Will retrieve the cloud IAM objects required and a sample CloudAccessConfig for the given input
Will retrieve the cloud IAM objects required and a sample CloudAccessConfig for the given input
- application/json
Request Body required
property name*string
roleNameOverrides object required
RoleNameOverrides is a list of custom names to use for cloud IAM objects For AWS, must start with wf- at this time
Responses
- 200
- 400
- 401
- 403
- 500
IAM and sample CloudAccessConfig
- application/json
- Schema
- Example (from schema)
Schema
property name*stringproperty name*string
cloudAccessConfig
CloudAccessConfig is the cloud access config with updates for roles required for the features requested
metadata
ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.
annotations object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
labels object
Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
managedFields undefined[]
ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object.
ownerReferences undefined[]
List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.
spec
CloudAccessConfigSpec defines the specification of an account known to wayfinder
identityCred
IdentityCred is a reference to the credential for Wayfinder to identify itself to this cloud provider when using this configuration.
Will be populated by Wayfinder with the default identity cred for this cloud if unspecified on entry.
roles undefined[]
Roles defines the possible ways in which Wayfinder can use this cloud, along with details of how Wayfinder should identify itself (or provider-specific roles that need to be assumed) to use this account in the specified way. The set of roles required for a cloud is defined by the enabled features.
status
CloudAccessConfigStatus defines the status of a cloud access configuration
conditions undefined[]
features object
Features describes the status of any features specified on this cloud access config.
lastReconcile
lastSuccess
obsoleteResources undefined[]
providerStatus
ProviderStatus can be populated with provider-specific status information, particularly relevant on accounts of type managed.
awsAccount
AWSAccount holds status specific to AWS accounts.
roles object
Roles provides the status of each underlying required role. The keys of the map are the role names.
iam
IAM represents the IAM objects required to provide access for Wayfinder roles
aws
AWSIAM is a collection of AWS roles and policies
iam undefined[]
policies undefined[]
role
rolePolicyAttachments undefined[]
azure
AzureIAM is a collection of Azure role definitions and role assignments
iam undefined[]
managedIdentity
roleDefinition
servicePrincipal
application
gcp
GCPIAM is a collection of GCP roles
iam undefined[]
bindings
binding undefined[]
orgBindings
binding undefined[]
projectBindings
binding undefined[]
serviceAccount
{
"cloudAccessConfig": {
"apiVersion": "string",
"kind": "string",
"metadata": {
"annotations": {},
"clusterName": "string",
"creationTimestamp": "string",
"deletionGracePeriodSeconds": 0,
"deletionTimestamp": "string",
"finalizers": [
"string"
],
"generateName": "string",
"generation": 0,
"labels": {},
"managedFields": [
{
"apiVersion": "string",
"fieldsType": "string",
"fieldsV1": "string",
"manager": "string",
"operation": "string",
"subresource": "string",
"time": "string"
}
],
"name": "string",
"namespace": "string",
"ownerReferences": [
{
"apiVersion": "string",
"blockOwnerDeletion": true,
"controller": true,
"kind": "string",
"name": "string",
"uid": "string"
}
],
"resourceVersion": "string",
"selfLink": "string",
"uid": "string"
},
"spec": {
"cloud": "string",
"defaultRegion": "string",
"description": "string",
"features": [
"string"
],
"identifier": "string",
"identityCred": {
"name": "string",
"namespace": "string"
},
"name": "string",
"orgIdentifier": "string",
"roles": [
{
"assumeProviderRole": "string",
"cloudResourceName": "string",
"deployedResourceHash": "string",
"role": "string"
}
],
"stage": "string"
},
"status": {
"cloudResourcesCreated": true,
"conditions": [
{
"detail": "string",
"lastTransitionTime": "string",
"message": "string",
"name": "string",
"negativePolarity": true,
"observedGeneration": 0,
"reason": "string",
"status": "string",
"type": "string"
}
],
"detail": "string",
"features": {},
"lastReconcile": {
"generation": 0,
"time": "string"
},
"lastSuccess": {
"generation": 0,
"time": "string"
},
"message": "string",
"obsoleteResources": [
{
"kind": "string",
"name": "string"
}
],
"providerStatus": {
"awsAccount": {
"serviceCatalogProvisioningID": "string"
},
"type": "string"
},
"roles": {},
"status": "string",
"wayfinderVersion": "string"
}
},
"iam": {
"aws": {
"accountID": "string",
"features": [
"string"
],
"iam": [
{
"policies": [
{
"description": "string",
"path": "string",
"policyDocument": "string",
"policyName": "string"
}
],
"role": {
"assumeRolePolicyDocument": "string",
"description": "string",
"path": "string",
"roleName": "string"
},
"rolePolicyAttachments": [
{
"policyArn": "string",
"roleName": "string"
}
],
"wayfinderRoleName": "string"
}
]
},
"azure": {
"features": [
"string"
],
"iam": [
{
"managedIdentity": {
"identityName": "string"
},
"roleDefinition": {
"assignableScopes": [
"string"
],
"description": "string",
"permissions": "string",
"roleName": "string"
},
"servicePrincipal": {
"application": {
"displayName": "string",
"tenantID": "string"
},
"name": "string"
},
"wayfinderRoleName": "string"
}
],
"subscriptionID": "string"
},
"features": [
"string"
],
"gcp": {
"features": [
"string"
],
"iam": [
{
"bindings": {
"binding": [
{
"members": [
"string"
],
"role": "string"
}
],
"displayName": "string"
},
"orgBindings": {
"binding": [
{
"members": [
"string"
],
"role": "string"
}
],
"orgID": "string"
},
"projectBindings": {
"binding": [
{
"members": [
"string"
],
"role": "string"
}
],
"projectID": "string"
},
"serviceAccount": {
"displayName": "string",
"email": "string"
},
"wayfinderRoleName": "string"
}
],
"projectID": "string"
},
"name": "string",
"provider": "string"
}
}
Validation error of supplied parameters/body
- application/json
- Schema
- Example (from schema)
Schema
fieldErrors undefined[]
{
"code": 0,
"fieldErrors": [
{
"errCode": "string",
"field": "string",
"message": "string"
}
],
"message": "string"
}
If not authenticated
If authenticated but not authorized
A generic API error containing the cause of the error
- application/json
- Schema
- Example (from schema)
Schema
{
"code": 0,
"detail": "string",
"message": "string",
"uri": "string",
"verb": "string"
}