SizeServiceCreateRequest is the request payload for a size create request
+Project defines a group of resources belonging to a tenant
a tenant can have multiple projects
| size | -metalstack.api.v2.Size | +uuid | +string | - | Size is the size to create |
+ Uuid of this project |
SizeServiceGetResponse is the response payload for a size create request
- - -| Field | Type | Label | Description | |||
| meta | +Meta | ++ | Meta for this project |
+ |||
| size | -metalstack.api.v2.Size | +name | +string | - | Size the size |
+ Name of this project must be unique per tenant |
SizeServiceDeleteRequest is the request payload for a size delete request
- - -| Field | Type | Label | Description | ||||
| description | +string | ++ | Description of this project |
+ ||||
| id | +tenant | string | - | ID of the size to delete |
+ Tenant this project belongs to |
+ ||
| avatar_url | +string | +optional | +AvatarUrl of the Project |
| size | -metalstack.api.v2.Size | +secret | +string | - | Size the size |
+ Secret is the secret part of the invite, typically part of the url |
SizeServiceUpdateRequest is the request payload for a size update request
- - -| Field | Type | Label | Description | ||||
| id | +project | string | - | Id of this size |
+ Project is the project id for which this invite was created |
||
| update_meta | -metalstack.api.v2.UpdateMeta | +role | +ProjectRole | - | UpdateMeta contains the timestamp and strategy to be used in this update request |
+ Role is the role in this project the user will get after accepting the invitation |
|
| name | +joined | +bool | ++ | Joined is false as long as a user has not accepted the invite |
+ |||
| project_name | string | -optional | -Name of this size |
+ + | ProjectName is the project name for which this invite was created |
||
| description | +tenant | string | -optional | -Description of this size |
+ + | Tenant is the login of tenant who invites to join this project |
|
| constraints | -metalstack.api.v2.SizeConstraint | -repeated | -Constraints which must match that a specific machine is considered of this size |
+ tenant_name | +string | ++ | TenantName is the name of tenant who invites to join this project |
| labels | -metalstack.api.v2.UpdateLabels | -optional | -Labels to update on this size |
+ expires_at | +google.protobuf.Timestamp | ++ | ExpiresAt the date when this invite expires |
+
| joined_at | +google.protobuf.Timestamp | ++ | JoinedAt the date when the member accepted this invite |
| size | -metalstack.api.v2.Size | +id | +string | - | Size the size |
+ Id is the user id of the member |
+ |
| role | +ProjectRole | ++ | Role is the role of the member |
+ ||||
| inherited_membership | +bool | ++ | InheritedMembership indicates that this member has implicit permissions on the project through his membership within the tenant. +This member does not have direct project membership but gains permissions on this project from the role he has in the tenant. +Inherited memberships are not included in member lists for users with guest permission but only for direct tenant members. |
+ ||||
| created_at | +google.protobuf.Timestamp | ++ | CreatedAt the date when the member was added to the project |
| Method Name | Request Type | Response Type | Description |
| Create | -SizeServiceCreateRequest | -SizeServiceCreateResponse | -Create a size |
-
| Update | -SizeServiceUpdateRequest | -SizeServiceUpdateResponse | -Update a size |
-
| Delete | -SizeServiceDeleteRequest | -SizeServiceDeleteResponse | -Delete a size |
-
BGPFilter can be used to restrict BGP based on CIDRs and VNIs.
+ProjectServiceCreateRequest is the request payload to Create a project
| cidrs | +login | string | -repeated | -CIDRs for which to allow BGP |
+ + | Login is the tenant of this project +TODO: is login really a good name? |
|
| vnis | +name | string | -repeated | -VNIs for which to allow BGP |
+ + | Name of this project, unique per tenant |
+ |
| description | +string | ++ | Description of this project |
+ ||||
| avatar_url | +string | +optional | +Avatar URL of the project |
+ ||||
| labels | +Labels | ++ | Labels on the project |
| machine_id | -string | +project | +Project | - | MachineId of the machine connected to the nic. |
+ Project is the project |
ProjectServiceDeleteRequest is the request payload to delete a project
+ + +| Field | Type | Label | Description | ||||
| nic | -SwitchNic | +project | +string | - | Nic the machine is connected to. |
+ Project is the uuid of the project to get |
| desired | -SwitchPortStatus | -optional | -Desired is the desired port state. |
- ||||
| actual | -SwitchPortStatus | +project | +Project | - | Actual is the actual port state. |
+ Project is the project |
| id | +project | string | - | Id of the switch. |
+ Project is the uuid of the project to get |
| meta | -Meta | -- | Meta for this switch. |
-
ProjectServiceGetResponse is the response payload to get a projects
+ + +| Field | Type | Label | Description | ||||
| description | -string | +project | +Project | - | Description of the switch. |
+ Project is the project |
|
| rack | -string | -optional | -Rack ID if the switch resides in a rack. |
+ project_members | +ProjectMember | +repeated | +ProjectMembers in this project, projects guests will only see direct project members and not implicit memberships from tenant permissions |
| partition | -string | -- | Partition the switch belongs to. |
-
ProjectServiceInviteAcceptRequest is the request payload to a accept invite request
+ + +| Field | Type | Label | Description | |||
| replace_mode | -SwitchReplaceMode | +secret | +string | - | ReplaceMode is used to mark a switch ready for replacement. |
+ Secret is the invitation secret part of the invitation url |
| management_ip | -string | -- | ManagementIp is the switch's IP for management access. |
-
ProjectServiceInvitesListResponse is the response payload to a accept invite request
+ + +| Field | Type | Label | Description | ||||
| management_user | +project | string | -optional | -ManagementUser is the user name to use for management access. |
+ + | Project ID of the project joined |
|
| console_command | +project_name | string | -optional | -ConsoleCommand is the command for accessing the switch's console. |
- |||
| nics | -SwitchNic | -repeated | -Nics are the front panel ports of the switch. |
- ||||
| os | -SwitchOS | - | SwitchOs is the OS running on the switch. |
- ||||
| machine_connections | -MachineConnection | -repeated | -MachineConnections map machines to the nics they are connected to. |
+ ProjectName if the project joined |
| neighbor | -string | -- | Neighbor of this port. |
- ||
| peer_group | +project | string | - | PeerGroup of this port. |
+ Project is the uuid of the project |
| vrf_name | +secret | string | - | VrfName of the VRF this port is bound to. |
+ Secret of the invite to delete |
| bgp_state | -BGPState | -- | BgpState of the connection on this port. |
-
ProjectServiceInviteDeleteResponse is the response payload of a delete invite request
+ + + + + +ProjectServiceInviteGetRequest is the request payload to get a invite
+ + +| Field | Type | Label | Description | |||
| bgp_timer_up_established | -google.protobuf.Timestamp | +secret | +string | - | BgpTimerUpEstablished reports when this port's BGP connection was established. |
+ Secret of the invite to list |
| sent_prefix_counter | -uint64 | -- | SentPrefixCounter counts the prefixes sent by the switch on this port. |
-
ProjectServiceInviteGetResponse is the response payload to a get invite request
+ + +| Field | Type | Label | Description | ||||
| accepted_prefix_counter | -uint64 | +invite | +ProjectInvite | - | AcceptedPrefixCounter counts the prefixes received on this port. |
+ Invite is the invite |
| name | -string | -- | Name of the switch port |
- ||||
| identifier | +project | string | - | Identifier of the port |
+ Project is the uuid of the project |
||
| mac | -string | +role | +ProjectRole | - | MAC address of the port |
- ||
| vrf | -string | -optional | -VRF name if the port is bound in one |
- ||||
| state | -NicState | -optional | -NicState describes the current state of the switch port. |
- ||||
| bgp_filter | -BGPFilter | -optional | -BGPFilter optionally configured on a port. |
- ||||
| bgp_port_state | -SwitchBGPPortState | -optional | -BGPPortState represents the current BGP status of the port. |
+ Role of this user in this project |
| vendor | -SwitchOSVendor | +invite | +ProjectInvite | - | Vendor identifies what NOS distribution is running on the switch, e.g. SONiC. |
+ Inviter contains a secret which can be sent to a potential user +can be appended to the invitation endpoint at our cloud console like +console.metalstack.cloud/invite/<secret> |
| version | -string | -- | Version specifies what NOS version is currently installed on the switch. |
-
ProjectServiceInvitesListRequest is the request payload to a list invites request
+ + +| Field | Type | Label | Description | ||||
| metal_core_version | +project | string | - | MetalCoreVersion is the currently running version of the metal-core. |
+ Project is the uuid of the project |
| vendor | -SwitchOSVendor | -optional | -OsVendor of the switch OS by which to filter the switches. |
- ||||
| version | -string | -optional | -OsVersion of the OS by which to filter the switches. |
+ invites | +ProjectInvite | +repeated | +Invites not already accepted the invitation to this project |
| id | -string | -optional | -Id of the switch to list. |
- ||||
| partition | +project | string | -optional | -Partition of the switches to list. |
- |||
| rack | -string | -optional | -Rack of the switches to list. |
- ||||
| os | -SwitchOSQuery | -optional | -Switch OS specific queries. |
+ + | Project is the uuid of the project |
| Name | Number | Description |
| BGP_STATE_UNSPECIFIED | -0 | -BGP_STATE_UNSPECIFIED is not specified. |
-
| BGP_STATE_IDLE | -1 | -BGP_STATE_IDLE is the Idle state of a BGP session. |
-
| BGP_STATE_CONNECT | -2 | -BGP_STATE_CONNECT is the Connect state of a BGP session. |
-
| BGP_STATE_ACTIVE | -3 | -BGP_STATE_ACTIVE is the Active state of a BGP session. |
-
| BGP_STATE_OPEN_SENT | -4 | -BGP_STATE_OPEN_SENT is the OpenSent state of a BGP session. |
-
| BGP_STATE_OPEN_CONFIRM | -5 | -BGP_STATE_OPEN_CONFIRM is the OpenConfirm state of a BGP session. |
-
| BGP_STATE_ESTABLISHED | -6 | -BGP_STATE_ESTABLISHED is the Established state of a BGP session. |
-
SwitchOSVendor represents a NOS distribution.
