applied to the request. Known conditions are Approved, Denied, and Failed. items: $ref: '#/components/schemas/Condition' required: - conditions type: object Version: properties: version: description: Git version of the service. type: string required: - version Event: type: object description: Event represents a single event that occurred in the system. required: - apiVersion - kind - metadata - involvedObject - reason - message - type - source - actor properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' involvedObject: $ref: '#/components/schemas/ObjectReference' reason: type: string description: A short, machine-readable string that describes the reason for the event. enum: - ResourceCreated - ResourceCreationFailed - ResourceUpdated - ResourceUpdateFailed - ResourceDeleted - ResourceDeletionFailed - DeviceDecommissioned - DeviceDecommissionFailed - DeviceCPUCritical - DeviceCPUWarning - DeviceCPUNormal - DeviceMemoryCritical - DeviceMemoryWarning - DeviceMemoryNormal - DeviceDiskCritical - DeviceDiskWarning - DeviceDiskNormal - DeviceApplicationError - DeviceApplicationDegraded - DeviceApplicationHealthy - DeviceDisconnected - DeviceIsRebooting - DeviceConflictPaused - DeviceConflictResolved - DeviceConnected - DeviceContentUpToDate - DeviceContentOutOfDate - DeviceContentUpdating - DeviceUpdateFailed - EnrollmentRequestApproved - EnrollmentRequestApprovalFailed - DeviceMultipleOwnersDetected - DeviceMultipleOwnersResolved - DeviceSpecValid - DeviceSpecInvalid - InternalTaskFailed - InternalTaskPermanentlyFailed - RepositoryAccessible - RepositoryInaccessible - ReferencedRepositoryUpdated - FleetValid - FleetInvalid - FleetRolloutCreated - FleetRolloutStarted - FleetRolloutFailed - FleetRolloutCompleted - FleetRolloutBatchDispatched - FleetRolloutDeviceSelected - FleetRolloutBatchCompleted - ResourceSyncCommitDetected - ResourceSyncAccessible - ResourceSyncInaccessible - ResourceSyncParsed - ResourceSyncParsingFailed - ResourceSyncSynced - ResourceSyncSyncFailed - SystemRestored message: type: string description: A human-readable description of the status of this operation. details: $ref: '#/components/schemas/EventDetails' type: type: string description: The type of the event. One of Normal, Warning. enum: - Normal - Warning source: $ref: '#/components/schemas/EventSource' actor: type: string description: 'The name of the user or service that triggered the event. The value will be prefixed by either user: (for human users) or service: (for automated services).' EventSource: type: object description: The component that is responsible for the event. required: - component properties: component: type: string description: The name of the component that is responsible for the event. ObjectReference: type: object description: A reference to a resource. required: - kind - name properties: kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' name: type: string description: The name of the referenced object. EventList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of Events.' items: $ref: '#/components/schemas/Event' required: - apiVersion - kind - metadata - items description: EventList is a list of Events. EventDetails: type: object required: - detailType description: Event-specific details, structured based on event type. discriminator: propertyName: detailType mapping: ResourceUpdated: "#/components/schemas/ResourceUpdatedDetails" DeviceOwnershipChanged: "#/components/schemas/DeviceOwnershipChangedDetails" DeviceMultipleOwnersDetected: "#/components/schemas/DeviceMultipleOwnersDetectedDetails" DeviceMultipleOwnersResolved: "#/components/schemas/DeviceMultipleOwnersResolvedDetails" InternalTaskFailed: "#/components/schemas/InternalTaskFailedDetails" InternalTaskPermanentlyFailed: "#/components/schemas/InternalTaskPermanentlyFailedDetails" ResourceSyncCompleted: "#/components/schemas/ResourceSyncCompletedDetails" ReferencedRepositoryUpdated: "#/components/schemas/ReferencedRepositoryUpdatedDetails" FleetRolloutStarted: "#/components/schemas/FleetRolloutStartedDetails" FleetRolloutFailed: "#/components/schemas/FleetRolloutFailedDetails" FleetRolloutCompleted: "#/components/schemas/FleetRolloutCompletedDetails" FleetRolloutBatchDispatched: "#/components/schemas/FleetRolloutBatchDispatchedDetails" FleetRolloutBatchCompleted: "#/components/schemas/FleetRolloutBatchCompletedDetails" FleetRolloutDeviceSelected: "#/components/schemas/FleetRolloutDeviceSelectedDetails" oneOf: - $ref: "#/components/schemas/ResourceUpdatedDetails" - $ref: "#/components/schemas/DeviceOwnershipChangedDetails" - $ref: "#/components/schemas/DeviceMultipleOwnersDetectedDetails" - $ref: "#/components/schemas/DeviceMultipleOwnersResolvedDetails" - $ref: "#/components/schemas/InternalTaskFailedDetails" - $ref: "#/components/schemas/InternalTaskPermanentlyFailedDetails" - $ref: "#/components/schemas/ResourceSyncCompletedDetails" - $ref: "#/components/schemas/ReferencedRepositoryUpdatedDetails" - $ref: "#/components/schemas/FleetRolloutStartedDetails" - $ref: "#/components/schemas/FleetRolloutFailedDetails" - $ref: "#/components/schemas/FleetRolloutCompletedDetails" - $ref: "#/components/schemas/FleetRolloutBatchDispatchedDetails" - $ref: "#/components/schemas/FleetRolloutBatchCompletedDetails" - $ref: "#/components/schemas/FleetRolloutDeviceSelectedDetails" ResourceUpdatedDetails: type: object required: - detailType - updatedFields properties: detailType: type: string enum: [ResourceUpdated] description: The type of detail for discriminator purposes. updatedFields: type: array items: type: string enum: [owner, labels, spec, spec.selector, spec.template] description: List of fields that were updated in the resource. previousOwner: type: string nullable: true description: The previous owner (if applicable). newOwner: type: string nullable: true description: The new owner (if applicable). DeviceOwnershipChangedDetails: type: object required: - detailType properties: detailType: type: string enum: [DeviceOwnershipChanged] description: The type of detail for discriminator purposes. previousOwner: type: string nullable: true description: The previous owner fleet (null if none). newOwner: type: string nullable: true description: The new owner fleet (null if removed). DeviceMultipleOwnersDetectedDetails: type: object required: - detailType - matchingFleets properties: detailType: type: string enum: [DeviceMultipleOwnersDetected] description: The type of detail for discriminator purposes. matchingFleets: type: array items: type: string description: List of fleet names that match the device. DeviceMultipleOwnersResolvedDetails: type: object required: - detailType - resolutionType properties: detailType: type: string enum: [DeviceMultipleOwnersResolved] description: The type of detail for discriminator purposes. resolutionType: type: string enum: [SingleMatch, NoMatch, FleetDeleted] description: How the conflict was resolved. assignedOwner: type: string nullable: true description: The fleet assigned as owner (null if no owner). previousMatchingFleets: type: array items: type: string description: List of fleets that previously matched the device. InternalTaskFailedDetails: type: object required: - detailType - errorMessage - originalEvent properties: detailType: type: string enum: [InternalTaskFailed] description: The type of detail for discriminator purposes. errorMessage: type: string description: The error message describing the failure. retryCount: type: integer description: Number of times the task has been retried. originalEvent: $ref: '#/components/schemas/Event' InternalTaskPermanentlyFailedDetails: type: object required: - detailType - errorMessage - retryCount - originalEvent properties: detailType: type: string enum: [InternalTaskPermanentlyFailed] description: The type of detail for discriminator purposes. errorMessage: type: string description: The error message describing the permanent failure. retryCount: type: integer description: Number of times the task was retried before being marked as permanently failed. originalEvent: $ref: '#/components/schemas/Event' ResourceSyncCompletedDetails: type: object required: - detailType - commitHash - changeCount - errorCount properties: detailType: type: string enum: [ResourceSyncCompleted] description: The type of detail for discriminator purposes. commitHash: type: string description: Hash of the last commit. changeCount: type: integer description: Number of changes introduced by this ResourceSync update. errorCount: type: integer description: Number of errors encountered by this ResourceSync update. FleetRolloutStartedDetails: type: object required: - detailType - templateVersion - rolloutStrategy properties: detailType: type: string enum: [FleetRolloutStarted] description: The type of detail for discriminator purposes. templateVersion: type: string description: The name of the TemplateVersion that is rolling out. rolloutStrategy: type: string enum: [None, Batched] description: Rollout strategy type. FleetRolloutDeviceSelectedDetails: type: object required: - detailType - fleetName - templateVersion properties: detailType: type: string enum: [FleetRolloutDeviceSelected] description: The type of detail for discriminator purposes. fleetName: type: string description: The name of the fleet that the device is being selected for. templateVersion: type: string description: The name of the TemplateVersion that the device is being selected to render. FleetRolloutFailedDetails: type: object required: - detailType - templateVersion properties: detailType: type: string enum: [FleetRolloutFailed] description: The type of detail for discriminator purposes. templateVersion: type: string description: The name of the TemplateVersion that this fleet rollout failed for. FleetRolloutCompletedDetails: type: object required: - detailType - templateVersion properties: detailType: type: string enum: [FleetRolloutCompleted] description: The type of detail for discriminator purposes. templateVersion: type: string description: The name of the TemplateVersion that this fleet rollout is completed for. FleetRolloutBatchDispatchedDetails: type: object required: - detailType - templateVersion - batch properties: detailType: type: string enum: [FleetRolloutBatchDispatched] description: The type of detail for discriminator purposes. templateVersion: type: string description: The name of the TemplateVersion that this batch is rolling out to. batch: type: string description: The batch within the fleet rollout. FleetRolloutBatchCompletedDetails: type: object required: - detailType - templateVersion - batch - successPercentage - total - successful - failed - timedOut properties: detailType: type: string enum: [FleetRolloutBatchCompleted] description: The type of detail for discriminator purposes. templateVersion: type: string description: The name of the TemplateVersion that this batch is rolling out to. batch: type: string description: The batch within the fleet rollout. successPercentage: type: integer format: int64 description: The success percentage of the batch. total: type: integer format: int64 description: The total number of devices in the batch. successful: type: integer format: int64 description: The number of successful devices in the batch. failed: type: integer format: int64 description: The number of failed devices in the batch. timedOut: type: integer format: int64 description: The number of timed out devices in the batch. ReferencedRepositoryUpdatedDetails: type: object required: - detailType - repository properties: detailType: type: string enum: [ReferencedRepositoryUpdated] description: The type of detail for discriminator purposes. repository: type: string description: The name of the repository that was updated. Organization: type: object required: - apiVersion - kind - metadata properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/OrganizationSpec' OrganizationSpec: type: object description: OrganizationSpec describes an organization. properties: displayName: type: string description: Human readable name shown to users. externalId: type: string description: External ID of the organization. OrganizationList: type: object required: - apiVersion - kind - metadata - items properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of Organizations.' items: $ref: '#/components/schemas/Organization' description: OrganizationList is a list of Organizations. AuthProvider: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ObjectMeta' spec: $ref: '#/components/schemas/AuthProviderSpec' required: - apiVersion - kind - metadata - spec description: AuthProvider represents an authentication provider configuration supporting both OIDC and OAuth2. AuthProviderSpec: oneOf: - $ref: '#/components/schemas/OIDCProviderSpec' - $ref: '#/components/schemas/OAuth2ProviderSpec' - $ref: '#/components/schemas/OpenShiftProviderSpec' - $ref: '#/components/schemas/AapProviderSpec' - $ref: '#/components/schemas/K8sProviderSpec' discriminator: propertyName: providerType mapping: oidc: '#/components/schemas/OIDCProviderSpec' oauth2: '#/components/schemas/OAuth2ProviderSpec' openshift: '#/components/schemas/OpenShiftProviderSpec' aap: '#/components/schemas/AapProviderSpec' k8s: '#/components/schemas/K8sProviderSpec' required: - providerType OIDCProviderSpec: type: object description: OIDCProviderSpec describes an OIDC provider configuration. properties: providerType: type: string enum: [oidc] description: The type of authentication provider. displayName: type: string description: Human-readable display name for the provider. issuer: type: string description: The OIDC issuer URL (e.g., https://accounts.google.com). clientId: type: string description: The OIDC client ID. clientSecret: type: string description: The OIDC client secret. writeOnly: true enabled: type: boolean description: Whether this OIDC provider is enabled. default: true scopes: type: array items: type: string description: List of OIDC scopes to request. organizationAssignment: $ref: '#/components/schemas/AuthOrganizationAssignment' usernameClaim: type: array items: type: string description: JSON path to the username claim in the JWT token as an array of path segments (e.g., ["preferred_username"], ["email"], ["sub"]). default: ["preferred_username"] roleAssignment: $ref: '#/components/schemas/AuthRoleAssignment' required: - providerType - issuer - clientId - clientSecret - organizationAssignment - roleAssignment OAuth2ProviderSpec: type: object description: OAuth2ProviderSpec describes an OAuth2 provider configuration. properties: providerType: type: string enum: [oauth2] description: The type of authentication provider. displayName: type: string description: Human-readable display name for the provider. issuer: type: string description: The OAuth2 issuer identifier (used for issuer identification in tokens). authorizationUrl: type: string description: The OAuth2 authorization endpoint URL. tokenUrl: type: string description: The OAuth2 token endpoint URL. userinfoUrl: type: string description: The OAuth2 userinfo endpoint URL. clientId: type: string description: The OAuth2 client ID. clientSecret: type: string description: The OAuth2 client secret. writeOnly: true enabled: type: boolean description: Whether this OAuth2 provider is enabled. default: true scopes: type: array items: type: string description: List of OAuth2 scopes to request. organizationAssignment: $ref: '#/components/schemas/AuthOrganizationAssignment' usernameClaim: type: array items: type: string description: JSON path to the username claim in the userinfo response as an array of path segments (e.g., ["preferred_username"], ["email"], ["sub"]). default: ["preferred_username"] roleAssignment: $ref: '#/components/schemas/AuthRoleAssignment' introspection: $ref: '#/components/schemas/OAuth2Introspection' required: - providerType - authorizationUrl - tokenUrl - userinfoUrl - clientId - clientSecret - organizationAssignment - roleAssignment OAuth2Introspection: type: object description: OAuth2Introspection defines the token introspection configuration. oneOf: - $ref: '#/components/schemas/Rfc7662IntrospectionSpec' - $ref: '#/components/schemas/GitHubIntrospectionSpec' - $ref: '#/components/schemas/JwtIntrospectionSpec' discriminator: propertyName: type mapping: rfc7662: '#/components/schemas/Rfc7662IntrospectionSpec' github: '#/components/schemas/GitHubIntrospectionSpec' jwt: '#/components/schemas/JwtIntrospectionSpec' Rfc7662IntrospectionSpec: type: object description: Rfc7662IntrospectionSpec defines token introspection using RFC 7662 standard. Uses the OAuth2ProviderSpec clientId and clientSecret for authentication. properties: type: type: string enum: [rfc7662] description: The introspection type. url: type: string description: The RFC 7662 token introspection endpoint URL. required: - type - url GitHubIntrospectionSpec: type: object description: GitHubIntrospectionSpec defines token introspection using GitHub API (POST /applications/{client_id}/token). Uses the OAuth2ProviderSpec clientId and clientSecret for Basic Auth and URL path. properties: type: type: string enum: [github] description: The introspection type. url: type: string description: The GitHub API base URL. Defaults to https://api.github.com for GitHub.com, but can be customized for GitHub Enterprise Server. default: https://api.github.com required: - type JwtIntrospectionSpec: type: object description: JwtIntrospectionSpec defines token introspection using JWT validation with JWKS. properties: type: type: string enum: [jwt] description: The introspection type. jwksUrl: type: string description: The JWKS (JSON Web Key Set) endpoint URL for fetching public keys to validate JWT signatures. issuer: type: string description: Expected issuer claim value in the JWT. If not specified, uses the OAuth2ProviderSpec issuer. audience: type: array items: type: string description: Expected audience claim values in the JWT. If not specified, uses the OAuth2ProviderSpec clientId. required: - type - jwksUrl OpenShiftProviderSpec: type: object description: OpenShiftProviderSpec describes an OpenShift OAuth provider configuration. properties: providerType: type: string enum: [openshift] description: The type of authentication provider. displayName: type: string description: Human-readable display name for the provider. issuer: type: string description: The OAuth2 issuer identifier (used for issuer identification in tokens). authorizationUrl: type: string description: The OAuth2 authorization endpoint URL. tokenUrl: type: string description: The OAuth2 token endpoint URL. clientId: type: string description: The OAuth2 client ID. clientSecret: type: string description: The OAuth2 client secret. writeOnly: true enabled: type: boolean description: Whether this OpenShift provider is enabled. default: true scopes: type: array items: type: string description: List of OAuth2 scopes to request. clusterControlPlaneUrl: type: string description: The OpenShift cluster control plane URL. projectLabelFilter: type: string description: If specified, only projects with this label will be considered. The label selector should be in the format 'key' or 'key=value'. If only the key is provided, any project with that label (regardless of value) will be included. This enables server-side filtering for better performance. roleSuffix: type: string description: Optional suffix to strip from ClusterRole names when normalizing role names. Used for multi-release deployments where ClusterRoles have namespace-specific names (e.g., flightctl-admin-). required: - providerType AapProviderSpec: type: object description: AapProviderSpec describes an Ansible Automation Platform (AAP) provider configuration. properties: providerType: type: string enum: [aap] description: The type of authentication provider. displayName: type: string description: Human-readable display name for the provider. apiUrl: type: string description: The internal AAP API URL. authorizationUrl: type: string description: The OAuth2 authorization endpoint URL. tokenUrl: type: string description: The OAuth2 token endpoint URL. clientId: type: string description: The OAuth2 client ID. clientSecret: type: string description: The OAuth2 client secret. writeOnly: true enabled: type: boolean description: Whether this AAP provider is enabled. default: true scopes: type: array items: type: string description: List of OAuth2 scopes to request. required: - providerType - apiUrl - authorizationUrl - tokenUrl - clientId - clientSecret - scopes K8sProviderSpec: type: object description: K8sProviderSpec describes a Kubernetes/OpenShift provider configuration. properties: providerType: type: string enum: [k8s] description: The type of authentication provider. displayName: type: string description: Human-readable display name for the provider. apiUrl: type: string description: The internal Kubernetes API URL. rbacNs: type: string description: The RBAC namespace for permissions. enabled: type: boolean description: Whether this K8s provider is enabled. default: true organizationAssignment: $ref: '#/components/schemas/AuthOrganizationAssignment' roleAssignment: $ref: '#/components/schemas/AuthRoleAssignment' roleSuffix: type: string description: Optional suffix to strip from ClusterRole names when normalizing role names. Used for multi-release deployments where ClusterRoles have namespace-specific names (e.g., flightctl-admin-). required: - providerType - apiUrl - organizationAssignment - roleAssignment AuthOrganizationAssignment: type: object description: AuthOrganizationAssignment defines how users from this auth provider are assigned to organizations. oneOf: - $ref: '#/components/schemas/AuthStaticOrganizationAssignment' - $ref: '#/components/schemas/AuthDynamicOrganizationAssignment' - $ref: '#/components/schemas/AuthPerUserOrganizationAssignment' discriminator: propertyName: type mapping: static: '#/components/schemas/AuthStaticOrganizationAssignment' dynamic: '#/components/schemas/AuthDynamicOrganizationAssignment' perUser: '#/components/schemas/AuthPerUserOrganizationAssignment' AuthStaticOrganizationAssignment: type: object description: AuthStaticOrganizationAssignment assigns all users from this auth provider to a single static organization. properties: type: type: string enum: [static] description: The type of organization assignment. organizationName: type: string description: The name of the organization where all users will be assigned. required: - type - organizationName AuthDynamicOrganizationAssignment: type: object description: AuthDynamicOrganizationAssignment assigns users to organizations based on auth provider claims. properties: type: type: string enum: [dynamic] description: The type of organization assignment. claimPath: type: array items: type: string description: The JSON path to the claim that contains the organization identifier (e.g., ["groups", "0"] or ["custom", "org"]). organizationNamePrefix: type: string description: The prefix for the organization name (e.g., "org-"). default: "" organizationNameSuffix: type: string description: The suffix for the organization name (e.g., "-org"). default: "" required: - type - claimPath AuthPerUserOrganizationAssignment: type: object description: AuthPerUserOrganizationAssignment creates a separate organization for each user. properties: type: type: string enum: [perUser] description: The type of organization assignment. organizationNamePrefix: type: string description: The prefix for the user-specific organization name (e.g., "user-org-"). default: "user-org-" organizationNameSuffix: type: string description: The suffix for the user-specific organization name (e.g., "-org"). default: "" required: - type AuthRoleAssignment: type: object description: AuthRoleAssignment defines how roles are assigned to users from this auth provider. oneOf: - $ref: '#/components/schemas/AuthStaticRoleAssignment' - $ref: '#/components/schemas/AuthDynamicRoleAssignment' discriminator: propertyName: type mapping: static: '#/components/schemas/AuthStaticRoleAssignment' dynamic: '#/components/schemas/AuthDynamicRoleAssignment' AuthStaticRoleAssignment: type: object description: AuthStaticRoleAssignment assigns a static set of roles to all users from this auth provider. properties: type: type: string enum: [static] description: The type of role assignment. roles: type: array items: type: string description: The list of role names to assign to all users. required: - type - roles AuthDynamicRoleAssignment: type: object description: AuthDynamicRoleAssignment extracts roles from auth provider claims using a JSON path. properties: type: type: string enum: [dynamic] description: The type of role assignment. claimPath: type: array items: type: string description: The JSON path to the role/group claim (e.g., ["groups"], ["roles"], ["realm_access", "roles"]). separator: type: string description: Separator for org:role format (default ':'). Roles containing the separator are split into organization-scoped roles. Roles without separator are global and apply to all organizations. default: ":" required: - type - claimPath AuthProviderList: type: object properties: apiVersion: type: string description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources.' kind: type: string description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds.' metadata: $ref: '#/components/schemas/ListMeta' items: type: array description: 'List of auth providers.' items: $ref: '#/components/schemas/AuthProvider' required: - apiVersion - kind - metadata - items description: AuthProviderList is a list of auth providers. PermissionList: type: object description: List of available permissions for a user. properties: permissions: type: array description: List of permissions available to the user. items: $ref: '#/components/schemas/Permission' required: - permissions Permission: type: object description: A permission defining allowed operations on a resource. properties: resource: type: string description: The resource (e.g., "devices", "fleets", "*" for all resources). operations: type: array description: List of allowed operations (e.g., "get", "list", "create", "update", "patch", "delete", "*" for all operations). items: type: string required: - resource - operations