swagger: "2.0"
info:
version: "1.4.1"
title: "🏹 Archer"
contact:
name: SAP SE / Converged Cloud
url: https://sap.com
license:
name: "Apache 2.0"
url: "https://www.apache.org/licenses/LICENSE-2.0.html"
x-logo:
url: "https://avatars.githubusercontent.com/u/4242847"
backgroundColor: "#FFFFFF"
altText: "Archer logo"
description: |
# Documentation
Archer is an API service that can privately connect services from one private [OpenStack Network](https://docs.openstack.org/neutron/latest/admin/intro-os-networking.html) to another. Consumers can select a *service* from a service catalog and **inject** it to their network, which means making this *service* available via a private ip address.
Archer implements an *OpenStack* like API and integrates with *OpenStack Keystone* and *OpenStack Neutron*.
### Architecture
There are two types of resources: **services** and **endpoints**
* **Services** are private or public services that are manually configured in *Archer*. They can be accessed by creating an endpoint.
* **Service endpoints**, or short **endpoints**, are IP endpoints in a local network used to transparently access services residing in different private networks.
### Features
* Multi-tenant capable via OpenStack Identity service
* OpenStack `policy.json` access policy support
* Prometheus Exporter
* Rate limiting
### Supported Backends
* F5 BigIP
### Requirements
* PostgreSQL Database
## API properties
This section describes properties of the Archer API. It uses a ReSTful HTTP API.
#### Request format
The Archer API only accepts requests with the JSON data serialization format. The Content-Type header for POST requests is always expected to be `application/json`.
#### Response format
The Archer API always response with JSON data serialization format. The Content-Type header is always `Content-Type: application/json`.
#### Authentication and authorization
The **Archer API** uses the OpenStack Identity service as the default authentication service. When Keystone is enabled, users that submit requests to the OpenStack Networking service must provide an authentication token in `X-Auth-Token` request header.
You obtain the token by authenticating to the Keystone endpoint.
When Keystone is enabled, the `project_id` attribute is not required in create requests because the project ID is derived from the authentication token.
#### Pagination
To reduce load on the service, list operations will return a maximum number of items at a time. To navigate the collection, the parameters limit, marker and page_reverse can be set in the URI. For example:
```
?limit=100&marker=1234&page_reverse=False
```
The `marker` parameter is the ID of the last item in the previous list. The `limit` parameter sets the page size. The `page_reverse` parameter sets the page direction.
These parameters are optional.
If the client requests a limit beyond the maximum limit configured by the deployment, the server returns the maximum limit number of items.
For convenience, list responses contain atom **next** links and **previous** links. The last page in the list requested with `page_reverse=False` will not contain **next** link, and the last page in the list requested with `page_reverse=True` will not contain **previous** link.
To determine if pagination is supported, a user can check whether the `pagination` capability is available through the Archer API detail endpoint.
#### Sorting
You can use the `sort` parameter to sort the results of list operations.
The sort parameter contains a comma-separated list of sort keys, in order of the sort priority. Each sort key can be optionally prepended with a minus **-** character to reverse default sort direction (ascending).
For example:
```
?sort=key1,-key2,key3
```
**key1** is the first key (ascending order), **key2** is the second key (descending order) and **key3** is the third key in ascending order.
To determine if sorting is supported, a user can check whether the `sort` capability is available through the Archer API detail endpoint.
#### Filtering by tags
Most resources (e.g. service and endpoint) support adding tags to the resource attributes. Archer supports advanced filtering using these tags for list operations. The following tag filters are supported by the Archer API:
* `tags` - Return the list of entities that have this tag or tags.
* `tags-any` - Return the list of entities that have one or more of the given tags.
* `not-tags` - Return the list of entities that do not have one or more of the given tags.
* `not-tags-any` - Return the list of entities that do not have at least one of the given tags.
Each tag supports a maximum amount of 64 characters.