-| Name | Number | Description |
| SWITCH_OS_VENDOR_UNSPECIFIED | -0 | -SWITCH_OS_VENDOR_UNSPECIFIED is not specified. |
-
| SWITCH_OS_VENDOR_CUMULUS | -1 | -SWITCH_OS_VENDOR_CUMULUS means this switch is running on Cumulus Linux. |
-
| SWITCH_OS_VENDOR_SONIC | -2 | -SWITCH_OS_VENDOR_SONIC means this switch is running on SONiC NOS. |
-
SwitchPortStatus specifies the state of a switch port.
-| Name | Number | Description |
| SWITCH_PORT_STATUS_UNSPECIFIED | -0 | -SWITCH_PORT_STATUS_UNSPECIFIED is not specified. |
-
| SWITCH_PORT_STATUS_UP | -1 | -SWITCH_PORT_STATUS_UP means this port is up. |
-
| SWITCH_PORT_STATUS_DOWN | -2 | -SWITCH_PORT_STATUS_DOWN means this port is down. |
-
| SWITCH_PORT_STATUS_UNKNOWN | -3 | -SWITCH_PORT_STATUS_UNKNOWN means the status of this port is unknown. |
-
SwitchReplaceMode is used to mark a switch ready for replacement.
-| Name | Number | Description |
| SWITCH_REPLACE_MODE_UNSPECIFIED | -0 | -SWITCH_REPLACE_MODE_UNSPECIFIED is not specified. |
-
| SWITCH_REPLACE_MODE_REPLACE | -1 | -SWITCH_REPLACE_MODE_REPLACE means this switch is waiting to be replaced. |
-
| SWITCH_REPLACE_MODE_OPERATIONAL | -2 | -SWITCH_REPLACE_MODE_OPERATIONAL means this switch is operational and cannot be replaced. |
-
SwitchServiceDeleteRequest.
+ProjectServiceListRequest is the request payload to list all projects
| id | string | -- | Id of the switch. |
+ optional | +Id lists only projects with this id |
||
| force | -bool | -- | Force will allow switch deletion despite existing machine connections. |
+ name | +string | +optional | +Name lists only projects with this name |
+
| tenant | +string | +optional | +Tenant lists only projects of this tenant |
+ ||||
| labels | +Labels | +optional | +Labels lists only projects containing the given labels |
| switch | -metalstack.api.v2.Switch | -- | Switch that has been deleted. |
+ projects | +Project | +repeated | +Projects is a list of all your projects |
| id | +project | string | - | Id of the switch to get. |
+ Project is the uuid of the project |
+ ||
| member | +string | ++ | Member is the id of the member to remove from this project |
| Field | Type | Label | Description |
| switch | -metalstack.api.v2.Switch | -- | Switch that was requested. |
-
SwitchServiceListRequest.
+ProjectServiceUpdateMemberRequest is used to update a member of a project
| query | -metalstack.api.v2.SwitchQuery | -- | Query to filter the results. |
-
SwitchServiceListResponse.
- - -| Field | Type | Label | Description |
| switches | -metalstack.api.v2.Switch | -repeated | -Switches that match the request query. |
-
SwitchServiceMigrateRequest.
- - -| Field | Type | Label | Description |
| old_switch | -string | -- | OldSwitch which to migrate away from. |
-
| new_switch | -string | -- | NewSwitch which to migrate to. |
-
SwitchServiceMigrateResponse.
- - -| Field | Type | Label | Description |
| switch | -metalstack.api.v2.Switch | -- | Switch that was migrated to. |
-
SwitchServicePortRequest.
- - -| Field | Type | Label | Description | ||||
| id | +project | string | - | Id of the switch. |
+ Project is the uuid of the project |
||
| nic_name | +member | string | - | NicName of the port whose status should be changed. |
+ Member is the id of the member to remove from this project |
||
| status | -metalstack.api.v2.SwitchPortStatus | +role | +ProjectRole | - | Status that the port should have. |
+ Role is the role in this project the user will get after the update |
| switch | -metalstack.api.v2.Switch | +project_member | +ProjectMember | - | Switch after the port status toggle.. |
+ ProjectMember is the updated project member |
| id | +project | string | - | ID of the switch. |
+ Project is the uuid of the project to get |
||
| update_meta | -metalstack.api.v2.UpdateMeta | -- | UpdateMeta contains the timestamp and strategy to be used in this update request. |
- ||||
| updated_at | -google.protobuf.Timestamp | +UpdateMeta | - | UpdatedAt is the date when this entity was updated. -must be part of the update request to ensure optimistic locking. |
- |||
| description | -string | -optional | -Description of the switch. |
- ||||
| replace_mode | -metalstack.api.v2.SwitchReplaceMode | -optional | -Replace mode is used to mark a switch ready for replacement. |
+ UpdateMeta contains the timestamp and strategy to be used in this update request |
|||
| management_ip | +name | string | optional | -Management IP is the switch's IP for management access. |
+ Name of this project unique per tenant |
||
| management_user | +description | string | optional | -Management user is the user name to use for management access. |
+ Description of this project |
||
| console_command | +avatar_url | string | optional | -Console command is the command for accessing the switch's console. |
- |||
| nics | -metalstack.api.v2.SwitchNic | -repeated | -Nics are the front panel ports of the switch. |
+ Avatar URL of the project |
|||
| os | -metalstack.api.v2.SwitchOS | +labels | +UpdateLabels | optional | -SwitchOs is the OS running on the switch. |
+ Labels on this project |
| switch | -metalstack.api.v2.Switch | +project | +Project | - | Switch that was updated. |
+ Project is the project |
| RemoveMember | +ProjectServiceRemoveMemberRequest | +ProjectServiceRemoveMemberResponse | +RemoveMember remove a user from a project |
+ |||
| UpdateMember | +ProjectServiceUpdateMemberRequest | +ProjectServiceUpdateMemberResponse | +UpdateMember update a user for a project |
+ |||
| Invite | +ProjectServiceInviteRequest | +ProjectServiceInviteResponse | +Invite a user to a project |
+ |||
| InviteAccept | +ProjectServiceInviteAcceptRequest | +ProjectServiceInviteAcceptResponse | +InviteAccept is called from a user to accept a invitation |
+ |||
| InviteDelete | +ProjectServiceInviteDeleteRequest | +ProjectServiceInviteDeleteResponse | +InviteDelete deletes a pending invitation |
+ |||
| InvitesList | +ProjectServiceInvitesListRequest | +ProjectServiceInvitesListResponse | +InvitesList list all invites to a project |
+ |||
| InviteGet | +ProjectServiceInviteGetRequest | +ProjectServiceInviteGetResponse | +InviteGet get an invite |
+
Tenant is a customer of the platform
+ProjectServiceListRequest is the request payload for the project list request
| login | +tenant | string | -- | Login of the tenant |
+ optional | +Tenant lists only projects of this tenant |
|
| meta | -Meta | -- | Meta for this tenant |
+ labels | +metalstack.api.v2.Labels | +optional | +Labels lists only projects containing the given labels |
| name | -string | -- | Name of the tenant |
-
ProjectServiceListResponse is the response payload for the project list request
+ + +| Field | Type | Label | Description | ||||
| string | -- | Email of the tenant |
+ projects | +metalstack.api.v2.Project | +repeated | +Projects is a list of all projects |
|
| description | -string | -- | Description of this tenant |
-
ProjectService serves project related functions
+| Method Name | Request Type | Response Type | Description |
| List | +ProjectServiceListRequest | +ProjectServiceListResponse | +List projects based on various filter criteria |
+
SizeServiceCreateRequest is the request payload for a size create request
+ + +| Field | Type | Label | Description | |||
| avatar_url | -string | +size | +metalstack.api.v2.Size | - | AvatarUrl of the tenant |
+ Size is the size to create |
SizeServiceGetResponse is the response payload for a size create request
+ + +| Field | Type | Label | Description | ||||
| created_by | -string | +size | +metalstack.api.v2.Size | - | CreatedBy stores who created this tenant |
+ Size the size |
| secret | +id | string | - | Secret is the secret part of the invite, typically part of the url |
+ ID of the size to delete |
| target_tenant | -string | -- | TargetTenant is the tenant id for which this invite was created |
-
SizeServiceDeleteResponse is the response payload for a size delete request
+ + +| Field | Type | Label | Description | |||
| role | -TenantRole | +size | +metalstack.api.v2.Size | - | Role is the role in this tenant the user will get after accepting the invitation |
+ Size the size |
SizeServiceUpdateRequest is the request payload for a size update request
+ + +| Field | Type | Label | Description | ||||
| joined | -bool | +id | +string | - | Joined is false as long as a user has not accepted the invite |
+ Id of this size |
|
| target_tenant_name | -string | +update_meta | +metalstack.api.v2.UpdateMeta | - | TargetTenantName is the tenant name for which this invite was created |
+ UpdateMeta contains the timestamp and strategy to be used in this update request |
|
| tenant | +name | string | -- | Tenant is the login of tenant who invites to join this tenant |
+ optional | +Name of this size |
|
| tenant_name | +description | string | -- | TenantName is the name of tenant who invites to join this tenant |
+ optional | +Description of this size |
|
| expires_at | -google.protobuf.Timestamp | -- | ExpiresAt the date when this invite expires |
+ constraints | +metalstack.api.v2.SizeConstraint | +repeated | +Constraints which must match that a specific machine is considered of this size |
| joined_at | -google.protobuf.Timestamp | -- | JoinedAt the date when the member accepted this invite |
+ labels | +metalstack.api.v2.UpdateLabels | +optional | +Labels to update on this size |
| id | -string | +size | +metalstack.api.v2.Size | - | Id is the user id of the member |
+ Size the size |
| role | -TenantRole | -- | Role is the role of the member |
-
SizeService serves size related functions
+| Method Name | Request Type | Response Type | Description |
| Create | +SizeServiceCreateRequest | +SizeServiceCreateResponse | +Create a size |
+
| Update | +SizeServiceUpdateRequest | +SizeServiceUpdateResponse | +Update a size |
+
| Delete | +SizeServiceDeleteRequest | +SizeServiceDeleteResponse | +Delete a size |
+
BGPFilter can be used to restrict BGP based on CIDRs and VNIs.
+ + +| Field | Type | Label | Description | ||||
| projects | +cidrs | string | repeated | -Projects for the projects in which a user is a direct member |
+ CIDRs for which to allow BGP |
||
| created_at | -google.protobuf.Timestamp | -- | CreatedAt the date when the member was added to the tenant |
+ vnis | +string | +repeated | +VNIs for which to allow BGP |
| name | +machine_id | string | - | Name of this tenant |
- |||
| description | -string | -optional | -Description of this tenant |
- ||||
| string | -optional | -Email of the tenant, if not set will be inherited from the creator |
- |||||
| avatar_url | -string | -optional | -AvatarUrl of the tenant |
+ MachineId of the machine connected to the nic. |
|||
| labels | -Labels | +nic | +SwitchNic | - | Labels on the tenant |
+ Nic the machine is connected to. |
| tenant | -Tenant | +desired | +SwitchPortStatus | +optional | +Desired is the desired port state. |
+ ||
| actual | +SwitchPortStatus | - | Tenant is the tenant |
+ Actual is the actual port state. |
| login | +id | string | - | Login of the tenant |
+ Id of the switch. |
+ ||
| meta | +Meta | ++ | Meta for this switch. |
+ ||||
| description | +string | ++ | Description of the switch. |
+ ||||
| rack | +string | +optional | +Rack ID if the switch resides in a rack. |
+ ||||
| partition | +string | ++ | Partition the switch belongs to. |
+ ||||
| replace_mode | +SwitchReplaceMode | ++ | ReplaceMode is used to mark a switch ready for replacement. |
+ ||||
| management_ip | +string | ++ | ManagementIp is the switch's IP for management access. |
+ ||||
| management_user | +string | +optional | +ManagementUser is the user name to use for management access. |
+ ||||
| console_command | +string | +optional | +ConsoleCommand is the command for accessing the switch's console. |
+ ||||
| nics | +SwitchNic | +repeated | +Nics are the front panel ports of the switch. |
+ ||||
| os | +SwitchOS | ++ | SwitchOs is the OS running on the switch. |
+ ||||
| machine_connections | +MachineConnection | +repeated | +MachineConnections map machines to the nics they are connected to. |
| tenant | -Tenant | +neighbor | +string | - | Tenant is the tenant |
+ Neighbor of this port. |
TenantServiceGetRequest is the request payload of the tenant get request
- - -| Field | Type | Label | Description | ||
| login | +peer_group | string | - | Login of the tenant |
+ PeerGroup of this port. |
TenantServiceGetResponse is the response payload of the tenant get request
- - -| Field | Type | Label | Description | ||||
| vrf_name | +string | ++ | VrfName of the VRF this port is bound to. |
+ ||||
| tenant | -Tenant | +bgp_state | +BGPState | - | Tenant is the tenant |
+ BgpState of the connection on this port. |
|
| tenant_members | -TenantMember | -repeated | -TenantMembers of this tenant |
+ bgp_timer_up_established | +google.protobuf.Timestamp | ++ | BgpTimerUpEstablished reports when this port's BGP connection was established. |
TenantServiceInviteAcceptRequest is the request payload to a accept invite request
- - -| Field | Type | Label | Description | ||||
| sent_prefix_counter | +uint64 | ++ | SentPrefixCounter counts the prefixes sent by the switch on this port. |
+ ||||
| secret | -string | +accepted_prefix_counter | +uint64 | - | Secret is the invitation secret part of the invitation url |
+ AcceptedPrefixCounter counts the prefixes received on this port. |
| tenant | +name | string | - | Tenant ID of the joined tenant |
+ Name of the switch port |
| tenant_name | +identifier | string | - | TenantName of the joined tenant |
+ Identifier of the port |
TenantServiceInviteDeleteRequest is the request payload to a delete invite
- - -| Field | Type | Label | Description | |||
| login | +mac | string | - | Login of the tenant |
+ MAC address of the port |
|
| secret | +vrf | string | -- | Secret of the invite to delete |
+ optional | +VRF name if the port is bound in one |
TenantServiceInviteDeleteResponse is the response payload of a delete invite request
- - - - - -TenantServiceInviteGetRequest is the request payload to get a invite
- - -| Field | Type | Label | Description | ||||
| state | +NicState | +optional | +NicState describes the current state of the switch port. |
+ ||||
| secret | -string | -- | Secret of the invite to get |
+ bgp_filter | +BGPFilter | +optional | +BGPFilter optionally configured on a port. |
+
| bgp_port_state | +SwitchBGPPortState | +optional | +BGPPortState represents the current BGP status of the port. |
| invite | -TenantInvite | +vendor | +SwitchOSVendor | - | Invite is the invite |
+ Vendor identifies what NOS distribution is running on the switch, e.g. SONiC. |
TenantServiceInviteRequest is used to invite a member to a tenant
- - -| Field | Type | Label | Description | ||||
| login | +version | string | - | Login of the tenant |
+ Version specifies what NOS version is currently installed on the switch. |
||
| role | -TenantRole | +metal_core_version | +string | - | Role of this user in this tenant |
+ MetalCoreVersion is the currently running version of the metal-core. |
| invite | -TenantInvite | -- | Invite contains a secret which can be sent to a potential user -can be appended to the invitation endpoint at our cloud console like -console.metalstack.cloud/invite/<secret> |
+ vendor | +SwitchOSVendor | +optional | +OsVendor of the switch OS by which to filter the switches. |
TenantServiceInvitesListRequest is the request payload to a list invites request
- - -| Field | Type | Label | Description | ||||
| login | +version | string | -- | Login of the tenant |
+ optional | +OsVersion of the OS by which to filter the switches. |
| invites | -TenantInvite | -repeated | -Invites not already accepted the invitation to this tenant |
+ id | +string | +optional | +Id of the switch to list. |
+
| partition | +string | +optional | +Partition of the switches to list. |
+ ||||
| rack | +string | +optional | +Rack of the switches to list. |
+ ||||
| os | +SwitchOSQuery | +optional | +Switch OS specific queries. |
| Name | Number | Description |
| BGP_STATE_UNSPECIFIED | +0 | +BGP_STATE_UNSPECIFIED is not specified. |
+
| BGP_STATE_IDLE | +1 | +BGP_STATE_IDLE is the Idle state of a BGP session. |
+
| BGP_STATE_CONNECT | +2 | +BGP_STATE_CONNECT is the Connect state of a BGP session. |
+
| BGP_STATE_ACTIVE | +3 | +BGP_STATE_ACTIVE is the Active state of a BGP session. |
+
| BGP_STATE_OPEN_SENT | +4 | +BGP_STATE_OPEN_SENT is the OpenSent state of a BGP session. |
+
| BGP_STATE_OPEN_CONFIRM | +5 | +BGP_STATE_OPEN_CONFIRM is the OpenConfirm state of a BGP session. |
+
| BGP_STATE_ESTABLISHED | +6 | +BGP_STATE_ESTABLISHED is the Established state of a BGP session. |
+
SwitchOSVendor represents a NOS distribution.