For example to get a list of resources having both, **red** and **blue** tags:
```
?tags=red,blue
```
To get a list of resourcing having either, **red** or **blue** tags:
```
?tags-any=red,blue
```
Tag filters can also be combined in the same request:
```
?tags=red,blue&tags-any=green,orange
```
#### Response Codes (Faults)
| Code | Description |
| ----- | ----------------- |
| 400 | Validation Error |
| 401 | Unauthorized |
| 403 | Policy does not allow current user to do this
The project is over quota for the request |
| 404 | Not Found
Resource not found |
| 409 | Conflict |
| 422 | Unprocessable Entity |
| 429 | You have reached maximum request limit |
| 500 | Internal server error |
## Endpoint identification
Archer supports the Proxy Protocol v2 for endpoint identification.
The Proxy Protocol is a widely used protocol for passing client connection information through a load balancer to the backend server. It is used to identify the original client IP address and port number. The Proxy Protocol v2 is a binary protocol that is more efficient than the original text-based Proxy Protocol v1.
The proxy protocol header also includes the ID of the endpoint. This information is encoded using a custom Type-Length-Value (TLV) vector as follows.
| Field | Length (Octets) | Description |
| ----- | --------------- | -------------------------------------------------------------- |
| Type | 1 | PP2_TYPE_SAPCC (0xEC) |
| Length| 2 | Length of the value (UUIDv4 is always 36 byte as ASCII string) |
| Value | 36 | ASCII UUID of the endpoint |
externalDocs:
description: GitHub
url: https://github.com/sapcc/archer
consumes:
- application/json
produces:
- application/json
tags:
- name: Version
description: |
### Version API
Lists information of enabled Archer capabilities.
- name: Service
description: |
### Services
Services are for publishing TCP/UDP services using internal IP addresses in your private network.
- name: Endpoint
description: |
### Endpoints
Endpoints are for accessing existing Services using internal IP addresses in your private network.
- name: RBAC
x-go-name: rbac
description: |
### RBAC Policies
RBAC Policies are used to provide service visibility to specific project or domains.
- name: Quota
description: |
### Quota Operations
Administrative API for listing and setting quotas for services and endpoints.
schemes:
- "https"
- "http"
security:
- "X-Auth-Token": []
- {}
securityDefinitions:
"X-Auth-Token":
type: "apiKey"
description: |
The **Archer API** uses the OpenStack Identity service as the default authentication service. When Keystone is enabled, users that submit requests to the OpenStack Networking service must provide an authentication token in `X-Auth-Token` request header.
You obtain the token by authenticating to the Keystone endpoint.
name: "X-Auth-Token"
in: "header"
paths:
/:
get:
security: []
tags:
- Version
summary: Shows details for Archer API
responses:
200:
description: Version
schema:
$ref: "#/definitions/Version"
/service:
get:
tags:
- Service
summary: List services
x-policy: service:read
parameters:
- $ref: '#/parameters/marker'
- $ref: '#/parameters/limit'
- $ref: '#/parameters/sort'
- $ref: '#/parameters/page_reverse'
- $ref: '#/parameters/tags'
- $ref: '#/parameters/tags-any'
- $ref: '#/parameters/not-tags'
- $ref: '#/parameters/not-tags-any'
- $ref: '#/parameters/project_id'
responses:
200:
description: An array of services.
schema:
type: object
properties:
links:
x-omitempty: true
type: array
items:
$ref: '#/definitions/Link'
items:
type: array
items:
$ref: "#/definitions/Service"
400:
description: Bad request
schema:
$ref: "#/definitions/Error"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
post:
tags:
- Service
summary: Add a new service to the catalog
x-policy: service:create
parameters:
- in: body
name: body
description: Service object that needs to be added to the catalog
required: true
schema:
$ref: "#/definitions/Service"
responses:
201:
description: Service
schema:
$ref: "#/definitions/Service"
headers:
X-Target-Id:
type: string
format: uuid
description: "The UUID of the created resource"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
schema:
$ref: "#/definitions/Error"
409:
description: Duplicate entry
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/service/{service_id}:
parameters:
- in: path
name: service_id
required: true
type: string
format: uuid
description: The UUID of the service
get:
tags:
- Service
summary: Show details of an service
x-policy: service:read
responses:
200:
description: Service
schema:
$ref: "#/definitions/Service"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
put:
tags:
- Service
summary: Update an existing service
x-policy: service:update
parameters:
- in: body
name: body
description: Service object that needs to be updated
required: true
schema:
$ref: "#/definitions/ServiceUpdatable"
responses:
200:
description: Service
schema:
$ref: "#/definitions/Service"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
409:
description: Duplicate entry
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
delete:
tags:
- Service
summary: Remove service from catalog
x-policy: service:delete
description: |
Deletes this service. There **must** be no active associated endpoint for successfully deleting the service.