+| Name | Number | Description |
| SWITCH_OS_VENDOR_UNSPECIFIED | +0 | +SWITCH_OS_VENDOR_UNSPECIFIED is not specified. |
+
| SWITCH_OS_VENDOR_CUMULUS | +1 | +SWITCH_OS_VENDOR_CUMULUS means this switch is running on Cumulus Linux. |
+
| SWITCH_OS_VENDOR_SONIC | +2 | +SWITCH_OS_VENDOR_SONIC means this switch is running on SONiC NOS. |
+
SwitchPortStatus specifies the state of a switch port.
+| Name | Number | Description |
| SWITCH_PORT_STATUS_UNSPECIFIED | +0 | +SWITCH_PORT_STATUS_UNSPECIFIED is not specified. |
+
| SWITCH_PORT_STATUS_UP | +1 | +SWITCH_PORT_STATUS_UP means this port is up. |
+
| SWITCH_PORT_STATUS_DOWN | +2 | +SWITCH_PORT_STATUS_DOWN means this port is down. |
+
| SWITCH_PORT_STATUS_UNKNOWN | +3 | +SWITCH_PORT_STATUS_UNKNOWN means the status of this port is unknown. |
+
SwitchReplaceMode is used to mark a switch ready for replacement.
+| Name | Number | Description |
| SWITCH_REPLACE_MODE_UNSPECIFIED | +0 | +SWITCH_REPLACE_MODE_UNSPECIFIED is not specified. |
+
| SWITCH_REPLACE_MODE_REPLACE | +1 | +SWITCH_REPLACE_MODE_REPLACE means this switch is waiting to be replaced. |
+
| SWITCH_REPLACE_MODE_OPERATIONAL | +2 | +SWITCH_REPLACE_MODE_OPERATIONAL means this switch is operational and cannot be replaced. |
+
SwitchServiceDeleteRequest.
| login | +id | string | - | Login of the tenant |
+ Id of the switch. |
+ ||
| force | +bool | ++ | Force will allow switch deletion despite existing machine connections. |
| id | -string | -optional | -Id filters tenants by id |
- ||||
| name | -string | -optional | -Name filters tenants by name |
- ||||
| labels | -Labels | -optional | -Labels lists only projects containing the given labels |
+ switch | +metalstack.api.v2.Switch | ++ | Switch that has been deleted. |
| tenants | -Tenant | -repeated | -Tenants is the list of tenants |
+ id | +string | ++ | Id of the switch to get. |
| login | -string | -- | Login of the tenant |
- ||||
| member | -string | +switch | +metalstack.api.v2.Switch | - | Member is the id of the member to remove from this tenant |
+ Switch that was requested. |
| login | -string | -- | Login of the tenant |
- ||||
| member | -string | -- | Member is the id of the member to update in this tenant |
- ||||
| role | -TenantRole | +query | +metalstack.api.v2.SwitchQuery | - | Role of this user in this tenant |
+ Query to filter the results. |
| tenant_member | -TenantMember | -- | TenantMember is the updated membership |
+ switches | +metalstack.api.v2.Switch | +repeated | +Switches that match the request query. |
| login | +old_switch | string | - | Login of the tenant |
- |||
| update_meta | -UpdateMeta | -- | UpdateMeta contains the timestamp and strategy to be used in this update request |
- ||||
| name | -string | -optional | -Name of the tenant |
- ||||
| string | -optional | -Email of the tenant |
- |||||
| description | -string | -optional | -Description of this tenant |
+ OldSwitch which to migrate away from. |
|||
| avatar_url | +new_switch | string | -optional | -AvatarUrl of the tenant |
- |||
| labels | -UpdateLabels | -optional | -Labels on the tenant |
+ + | NewSwitch which to migrate to. |
| tenant | -Tenant | +switch | +metalstack.api.v2.Switch | - | Tenant is the tenant |
+ Switch that was migrated to. |
| Method Name | Request Type | Response Type | Description |
| Create | -TenantServiceCreateRequest | -TenantServiceCreateResponse | -Create a tenant |
-
| List | -TenantServiceListRequest | -TenantServiceListResponse | -List tenants |
-
| Get | -TenantServiceGetRequest | -TenantServiceGetResponse | -Get a tenant |
-
| Update | -TenantServiceUpdateRequest | -TenantServiceUpdateResponse | -Update a tenant |
-
| Delete | -TenantServiceDeleteRequest | -TenantServiceDeleteResponse | -Delete a tenant |
-
| Leave | -TenantServiceLeaveRequest | -TenantServiceLeaveResponse | -Leave remove a member of a tenant |
-
| RemoveMember | -TenantServiceRemoveMemberRequest | -TenantServiceRemoveMemberResponse | -RemoveMember remove a member of a tenant |
-
| UpdateMember | -TenantServiceUpdateMemberRequest | -TenantServiceUpdateMemberResponse | -UpdateMember update a member of a tenant |
-
| Invite | -TenantServiceInviteRequest | -TenantServiceInviteResponse | -Invite a user to a tenant |
-
| InviteAccept | -TenantServiceInviteAcceptRequest | -TenantServiceInviteAcceptResponse | -InviteAccept is called from a user to accept an invitation |
-
| InviteDelete | -TenantServiceInviteDeleteRequest | -TenantServiceInviteDeleteResponse | -InviteDelete deletes a pending invitation |
-
| InvitesList | -TenantServiceInvitesListRequest | -TenantServiceInvitesListResponse | -InvitesList list all invites to a tenant |
-
| InviteGet | -TenantServiceInviteGetRequest | -TenantServiceInviteGetResponse | -InviteGet get an invite |
-
TenantServiceCreateRequest is the request payload of the tenant create request
+SwitchServicePortRequest.
| name | +id | string | - | Name of this tenant |
- |||
| description | -string | -optional | -Description of this tenant |
- ||||
| string | -optional | -Email of the tenant, if not set will be inherited from the creator |
+ Id of the switch. |
||||
| avatar_url | +nic_name | string | -optional | -AvatarUrl of the tenant |
+ + | NicName of the port whose status should be changed. |
+ |
| status | +metalstack.api.v2.SwitchPortStatus | ++ | Status that the port should have. |
| tenant | -metalstack.api.v2.Tenant | +switch | +metalstack.api.v2.Switch | - | Tenant is the tenant |
+ Switch after the port status toggle.. |
| login | +id | +string | ++ | ID of the switch. |
+ |||
| update_meta | +metalstack.api.v2.UpdateMeta | ++ | UpdateMeta contains the timestamp and strategy to be used in this update request. |
+ ||||
| updated_at | +google.protobuf.Timestamp | ++ | UpdatedAt is the date when this entity was updated. +must be part of the update request to ensure optimistic locking. |
+ ||||
| description | string | optional | -Login of the tenant to list |
+ Description of the switch. |
|||
| name | +replace_mode | +metalstack.api.v2.SwitchReplaceMode | +optional | +Replace mode is used to mark a switch ready for replacement. |
+ |||
| management_ip | string | optional | -Name of the tenant to list |
+ Management IP is the switch's IP for management access. |
|||
| management_user | string | optional | -Email of the tenant to list |
+ Management user is the user name to use for management access. |
|||
| paging | -metalstack.api.v2.Paging | -- | Paging details for the list request |
+ console_command | +string | +optional | +Console command is the command for accessing the switch's console. |
+
| nics | +metalstack.api.v2.SwitchNic | +repeated | +Nics are the front panel ports of the switch. |
+ ||||
| os | +metalstack.api.v2.SwitchOS | +optional | +SwitchOs is the OS running on the switch. |
| tenants | -metalstack.api.v2.Tenant | -repeated | -Tenants are the list of tenants |
- ||||
| next_page | -uint64 | -optional | -NextPage is used for pagination, returns the next page to be fetched and must then be provided in the list request. |
+ switch | +metalstack.api.v2.Switch | ++ | Switch that was updated. |
| Method Name | Request Type | Response Type | Description | ||||
| Create | -TenantServiceCreateRequest | -TenantServiceCreateResponse | -Create a tenant |
+ Get | +SwitchServiceGetRequest | +SwitchServiceGetResponse | +Get a switch by ID. |
| List | -TenantServiceListRequest | -TenantServiceListResponse | -List all tenants |
+ SwitchServiceListRequest | +SwitchServiceListResponse | +List switches. |
+ |
| Update | +SwitchServiceUpdateRequest | +SwitchServiceUpdateResponse | +Update a switch. |
+ ||||
| Delete | +SwitchServiceDeleteRequest | +SwitchServiceDeleteResponse | +Delete a switch. |
+ ||||
| Migrate | +SwitchServiceMigrateRequest | +SwitchServiceMigrateResponse | +Migrate a switch. |
+ ||||
| Port | +SwitchServicePortRequest | +SwitchServicePortResponse | +Port set the port status of a switch port. |
| subject | +login | string | - | Subject maybe either the project or the tenant -for which the methods should be allowed - -asterisk (*) can be specified to match any subject -empty string ("") can be specified for requests that do not require a subject, e.g. partition list -otherwise either a projectid or a tenant login should be specified |
+ Login of the tenant |
||
| methods | +meta | +Meta | ++ | Meta for this tenant |
+ |||
| name | string | -repeated | -Methods which should be accessible |
+ + | Name of the tenant |
+ ||
| string | ++ | Email of the tenant |
+ |||||
| description | +string | ++ | Description of this tenant |
+ ||||
| avatar_url | +string | ++ | AvatarUrl of the tenant |
+ ||||
| created_by | +string | ++ | CreatedBy stores who created this tenant |
| uuid | -string | -- | Uuid of the jwt token, used to reference it by revoke |
- ||||
| user | +secret | string | - | User who created this token |
- |||
| meta | -Meta | -- | Meta for this token |
+ Secret is the secret part of the invite, typically part of the url |
|||
| description | +target_tenant | string | - | Description is a user given description of this token. |
- |||
| permissions | -MethodPermission | -repeated | -Permissions is a list of service methods this token can be used for |
+ TargetTenant is the tenant id for which this invite was created |
|||
| expires | -google.protobuf.Timestamp | +role | +TenantRole | - | Expires gives the date in the future after which this token can not be used anymore |
+ Role is the role in this tenant the user will get after accepting the invitation |
|
| issued_at | -google.protobuf.Timestamp | +joined | +bool | - | IssuedAt gives the date when this token was created |
+ Joined is false as long as a user has not accepted the invite |
|
| token_type | -TokenType | +target_tenant_name | +string | - | TokenType describes the type of this token |
+ TargetTenantName is the tenant name for which this invite was created |
|
| project_roles | -Token.ProjectRolesEntry | -repeated | -ProjectRoles associates a project id with the corresponding role of the token owner |
+ tenant | +string | ++ | Tenant is the login of tenant who invites to join this tenant |
| tenant_roles | -Token.TenantRolesEntry | -repeated | -TenantRoles associates a tenant id with the corresponding role of the token owner |
+ tenant_name | +string | ++ | TenantName is the name of tenant who invites to join this tenant |
| admin_role | -AdminRole | -optional | -AdminRole defines the admin role of the token owner |
+ expires_at | +google.protobuf.Timestamp | ++ | ExpiresAt the date when this invite expires |
| infra_role | -InfraRole | -optional | -InfraRole defines the infrastructure role of the token owner |
+ joined_at | +google.protobuf.Timestamp | ++ | JoinedAt the date when the member accepted this invite |
| key | +id | string | - |
|
+ Id is the user id of the member |
|
| value | -ProjectRole | +role | +TenantRole | - |
|
+ Role is the role of the member |
| Field | Type | Label | Description | ||||
| key | +projects | string | -- |
|
+ repeated | +Projects for the projects in which a user is a direct member |
|
| value | -TenantRole | +created_at | +google.protobuf.Timestamp | - |
|
+ CreatedAt the date when the member was added to the tenant |
| description | +name | string | - | Description of the token |
- |||
| permissions | -MethodPermission | -repeated | -Permissions is a list of service methods this token can be used for |
- ||||
| expires | -google.protobuf.Duration | -- | Expires gives the duration since now, after which this token can not be used anymore |
- ||||
| project_roles | -TokenServiceCreateRequest.ProjectRolesEntry | -repeated | -ProjectRoles associates a project id with the corresponding role of the token owner |
+ Name of this tenant |
|||
| tenant_roles | -TokenServiceCreateRequest.TenantRolesEntry | -repeated | -TenantRoles associates a tenant id with the corresponding role of the token owner |
+ description | +string | +optional | +Description of this tenant |
| admin_role | -AdminRole | +string | optional | -AdminRole defines the admin role of the token owner |
+ Email of the tenant, if not set will be inherited from the creator |
||
| infra_role | -InfraRole | +avatar_url | +string | optional | -InfraRole defines the infrastructure role of the token owner |
+ AvatarUrl of the tenant |
|
| labels | Labels | - | Labels on this token |
+ Labels on the tenant |
| key | -string | +tenant | +Tenant | - |
|
+ Tenant is the tenant |
TenantServiceDeleteRequest is the request payload of the tenant delete request
+ + +| Field | Type | Label | Description | ||||
| value | -ProjectRole | +login | +string | - |
|
+ Login of the tenant |
| key | -string | +tenant | +Tenant | - |
|
+ Tenant is the tenant |
TenantServiceGetRequest is the request payload of the tenant get request
+ + +| Field | Type | Label | Description | ||||
| value | -TenantRole | +login | +string | - |
|
+ Login of the tenant |
| token | -Token | +tenant | +Tenant | - | Token which was created |
+ Tenant is the tenant |
|
| secret | -string | -- | Secret is the body if the jwt token, should be used in api requests as bearer token |
+ tenant_members | +TenantMember | +repeated | +TenantMembers of this tenant |
| uuid | +secret | string | - | Uuid of the token to get |
+ Secret is the invitation secret part of the invitation url |
| token | -Token | +tenant | +string | - | Token is the token |
+ Tenant ID of the joined tenant |
+ |
| tenant_name | +string | ++ | TenantName of the joined tenant |
| tokens | -Token | -repeated | -Tokens is a list of tokens without the secrets |
+ login | +string | ++ | Login of the tenant |
+
| secret | +string | ++ | Secret of the invite to delete |
| token | -Token | -- | Token which was refreshed |
- ||||
| secret | string | - | Secret is the body if the jwt token, should be used in api requests as bearer token |
+ Secret of the invite to get |
| uuid | -string | +invite | +TenantInvite | - | Uuid of the token to revoke |
+ Invite is the invite |
| uuid | +login | string | - | Uuid of the token to update |
+ Login of the tenant |
| update_meta | -UpdateMeta | +role | +TenantRole | - | UpdateMeta contains the timestamp and strategy to be used in this update request -TokenUpdate is not guarded with optlock in the backend |
-
| description | -string | -optional | -Description is a user given description of this token. |
- ||