Active endpoints can be rejected by the service owner via the `/service/{service_id}/reject_endpoints` API.
responses:
202:
description: Delete request successfully accepted.
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
409:
description: In use.
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/service/{service_id}/endpoints:
parameters:
- in: path
name: service_id
required: true
type: string
format: uuid
description: The UUID of the service
get:
tags:
- Service
summary: List service endpoints consumers
x-policy: service-endpoint:read
description: |
Provides a list of service consumers (endpoints).
This list can be used to accept or reject requests, or disable active endpoints.
Rejected endpoints will be cleaned up after a specific time.
parameters:
- $ref: '#/parameters/marker'
- $ref: '#/parameters/limit'
- $ref: '#/parameters/sort'
- $ref: '#/parameters/page_reverse'
responses:
200:
description: An array of service endpoint consumers.
schema:
type: object
properties:
links:
x-omitempty: true
type: array
items:
$ref: '#/definitions/Link'
items:
type: array
items:
$ref: "#/definitions/EndpointConsumer"
400:
description: Bad request
schema:
$ref: "#/definitions/Error"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/service/{service_id}/accept_endpoints:
parameters:
- in: path
name: service_id
required: true
type: string
format: uuid
description: The UUID of the service
put:
summary: Accept endpoints
x-policy: service-endpoint:accept
description: |
Specify a list of endpoint consumers (`endpoint_ids` and/or `project_ids`) whose endpoints should be accepted.
* Existing active endpoints will be untouched.
* Rejected endpoints will be accepted.
* Pending endpoints will be accepted.
tags:
- Service
parameters:
- in: body
name: body
description: Service object that needs to be updated
required: true
schema:
$ref: "#/definitions/EndpointConsumerList"
responses:
200:
description: Ok
schema:
type: array
items:
$ref: "#/definitions/EndpointConsumer"
400:
description: Must declare at least one, endpoint_id(s) or project_id(s)
schema:
$ref: "#/definitions/Error"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
schema:
$ref: "#/definitions/Error"
404:
description: Not Found
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/service/{service_id}/reject_endpoints:
parameters:
- in: path
name: service_id
required: true
type: string
format: uuid
description: The UUID of the service
put:
summary: Reject endpoints
x-policy: service-endpoint:reject
description: |
Specify a list of consumers (`endpoint_ids` and/or `project_ids`) whose endpoints should be rejected.
* Existing active endpoints will be rejected.
* Rejected endpoints will be untouched.
* Pending endpoints will be rejected.
tags:
- Service
parameters:
- in: body
name: body
description: Service object that needs to be updated
required: true
schema:
$ref: "#/definitions/EndpointConsumerList"
responses:
200:
description: Ok
schema:
type: array
items:
$ref: "#/definitions/EndpointConsumer"
400:
description: Must declare at least one, endpoint_id(s) or project_id(s)
schema:
$ref: "#/definitions/Error"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
schema:
$ref: "#/definitions/Error"
404:
description: Not Found
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/endpoint:
get:
tags:
- Endpoint
summary: List existing service endpoints
x-policy: endpoint:read
parameters:
- $ref: '#/parameters/marker'
- $ref: '#/parameters/limit'
- $ref: '#/parameters/sort'
- $ref: '#/parameters/page_reverse'
- $ref: '#/parameters/tags'
- $ref: '#/parameters/tags-any'
- $ref: '#/parameters/not-tags'
- $ref: '#/parameters/not-tags-any'
- $ref: '#/parameters/project_id'
responses:
200:
description: An array of endpoints.