| permissions | -MethodPermission | -repeated | -Permissions is a list of service methods this token can be used for |
- ||
| project_roles | -TokenServiceUpdateRequest.ProjectRolesEntry | -repeated | -ProjectRoles associates a project id with the corresponding role of the token owner |
- ||
| tenant_roles | -TokenServiceUpdateRequest.TenantRolesEntry | -repeated | -TenantRoles associates a tenant id with the corresponding role of the token owner |
- ||
| admin_role | -AdminRole | -optional | -AdminRole defines the admin role of the token owner |
+ Role of this user in this tenant |
|
| infra_role | -InfraRole | -optional | -InfraRole defines the infrastructure role of the token owner |
-
TenantServiceInviteRequest is the response payload to a invite member request
+ + +| Field | Type | Label | Description | ||||
| labels | -UpdateLabels | +invite | +TenantInvite | - | Labels on this token |
+ Invite contains a secret which can be sent to a potential user +can be appended to the invitation endpoint at our cloud console like +console.metalstack.cloud/invite/<secret> |
| key | +login | string | - |
|
- |||
| value | -ProjectRole | -- |
|
+ Login of the tenant |
| key | -string | -- |
|
- ||||
| value | -TenantRole | -- |
|
+ invites | +TenantInvite | +repeated | +Invites not already accepted the invitation to this tenant |
| token | -Token | +login | +string | - | Token is the updated token |
+ Login of the tenant |
| Name | Number | Description |
| TOKEN_TYPE_UNSPECIFIED | -0 | -TOKEN_TYPE_UNSPECIFIED is not specified |
-
| TOKEN_TYPE_API | -1 | -TOKEN_TYPE_API is a token for api usage |
-
| TOKEN_TYPE_USER | -2 | -TOKEN_TYPE_USER is a token to access the api with cli, a web application or other user induced actions. |
-
TokenService serves token related functions
-| Method Name | Request Type | Response Type | Description |
| Get | -TokenServiceGetRequest | -TokenServiceGetResponse | -Get a token |
-
| Create | -TokenServiceCreateRequest | -TokenServiceCreateResponse | -Create a token to authenticate against the platform, the secret will be only visible in the response. |
-
| Update | -TokenServiceUpdateRequest | -TokenServiceUpdateResponse | -Update a token |
-
| List | -TokenServiceListRequest | -TokenServiceListResponse | -List all your tokens |
-
| Revoke | -TokenServiceRevokeRequest | -TokenServiceRevokeResponse | -Revoke a token, no further usage is possible afterwards |
-
| Refresh | -TokenServiceRefreshRequest | -TokenServiceRefreshResponse | -Refresh a token, this will create a new token with the exact same permissions as the calling token contains |
-
TenantServiceLeaveTenantResponse is the response payload to a leave tenant request
- - -TokenServiceCreateRequest is the request payload to create a token
+TenantServiceListRequest is the request payload of the tenant list request
| user | +id | string | optional | -User this token should be created for, if omitted, user is derived from caller |
+ Id filters tenants by id |
||
| token_create_request | -metalstack.api.v2.TokenServiceCreateRequest | -- | TokenCreateRequest which should be created |
+ name | +string | +optional | +Name filters tenants by name |
+
| labels | +Labels | +optional | +Labels lists only projects containing the given labels |
| token | -metalstack.api.v2.Token | +tenants | +Tenant | +repeated | +Tenants is the list of tenants |
+
TenantServiceRemoveMemberRequest is used to remove a member from a tenant
+ + +| Field | Type | Label | Description | ||||
| login | +string | - | Token which was created |
+ Login of the tenant |
|||
| secret | +member | string | - | Secret is the body if the jwt token, should be used in api requests as bearer token |
+ Member is the id of the member to remove from this tenant |
| user | +login | string | -optional | -User is the id of the user for which the tokens should be listed |
+ + | Login of the tenant |
+ |
| member | +string | ++ | Member is the id of the member to update in this tenant |
+ ||||
| role | +TenantRole | ++ | Role of this user in this tenant |
| tokens | -metalstack.api.v2.Token | -repeated | -Tokens is the list of tokens |
+ tenant_member | +TenantMember | ++ | TenantMember is the updated membership |
| uuid | +login | string | - | Uuid is the uuid of the token which should be revoked |
+ Login of the tenant |
||
| user | -string | +update_meta | +UpdateMeta | - | User is the id of the user for which the token should be revoked |
+ UpdateMeta contains the timestamp and strategy to be used in this update request |
+ |
| name | +string | +optional | +Name of the tenant |
+ ||||
| string | +optional | +Email of the tenant |
+ |||||
| description | +string | +optional | +Description of this tenant |
+ ||||
| avatar_url | +string | +optional | +AvatarUrl of the tenant |
+ ||||
| labels | +UpdateLabels | +optional | +Labels on the tenant |
| Field | Type | Label | Description |
| tenant | +Tenant | ++ | Tenant is the tenant |
+
TokenService serves token related functions
+TenantService serves tenant related functions
| Method Name | Request Type | Response Type | Description | ||||
| Create | +TenantServiceCreateRequest | +TenantServiceCreateResponse | +Create a tenant |
+ ||||
| List | -TokenServiceListRequest | -TokenServiceListResponse | -List tokens |
+ TenantServiceListRequest | +TenantServiceListResponse | +List tenants |
+ |
| Get | +TenantServiceGetRequest | +TenantServiceGetResponse | +Get a tenant |
+ ||||
| Update | +TenantServiceUpdateRequest | +TenantServiceUpdateResponse | +Update a tenant |
+ ||||
| Delete | +TenantServiceDeleteRequest | +TenantServiceDeleteResponse | +Delete a tenant |
+ ||||
| Leave | +TenantServiceLeaveRequest | +TenantServiceLeaveResponse | +Leave remove a member of a tenant |
+ ||||
| RemoveMember | +TenantServiceRemoveMemberRequest | +TenantServiceRemoveMemberResponse | +RemoveMember remove a member of a tenant |
+ ||||
| UpdateMember | +TenantServiceUpdateMemberRequest | +TenantServiceUpdateMemberResponse | +UpdateMember update a member of a tenant |
+ ||||
| Invite | +TenantServiceInviteRequest | +TenantServiceInviteResponse | +Invite a user to a tenant |
+ ||||
| InviteAccept | +TenantServiceInviteAcceptRequest | +TenantServiceInviteAcceptResponse | +InviteAccept is called from a user to accept an invitation |
||||
| Revoke | -TokenServiceRevokeRequest | -TokenServiceRevokeResponse | -Revoke a token |
+ InviteDelete | +TenantServiceInviteDeleteRequest | +TenantServiceInviteDeleteResponse | +InviteDelete deletes a pending invitation |
| Create | -TokenServiceCreateRequest | -TokenServiceCreateResponse | -Create a token to authenticate against the platform, the secret will be only visible in the response. -This service is suitable to create tokens for other users instead of deriving users from tokens directly. |
+ InvitesList | +TenantServiceInvitesListRequest | +TenantServiceInvitesListResponse | +InvitesList list all invites to a tenant |
+
| InviteGet | +TenantServiceInviteGetRequest | +TenantServiceInviteGetResponse | +InviteGet get an invite |
| services | -HealthStatus | -repeated | -Services the health of all individual services |
+ name | +string | ++ | Name of this tenant |
+
| description | +string | +optional | +Description of this tenant |
+ ||||
| string | +optional | +Email of the tenant, if not set will be inherited from the creator |
+ |||||
| avatar_url | +string | +optional | +AvatarUrl of the tenant |
| health | -Health | +tenant | +metalstack.api.v2.Tenant | - | Health is the overall health of the system |
+ Tenant is the tenant |
| name | -Service | -- | Name the name of the service |
- ||||
| status | -ServiceStatus | -- | Status the status of this service |
- ||||
| message | +login | string | -- | Message describes the reason for the unhealthy status if possible |
+ optional | +Login of the tenant to list |
|
| partitions | -HealthStatus.PartitionsEntry | -repeated | -Partitions describes the health of the service by partition |
+ name | +string | +optional | +Name of the tenant to list |
| Field | Type | Label | Description | ||||
| key | +string | -- |
|
+ optional | +Email of the tenant to list |
||
| value | -PartitionHealth | +paging | +metalstack.api.v2.Paging | - |
|
+ Paging details for the list request |
| status | -ServiceStatus | -- | Status the health status of the service in this partition |
+ tenants | +metalstack.api.v2.Tenant | +repeated | +Tenants are the list of tenants |
| message | -string | -- | Message describes the reason for the unhealthy status if possible |
+ next_page | +uint64 | +optional | +NextPage is used for pagination, returns the next page to be fetched and must then be provided in the list request. |
| Name | Number | Description |
| SERVICE_UNSPECIFIED | -0 | -SERVICE_UNSPECIFIED is a unknown service |
-
| SERVICE_IPAM | -1 | -SERVICE_IPAM the ipam service |
-
| SERVICE_RETHINK | -2 | -SERVICE_RETHINK the rethinkdb |
-
| SERVICE_MASTERDATA | -3 | -SERVICE_MASTERDATA the masterdata-api |
-
| SERVICE_MACHINES | -4 | -SERVICE_MACHINES the machine service |
-
| SERVICE_AUDIT | -5 | -SERVICE_AUDIT the auditing |
-
| SERVICE_VPN | -6 | -SERVICE_VPN the vpn service |
-
ServiceStatus defines the status of a service
-| Name | Number | Description |
| SERVICE_STATUS_UNSPECIFIED | -0 | -SERVICE_STATUS_UNSPECIFIED service status is not known or unspecified |
-
| SERVICE_STATUS_DEGRADED | -1 | -SERVICE_STATUS_DEGRADED the service is in degraded status, not the whole functionality is available |
-
| SERVICE_STATUS_UNHEALTHY | -2 | -SERVICE_STATUS_UNHEALTHY the service is in unhealthy status, serious impact is expected |
-