schema:
type: object
properties:
links:
x-omitempty: true
type: array
items:
$ref: '#/definitions/Link'
items:
type: array
items:
$ref: "#/definitions/Endpoint"
400:
description: Bad request
schema:
$ref: "#/definitions/Error"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
post:
tags:
- Endpoint
summary: Create endpoint for accessing a service
x-policy: endpoint:create
parameters:
- in: body
name: body
description: Service and target network to inject. Only one of `target_network`, `target_subnet` or `target_port` must be specified.
required: true
schema:
$ref: "#/definitions/Endpoint"
responses:
201:
description: Endpoint
schema:
$ref: "#/definitions/Endpoint"
headers:
X-Target-Id:
type: string
format: uuid
description: "The UUID of the created resource"
400:
description: Bad request
schema:
$ref: "#/definitions/Error"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/endpoint/{endpoint_id}:
parameters:
- in: path
name: endpoint_id
required: true
type: string
format: uuid
description: The UUID of the endpoint
get:
tags:
- Endpoint
summary: Show existing service endpoint
x-policy: endpoint:read
responses:
200:
description: An endpoint detail.
schema:
$ref: "#/definitions/Endpoint"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
schema:
$ref: "#/definitions/Error"
404:
description: Not Found
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
put:
tags:
- Endpoint
summary: Update an existing endpoint
x-policy: endpoint:update
parameters:
- in: body
name: body
description: Endpoint object that needs to be updated
required: true
schema:
type: object
properties:
tags:
type: array
description: The list of tags on the resource.
x-nullable: true
items:
type: string
maxLength: 64
name:
type: string
description: Name of the endpoint.
example: Example endpoint.
maxLength: 64
x-nullable: true
description:
type: string
description: Description of the endpoint.
example: An example of an endpoint.
maxLength: 255
x-nullable: true
responses:
200:
description: Endpoint
schema:
$ref: "#/definitions/Endpoint"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
schema:
$ref: "#/definitions/Error"
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
delete:
tags:
- Endpoint
summary: Remove an existing endpoint
x-policy: endpoint:delete
responses:
202:
description: Delete request successfully accepted.
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
schema:
$ref: "#/definitions/Error"
404:
description: Not Found
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/rbac-policies:
get:
tags:
- RBAC
summary: List RBAC policies
x-policy: rbac-policy:read
parameters:
- $ref: '#/parameters/marker'
- $ref: '#/parameters/limit'
- $ref: '#/parameters/sort'
- $ref: '#/parameters/page_reverse'
responses:
200:
description: A JSON array of rbac policies
schema:
type: object
properties:
links:
x-omitempty: true
type: array
items:
$ref: '#/definitions/Link'
items:
type: array
items:
$ref: "#/definitions/RBACPolicy"
400:
description: Bad request
schema:
$ref: "#/definitions/Error"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
post:
tags:
- RBAC
summary: Create RBAC policy
x-policy: rbac-policy:create
parameters:
- in: body
name: body
description: RBAC Policy
required: true
schema:
$ref: "#/definitions/RBACPolicy"
responses:
201:
description: RBAC policy
schema:
$ref: '#/definitions/RBACPolicy'
headers:
X-Target-Id:
type: string
format: uuid
description: "The UUID of the created resource"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: service_id not found
409:
description: Duplicate RBAC Policy
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/rbac-policies/{rbac_policy_id}:
parameters:
- in: path
name: rbac_policy_id
required: true
type: string
format: uuid
description: The UUID of the RBAC policy.
get:
tags:
- RBAC
summary: Show details of an RBAC policy
x-policy: rbac-policy:read
responses:
200:
description: RBAC Policy
schema:
$ref: '#/definitions/RBACPolicy'
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
put:
tags:
- RBAC
summary: Update an existing RBAC policy
x-policy: rbac-policy:update
parameters:
- in: body
name: body
description: RBAC policy resource that needs to be updated
required: true
schema:
$ref: "#/definitions/RBACPolicyCommon"
responses:
200:
description: RBAC Policy
schema:
$ref: "#/definitions/RBACPolicy"
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
409:
description: Duplicate RBAC Policy
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
delete:
tags:
- RBAC
summary: Delete RBAC policy
x-policy: rbac-policy:delete
responses:
204:
description: RBAC policy successfully deleted.
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/quotas:
parameters:
- in: query
name: project_id
type: string
description: The ID of the project to query.
minLength: 32
maxLength: 32
get:
tags:
- Quota
summary: List Quotas
x-policy: quota:read
responses:
200:
description: A JSON array of quotas
schema:
type: object
properties:
quotas:
type: array
items:
allOf:
- $ref: '#/definitions/Quota'
- $ref: '#/definitions/QuotaUsage'
- type: object
properties:
project_id:
$ref: "#/definitions/Project"
links:
x-omitempty: true
type: array
items:
$ref: '#/definitions/Link'
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/quotas/defaults:
get:
tags:
- Quota
summary: Show Quota Defaults
x-policy: quota:read-defaults
responses:
200:
description: Show the quota defaults configured for new projects.
schema:
type: object
properties:
quota:
$ref: '#/definitions/Quota'
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
/quotas/{project_id}:
parameters:
- in: path
name: project_id
required: true
type: string
description: The ID of the project to query.
get:
tags:
- Quota
summary: Show Quota detail
x-policy: quota:read
responses:
200:
description: Shows the details of a specific monitor.
schema:
allOf:
- $ref: '#/definitions/Quota'
- $ref: '#/definitions/QuotaUsage'
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
put:
tags:
- Quota
summary: Update Quota
x-policy: quota:update
parameters:
- in: body
name: body
required: true
schema:
$ref: '#/definitions/Quota'
responses:
200:
description: Updated quota for a project.
schema:
$ref: '#/definitions/Quota'
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not found
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
delete:
tags:
- Quota
summary: Reset all Quota of a project
x-policy: quota:delete
responses:
204:
description: Resource successfully reset
401:
description: Unauthorized
schema:
$ref: "#/definitions/Error"
403:
description: Forbidden
404:
description: Not Found
schema:
$ref: "#/definitions/Error"
422:
description: Unprocessable Content
schema:
$ref: "#/definitions/Error"
parameters:
marker:
name: marker
in: query
type: string
format: uuid
description: Pagination ID of the last item in the previous list.
limit:
name: limit
in: query
type: integer
description: Sets the page size.
sort:
name: sort
in: query
type: string
description: Comma-separated list of sort keys, optionally prefix with - to reverse sort order.
page_reverse:
name: page_reverse
in: query
type: boolean
description: Sets the page direction.
tags:
name: tags
in: query
type: array
description: |
Filter for tags, multiple tags are considered as logical AND.
Should be provided in a comma separated list.
items:
type: string
tags-any:
name: tags-any
in: query
type: array
description: |
Filter for tags, multiple tags are considered as logical OR.
Should be provided in a comma separated list.
items:
type: string
not-tags:
name: not-tags
in: query
type: array
description: |
Filter for resources not having tags, multiple not-tags are considered as logical AND.
Should be provided in a comma separated list.
items:
type: string
not-tags-any:
name: not-tags-any
in: query
type: array
description: |
Filter for resources not having tags, multiple tags are considered as logical OR.
Should be provided in a comma separated list.
items:
type: string
project_id:
name: project_id
in: query
type: string
description: |
Filter for resources belonging or accessible by a specific project.
minLength: 32
maxLength: 32
definitions:
Service:
required:
- port
- network_id
- ip_addresses
type: object
properties:
id:
type: string
format: uuid
description: The ID of the resource.
readOnly: true
enabled:
type: boolean
description: Enable/disable this service. Existing endpoints are not touched by this.
default: true
name:
type: string
description: Name of the service.
example: ExampleService
maxLength: 64
x-omitempty: false
description:
type: string
description: Description of the service.
example: An example of an Service.
maxLength: 255
x-omitempty: false
port:
type: integer
format: int32
minimum: 1
maximum: 65535
example: 80
description: Port exposed by the service.
x-nullable: false
network_id:
type: string
format: uuid
description: Network ID of the network that provides this service.
ip_addresses:
type: array
description: IP Addresses of the providing service, multiple addresses will be round robin load balanced.
minItems: 1
items:
type: string
format: ipv4
description: IP Address of the providing service.
example: 1.2.3.4
status:
type: string
description: |
Status of the service.