| SERVICE_STATUS_HEALTHY | -3 | -SERVICE_STATUS_HEALTHY the service is in healthy status e.g. fully functional |
-
HealthService serves health related functions
+TenantService serves tenant related functions
| Method Name | Request Type | Response Type | Description | ||||
| Get | -HealthServiceGetRequest | -HealthServiceGetResponse | -Get the health of the platform |
+ Create | +TenantServiceCreateRequest | +TenantServiceCreateResponse | +Create a tenant |
+
| List | +TenantServiceListRequest | +TenantServiceListResponse | +List all tenants |
| subject | +string | ++ | Subject maybe either the project or the tenant +for which the methods should be allowed + +asterisk (*) can be specified to match any subject +empty string ("") can be specified for requests that do not require a subject, e.g. partition list +otherwise either a projectid or a tenant login should be specified |
+ ||||
| methods | string | repeated | -Methods is a list of methods public callable |
+ Methods which should be accessible |
| uuid | +string | ++ | Uuid of the jwt token, used to reference it by revoke |
+ ||||
| user | +string | ++ | User who created this token |
+ ||||
| meta | +Meta | ++ | Meta for this token |
+ ||||
| description | +string | ++ | Description is a user given description of this token. |
+ ||||
| permissions | MethodPermission | repeated | -Permissions a list of methods which can be called |
+ Permissions is a list of service methods this token can be used for |
+ |||
| expires | +google.protobuf.Timestamp | ++ | Expires gives the date in the future after which this token can not be used anymore |
+ ||||
| issued_at | +google.protobuf.Timestamp | ++ | IssuedAt gives the date when this token was created |
+ ||||
| token_type | +TokenType | ++ | TokenType describes the type of this token |
||||
| project_roles | -MethodServiceTokenScopedListResponse.ProjectRolesEntry | +Token.ProjectRolesEntry | repeated | ProjectRoles associates a project id with the corresponding role of the token owner |
|||
| tenant_roles | -MethodServiceTokenScopedListResponse.TenantRolesEntry | +Token.TenantRolesEntry | repeated | TenantRoles associates a tenant id with the corresponding role of the token owner |
| Method Name | Request Type | Response Type | Description |
| List | -MethodServiceListRequest | -MethodServiceListResponse | -List all public visible methods |
-
| TokenScopedList | -MethodServiceTokenScopedListRequest | -MethodServiceTokenScopedListResponse | -TokenScopedList all methods callable with the token present in the request |
-
Project defines a group of resources belonging to a tenant
a tenant can have multiple projects
+TokenServiceCreateRequest is the request payload to create a token
| uuid | +description | string | - | Uuid of this project |
+ Description of the token |
||
| meta | -Meta | -- | Meta for this project |
+ permissions | +MethodPermission | +repeated | +Permissions is a list of service methods this token can be used for |
| name | -string | +expires | +google.protobuf.Duration | - | Name of this project must be unique per tenant |
+ Expires gives the duration since now, after which this token can not be used anymore |
|
| description | -string | -- | Description of this project |
+ project_roles | +TokenServiceCreateRequest.ProjectRolesEntry | +repeated | +ProjectRoles associates a project id with the corresponding role of the token owner |
| tenant | -string | -- | Tenant this project belongs to |
+ tenant_roles | +TokenServiceCreateRequest.TenantRolesEntry | +repeated | +TenantRoles associates a tenant id with the corresponding role of the token owner |
| avatar_url | -string | +admin_role | +AdminRole | optional | -AvatarUrl of the Project |
+ AdminRole defines the admin role of the token owner |
+ |
| infra_role | +InfraRole | +optional | +InfraRole defines the infrastructure role of the token owner |
+ ||||
| labels | +Labels | ++ | Labels on this token |
| secret | -string | -- | Secret is the secret part of the invite, typically part of the url |
- ||||
| project | -string | -- | Project is the project id for which this invite was created |
- ||||
| role | -ProjectRole | -- | Role is the role in this project the user will get after accepting the invitation |
- ||||
| joined | -bool | -- | Joined is false as long as a user has not accepted the invite |
- ||||
| project_name | -string | -- | ProjectName is the project name for which this invite was created |
- ||||
| tenant | -string | -- | Tenant is the login of tenant who invites to join this project |
- ||||
| tenant_name | -string | -- | TenantName is the name of tenant who invites to join this project |
- ||||
| expires_at | -google.protobuf.Timestamp | +key | +string | - | ExpiresAt the date when this invite expires |
+
|
|
| joined_at | -google.protobuf.Timestamp | +value | +ProjectRole | - | JoinedAt the date when the member accepted this invite |
+
|
| id | +key | string | - | Id is the user id of the member |
+
|
|
| role | -ProjectRole | +value | +TenantRole | - | Role is the role of the member |
+
|
TokenServiceCreateResponse is the response payload of a token create request
+ + +| Field | Type | Label | Description | ||||
| inherited_membership | -bool | +token | +Token | - | InheritedMembership indicates that this member has implicit permissions on the project through his membership within the tenant. -This member does not have direct project membership but gains permissions on this project from the role he has in the tenant. -Inherited memberships are not included in member lists for users with guest permission but only for direct tenant members. |
+ Token which was created |
|
| created_at | -google.protobuf.Timestamp | +secret | +string | - | CreatedAt the date when the member was added to the project |
+ Secret is the body if the jwt token, should be used in api requests as bearer token |
| login | +uuid | string | - | Login is the tenant of this project -TODO: is login really a good name? |
+ Uuid of the token to get |
| name | -string | -- | Name of this project, unique per tenant |
-
TokenServiceGetResponse is the response payload of a token get request
+ + +| Field | Type | Label | Description | |||
| description | -string | +token | +Token | - | Description of this project |
+ Token is the token |
| avatar_url | -string | -optional | -Avatar URL of the project |
-
TokenServiceListRequest is the request payload to list tokens
+ + + + + +TokenServiceListResponse is the response payload of a token list request
+ + +| Field | Type | Label | Description | ||||
| labels | -Labels | -- | Labels on the project |
+ tokens | +Token | +repeated | +Tokens is a list of tokens without the secrets |
| project | -Project | +token | +Token | - | Project is the project |
+ Token which was refreshed |
+ |
| secret | +string | ++ | Secret is the body if the jwt token, should be used in api requests as bearer token |
| project | +uuid | string | - | Project is the uuid of the project to get |
+ Uuid of the token to revoke |
| project | -Project | +uuid | +string | - | Project is the project |
+ Uuid of the token to update |
+ |
| update_meta | +UpdateMeta | ++ | UpdateMeta contains the timestamp and strategy to be used in this update request +TokenUpdate is not guarded with optlock in the backend |
+ ||||
| description | +string | +optional | +Description is a user given description of this token. |
+ ||||
| permissions | +MethodPermission | +repeated | +Permissions is a list of service methods this token can be used for |
+ ||||
| project_roles | +TokenServiceUpdateRequest.ProjectRolesEntry | +repeated | +ProjectRoles associates a project id with the corresponding role of the token owner |
+ ||||
| tenant_roles | +TokenServiceUpdateRequest.TenantRolesEntry | +repeated | +TenantRoles associates a tenant id with the corresponding role of the token owner |
+ ||||
| admin_role | +AdminRole | +optional | +AdminRole defines the admin role of the token owner |
+ ||||
| infra_role | +InfraRole | +optional | +InfraRole defines the infrastructure role of the token owner |
+ ||||
| labels | +UpdateLabels | ++ | Labels on this token |
| project | +key | string | - | Project is the uuid of the project to get |
+
|
+ ||
| value | +ProjectRole | ++ |
|
| project | -Project | +key | +string | - | Project is the project |
+
|
|
| project_members | -ProjectMember | -repeated | -ProjectMembers in this project, projects guests will only see direct project members and not implicit memberships from tenant permissions |
+ value | +TenantRole | ++ |
|
| secret | -string | +token | +Token | - | Secret is the invitation secret part of the invitation url |
+ Token is the updated token |
| Name | Number | Description |
| TOKEN_TYPE_UNSPECIFIED | +0 | +TOKEN_TYPE_UNSPECIFIED is not specified |
+
| TOKEN_TYPE_API | +1 | +TOKEN_TYPE_API is a token for api usage |
+
| TOKEN_TYPE_USER | +2 | +TOKEN_TYPE_USER is a token to access the api with cli, a web application or other user induced actions. |
+
TokenService serves token related functions
+| Method Name | Request Type | Response Type | Description |
| Get | +TokenServiceGetRequest | +TokenServiceGetResponse | +Get a token |
+
| Create | +TokenServiceCreateRequest | +TokenServiceCreateResponse | +Create a token to authenticate against the platform, the secret will be only visible in the response. |
+
| Update | +TokenServiceUpdateRequest | +TokenServiceUpdateResponse | +Update a token |
+
| List | +TokenServiceListRequest | +TokenServiceListResponse | +List all your tokens |
+