### Status can be one of
| Status | Description |
| ---------------- | -------------------------------------- |
| AVAILABLE | Service is ready for consumption. |
| PENDING_CREATE | Service is being set up |
| PENDING_UPDATE | Service is being updated |
| PENDING_DELETE | Service is being deleted |
| UNAVAILABLE | Service is unavailable (e.g. disabled) |
| ERROR_QUOTA | Service has not enough port quota |
enum:
- AVAILABLE
- PENDING_CREATE
- PENDING_UPDATE
- PENDING_DELETE
- UNAVAILABLE
- ERROR_QUOTA
readOnly: true
require_approval:
type: boolean
description: Require explicit project approval for the service owner.
default: true
visibility:
type: string
description: Set global visibility of the service. For `private` visibility, RBAC policies can extend the visibility to specific projects.
default: private
enum:
- private
- public
availability_zone:
type: string
description: Availability zone of this service.
example: AZ-A
x-nullable: true
x-omitempty: false
host:
type: string
description: Device host.
readOnly: true
x-nullable: true
proxy_protocol:
type: boolean
default: true
description: Proxy protocol v2 enabled for this service.
tags:
type: array
description: The list of tags on the resource.
x-nullable: true
items:
type: string
maxLength: 64
provider:
type: string
description: Provider type, defaults to tenant type.
default: tenant
enum:
- tenant
- cp
x-nullable: true
created_at:
$ref: "#/definitions/Timestamp"
updated_at:
$ref: "#/definitions/Timestamp"
project_id:
$ref: "#/definitions/Project"
ServiceUpdatable:
type: object
properties:
enabled:
type: boolean
description: Enable/disable this service. Existing endpoints are not touched by this.
x-nullable: true
name:
type: string
description: Name of the service.
example: ExampleService
maxLength: 64
x-nullable: true
description:
type: string
description: Description of the service.
example: An example of an Service.
maxLength: 255
x-nullable: true
ip_addresses:
type: array
description: IP Addresses of the providing service, multiple addresses will be round robin load balanced.
minItems: 1
items:
type: string
format: ipv4
description: IP Address of the providing service.
example: 1.2.3.4
port:
type: integer
format: int32
minimum: 1
maximum: 65535
example: 80
description: Port exposed by the service.
x-nullable: true
require_approval:
type: boolean
description: Require explicit project approval for the service owner.
x-nullable: true
visibility:
type: string
description: Set global visibility of the service. For `private` visibility, RBAC policies can extend the visibility to specific projects.
enum:
- private
- public
x-nullable: true
proxy_protocol:
type: boolean
description: Proxy protocol v2 enabled for this service.
x-nullable: true
tags:
type: array
description: The list of tags on the resource.
items:
type: string
maxLength: 64
EndpointConsumer:
type: object
properties:
id:
type: string
format: uuid
description: The ID of the resource.
readOnly: true
status:
$ref: "#/definitions/EndpointStatus"
project_id:
$ref: "#/definitions/Project"
EndpointConsumerList:
type: object
description: list of consumer ids.
properties:
endpoint_ids:
type: array
items:
type: string
format: uuid
description: The ID of a service endpoint consumer.
project_ids:
type: array
items:
$ref: "#/definitions/Project"
Endpoint:
type: object
properties:
id:
type: string
format: uuid
description: The ID of the resource.
readOnly: true
service_id:
type: string
format: uuid
description: The ID of the service.
name:
type: string
description: Name of the endpoint.
example: Example endpoint.
maxLength: 64
x-omitempty: false
description:
type: string
description: Description of the endpoint.
example: An example of an endpoint.
maxLength: 255
x-omitempty: false
target:
type: object
description: Endpoint target
x-nullable: false
properties:
network:
type: string
format: uuid
description: Endpoint network target. One of `target_network`, `target_subnet` or `target_port` must be specified.
example: 49b6480b-24d3-4376-a4c9-aecbb89e16d9
x-nullable: true
subnet:
type: string
format: uuid
description: Endpoint subnet target. One of `target_network`, `target_subnet` or `target_port` must be specified.