| Revoke | +TokenServiceRevokeRequest | +TokenServiceRevokeResponse | +Revoke a token, no further usage is possible afterwards |
+
| Refresh | +TokenServiceRefreshRequest | +TokenServiceRefreshResponse | +Refresh a token, this will create a new token with the exact same permissions as the calling token contains |
+
TokenServiceCreateRequest is the request payload to create a token
| project | +user | string | -- | Project ID of the project joined |
+ optional | +User this token should be created for, if omitted, user is derived from caller |
|
| project_name | -string | +token_create_request | +metalstack.api.v2.TokenServiceCreateRequest | - | ProjectName if the project joined |
+ TokenCreateRequest which should be created |
| project | -string | +token | +metalstack.api.v2.Token | - | Project is the uuid of the project |
+ Token which was created |
|
| secret | string | - | Secret of the invite to delete |
+ Secret is the body if the jwt token, should be used in api requests as bearer token |
| Field | Type | Label | Description |
| user | +string | +optional | +User is the id of the user for which the tokens should be listed |
+
ProjectServiceInviteGetRequest is the request payload to get a invite
+TokenServiceListResponse is the response payload for the token list request
| secret | -string | -- | Secret of the invite to list |
+ tokens | +metalstack.api.v2.Token | +repeated | +Tokens is the list of tokens |
| invite | -ProjectInvite | +uuid | +string | - | Invite is the invite |
+ Uuid is the uuid of the token which should be revoked |
+ |
| user | +string | ++ | User is the id of the user for which the token should be revoked |
| Method Name | Request Type | Response Type | Description |
| List | +TokenServiceListRequest | +TokenServiceListResponse | +List tokens |
+
| Revoke | +TokenServiceRevokeRequest | +TokenServiceRevokeResponse | +Revoke a token |
+
| Create | +TokenServiceCreateRequest | +TokenServiceCreateResponse | +Create a token to authenticate against the platform, the secret will be only visible in the response. +This service is suitable to create tokens for other users instead of deriving users from tokens directly. |
+
Health reports the health status of all services
| project | -string | -- | Project is the uuid of the project |
- ||||
| role | -ProjectRole | -- | Role of this user in this project |
+ services | +HealthStatus | +repeated | +Services the health of all individual services |
| Field | Type | Label | Description |
| invite | -ProjectInvite | -- | Inviter contains a secret which can be sent to a potential user -can be appended to the invitation endpoint at our cloud console like -console.metalstack.cloud/invite/<secret> |
-
ProjectServiceInvitesListRequest is the request payload to a list invites request
+HealthServiceGetRequest is the response payload with the health of the system
| project | -string | +health | +Health | - | Project is the uuid of the project |
+ Health is the overall health of the system |
| invites | -ProjectInvite | +name | +Service | ++ | Name the name of the service |
+ ||
| status | +ServiceStatus | ++ | Status the status of this service |
+ ||||
| message | +string | ++ | Message describes the reason for the unhealthy status if possible |
+ ||||
| partitions | +HealthStatus.PartitionsEntry | repeated | -Invites not already accepted the invitation to this project |
+ Partitions describes the health of the service by partition |
| project | +key | string | - | Project is the uuid of the project |
+
|
+ ||
| value | +PartitionHealth | ++ |
|
| id | -string | -optional | -Id lists only projects with this id |
- ||||
| name | -string | -optional | -Name lists only projects with this name |
+ status | +ServiceStatus | ++ | Status the health status of the service in this partition |
| tenant | +message | string | -optional | -Tenant lists only projects of this tenant |
- |||
| labels | -Labels | -optional | -Labels lists only projects containing the given labels |
+ + | Message describes the reason for the unhealthy status if possible |
| Name | Number | Description |
| SERVICE_UNSPECIFIED | +0 | +SERVICE_UNSPECIFIED is a unknown service |
+
| SERVICE_IPAM | +1 | +SERVICE_IPAM the ipam service |
+
| SERVICE_RETHINK | +2 | +SERVICE_RETHINK the rethinkdb |
+
| SERVICE_MASTERDATA | +3 | +SERVICE_MASTERDATA the masterdata-api |
+
| SERVICE_MACHINES | +4 | +SERVICE_MACHINES the machine service |
+
| SERVICE_AUDIT | +5 | +SERVICE_AUDIT the auditing |
+
| SERVICE_VPN | +6 | +SERVICE_VPN the vpn service |
+
ServiceStatus defines the status of a service
+| Name | Number | Description |
| SERVICE_STATUS_UNSPECIFIED | +0 | +SERVICE_STATUS_UNSPECIFIED service status is not known or unspecified |
+
| SERVICE_STATUS_DEGRADED | +1 | +SERVICE_STATUS_DEGRADED the service is in degraded status, not the whole functionality is available |
+
| SERVICE_STATUS_UNHEALTHY | +2 | +SERVICE_STATUS_UNHEALTHY the service is in unhealthy status, serious impact is expected |
+
| SERVICE_STATUS_HEALTHY | +3 | +SERVICE_STATUS_HEALTHY the service is in healthy status e.g. fully functional |
+
HealthService serves health related functions
+| Method Name | Request Type | Response Type | Description |
| Get | +HealthServiceGetRequest | +HealthServiceGetResponse | +Get the health of the platform |
+
ProjectServiceListResponse is the response payload to list all projects
+MethodServiceListRequest is the request payload to list all public methods
-| Field | Type | Label | Description |
| projects | -Project | -repeated | -Projects is a list of all your projects |
-
ProjectServiceRemoveMemberRequest is used to remove a member from a project
+MethodServiceListResponse is the response payload with all public visible methods
| project | -string | -- | Project is the uuid of the project |
- ||||
| member | +methods | string | -- | Member is the id of the member to remove from this project |
+ repeated | +Methods is a list of methods public callable |
| project | -string | -- | Project is the uuid of the project |
+ permissions | +MethodPermission | +repeated | +Permissions a list of methods which can be called |
| member | -string | -- | Member is the id of the member to remove from this project |
+ project_roles | +MethodServiceTokenScopedListResponse.ProjectRolesEntry | +repeated | +ProjectRoles associates a project id with the corresponding role of the token owner |
| role | -ProjectRole | -- | Role is the role in this project the user will get after the update |
+ tenant_roles | +MethodServiceTokenScopedListResponse.TenantRolesEntry | +repeated | +TenantRoles associates a tenant id with the corresponding role of the token owner |
ProjectServiceUpdateMemberResponse is the response payload to a update member request
- - -| Field | Type | Label | Description | ||||
| admin_role | +AdminRole | +optional | +AdminRole defines the admin role of the token owner |
+ ||||
| project_member | -ProjectMember | -- | ProjectMember is the updated project member |
+ infra_role | +InfraRole | +optional | +InfraRole defines the infrastructure role of the token owner |
| project | +key | string | - | Project is the uuid of the project to get |
+
|
||
| update_meta | -UpdateMeta | +value | +ProjectRole | - | UpdateMeta contains the timestamp and strategy to be used in this update request |
- ||
| name | -string | -optional | -Name of this project unique per tenant |
- ||||
| description | -string | -optional | -Description of this project |
- ||||
| avatar_url | -string | -optional | -Avatar URL of the project |
- ||||
| labels | -UpdateLabels | -optional | -Labels on this project |
+
|
| project | -Project | +key | +string | - | Project is the project |
+
|
+ |
| value | +TenantRole | ++ |
|
| Method Name | Request Type | Response Type | Description | ||||
| List | -ProjectServiceListRequest | -ProjectServiceListResponse | -List all accessible projects |
- ||||
| Get | -ProjectServiceGetRequest | -ProjectServiceGetResponse | -Get a project |
- ||||
| Create | -ProjectServiceCreateRequest | -ProjectServiceCreateResponse | -Create a project |
- ||||
| Delete | -ProjectServiceDeleteRequest | -ProjectServiceDeleteResponse | -Delete a project |
- ||||
| Update | -ProjectServiceUpdateRequest | -ProjectServiceUpdateResponse | -Update a project |
- ||||
| Leave | -ProjectServiceLeaveRequest | -ProjectServiceLeaveResponse | -Leave project |
- ||||
| RemoveMember | -ProjectServiceRemoveMemberRequest | -ProjectServiceRemoveMemberResponse | -RemoveMember remove a user from a project |
- ||||
| UpdateMember | -ProjectServiceUpdateMemberRequest | -ProjectServiceUpdateMemberResponse | -UpdateMember update a user for a project |
- ||||
| Invite | -ProjectServiceInviteRequest | -ProjectServiceInviteResponse | -Invite a user to a project |
- ||||
| InviteAccept | -ProjectServiceInviteAcceptRequest | -ProjectServiceInviteAcceptResponse | -InviteAccept is called from a user to accept a invitation |
- ||||
| InviteDelete | -ProjectServiceInviteDeleteRequest | -ProjectServiceInviteDeleteResponse | -InviteDelete deletes a pending invitation |
- ||||
| InvitesList | -ProjectServiceInvitesListRequest | -ProjectServiceInvitesListResponse | -InvitesList list all invites to a project |
+ MethodServiceListRequest | +MethodServiceListResponse | +List all public visible methods |
|
| InviteGet | -ProjectServiceInviteGetRequest | -ProjectServiceInviteGetResponse | -InviteGet get an invite |
+ TokenScopedList | +MethodServiceTokenScopedListRequest | +MethodServiceTokenScopedListResponse | +TokenScopedList all methods callable with the token present in the request |