example: 1fb12a1a-a1a5-4732-9a2e-635ba6ec8d3b
x-nullable: true
port:
type: string
format: uuid
description: Endpoint port target. One of `target_network`, `target_subnet` or `target_port` must be specified.
example: b2accf1a-1c99-4b54-9eeb-22be53f177f5
x-nullable: true
ip_address:
readOnly: true
type: string
format: ipv4
description: Endpoint IP address.
example: 1.2.3.4
tags:
type: array
description: The list of tags on the resource.
x-nullable: true
items:
type: string
maxLength: 64
status:
$ref: "#/definitions/EndpointStatus"
created_at:
$ref: "#/definitions/Timestamp"
updated_at:
$ref: "#/definitions/Timestamp"
project_id:
$ref: "#/definitions/Project"
EndpointStatus:
type: string
description: |
Status of the endpoint
### Status can be one of
| Status | Description |
| ------------------ | ------------------------------------- |
| AVAILABLE | Endpoint is avaiable for consumption |
| PENDING_APPROVAL | Endpoint is waiting for approval |
| PENDING_CREATE | Endpoint is being set up |
| PENDING_UPDATE | Endpoint is being updated |
| PENDING_REJECTED | Endpoint is being rejected |
| PENDING_DELETE | Endpoint is being deleted |
| REJECTED | Endpoint was rejected |
| FAILED | Endpoint setup failed |
enum:
- AVAILABLE
- PENDING_APPROVAL
- PENDING_CREATE
- PENDING_UPDATE
- PENDING_REJECTED
- PENDING_DELETE
- REJECTED
- FAILED
readOnly: true
RBACPolicyCommon:
x-go-name: rbacpolicycommon
required:
- target
type: object
properties:
id:
type: string
format: uuid
description: The ID of the resource.
readOnly: true
target_type:
type: string
enum:
- project
default: project
target:
description: The ID of the project to which the RBAC policy will be enforced.
type: string
example: 666da95112694b37b3efb0913de3f499
project_id:
$ref: "#/definitions/Project"
RBACPolicy:
x-go-name: rbacpolicy
required:
- service_id
type: object
properties:
id:
type: string
format: uuid
description: The ID of the resource.
readOnly: true
target_type:
type: string
enum:
- project
default: project
target:
description: The ID of the project to which the RBAC policy will be enforced.
type: string
example: 666da95112694b37b3efb0913de3f499
service_id:
type: string
format: uuid
description: The ID of the service resource.
created_at:
$ref: "#/definitions/Timestamp"
updated_at:
$ref: "#/definitions/Timestamp"
project_id:
$ref: "#/definitions/Project"
Quota:
type: object
properties:
service:
type: integer
format: int64
description: The configured service quota limit. A setting of null means it is using the deployment default quota. A setting of -1 means unlimited.
example: 5
minimum: -1
x-nullable: false
endpoint:
type: integer
format: int64
description: The configured endpoint quota limit. A setting of null means it is using the deployment default quota. A setting of -1 means unlimited.
example: 5
minimum: -1
x-nullable: false
Project:
type: string
description: The ID of the project owning this resource.
example: fa84c217f361441986a220edf9b1e337
minLength: 32
maxLength: 32
x-omitempty: false
QuotaUsage:
type: object
properties:
in_use_service:
type: integer
description: The current quota usage of services.
example: 5
x-omitempty: false
in_use_endpoint:
type: integer
description: The current quota usage of endpoints.
example: 5
x-omitempty: false
Version:
type: object
properties:
updated:
type: string
description: Last update of the running version
example: "2018-09-30T00:00:00Z"
version:
type: string
description: Version of Archer
example: 1.3.0
links:
type: array
items:
$ref: "#/definitions/Link"
capabilities:
type: array
example: ["pagination", "sort"]
items:
type: string
Timestamp:
type: object
x-go-type:
type: time.Time
hints:
noValidation: true
format: dateTime
description: The UTC date and timestamp.
readOnly: true
example: 2023-03-31T18:37:54.581099Z
Error:
type: object
properties:
code:
type: integer
x-nullable: false
message:
type: string
x-nullable: false
Link:
type: object
properties:
href:
type: string
example: /
rel:
type: string
example: self