{ "openapi": "3.0.0", "info": { "version": "1.0.0", "title": "Trustgrid Management API", "license": { "name": "unlicensed", "url": "https://trustgrid.io" }, "description": "The Trustgrid Management API provides programmatic access to manage the Trustgrid\nnetwork infrastructure platform. Trustgrid connects distributed nodes (appliances and\nagents) into secure overlay networks with centralized management.\n\n## Key Concepts\n\n- **Nodes**: The core compute units — either `Node` (physical/VM appliance) or `Agent`\n (lightweight software agent on a device). Identified by UUID (`uid`) and FQDN.\n- **Clusters**: High-availability groups of nodes sharing configuration.\n- **Domains**: Logical groupings of nodes within an organization.\n- **Virtual Networks**: Layer-3 overlay networks (`DomainNetwork`) created within a domain,\n enabling zero-trust connectivity between nodes. Each network has access policies,\n DNS config, routes, and port forwarding rules.\n- **Tags**: Key-value metadata attached to nodes and clusters for grouping and permissions.\n- **Shadow**: Each node has an AWS IoT Device Shadow with `desired` (target config) and\n `reported` (current state) halves. The `reported` shadow contains telemetry using\n dot-notation keys (e.g. `nic.eth0.mtu`, `node-core.version`).\n\n## Authentication\n\nAll API requests require a JWT Bearer token in the `Authorization` header:\n```\nAuthorization: Bearer \n```\nTokens are obtained via the Trustgrid portal or programmatically via service user\ncredentials. See [API Access docs](https://docs.trustgrid.io/docs/user-management/api-access/).\n\n## Permissions\n\nMost endpoints require specific permissions (noted in each endpoint's description).\nPermissions follow the pattern `resource::action` (e.g. `nodes::read`, `virtual-networks::modify`).\n" }, "tags": [ { "name": "Alert", "description": "Security and operational events broadcast when significant node or system activity occurs (connects/disconnects, certificate warnings, order updates). Required permissions vary by endpoint; see each operation description for the specific permission needed.\n" }, { "name": "Audit", "description": "Immutable logs for compliance and troubleshooting. Trustgrid exposes [authentication audits](https://docs.trustgrid.io/docs/operations/authentication/) (`audits::read:user`), [configuration changes](https://docs.trustgrid.io/docs/operations/changes/) (`audits::read:config`), [node events](https://docs.trustgrid.io/docs/operations/node-events/) (`audits::read:node`), and [flow logs](https://docs.trustgrid.io/docs/operations/flow-logs/) (`audits::read:flows`).\n" }, { "name": "Cluster", "description": "[Clusters](https://docs.trustgrid.io/docs/clusters/) group nodes for high availability and shared configuration. Changes applied to a cluster propagate to all member nodes. Requires `nodes::read` permission.\n" }, { "name": "Domain", "description": "A [domain](https://docs.trustgrid.io/docs/domain/) is a logical grouping of nodes within an organization, providing the namespace for virtual networks, DNS zones, and access policies. Requires `domains::read` permission.\n" }, { "name": "User", "description": "[User](https://docs.trustgrid.io/docs/user-management/) accounts for portal and API access. Authenticated via SSO (IDP) or local credentials and assigned permissions via policies. Requires `users::read` permission.\n" }, { "name": "Group", "description": "[Groups](https://docs.trustgrid.io/docs/user-management/groups/) control which users can access ZTNA applications exposed through virtual networks. Can be synchronized from identity providers. Requires `groups::read` permission.\n" }, { "name": "Appliance", "description": "[Appliances](https://docs.trustgrid.io/docs/nodes/appliances/) are physical or virtual machine Trustgrid nodes providing full network, VPN, edge compute, and monitoring capabilities. Requires `nodes::read` permission.\n" }, { "name": "Agent", "description": "[Agents](https://docs.trustgrid.io/docs/nodes/agents/) are lightweight software clients installed on user devices or servers, supporting VPN/ZTNA connectivity. Requires `nodes::read` permission.\n" }, { "name": "Org", "description": "Organization-level settings including [support requests](https://docs.trustgrid.io/docs/support/), notification preferences, and [shared documents](https://docs.trustgrid.io/docs/support/documents/). Requires `orgs::read` permission.\n" }, { "name": "Order", "description": "[Provisioning orders](https://docs.trustgrid.io/docs/provisioning/) track the lifecycle of Trustgrid appliances from purchase through deployment. Requires `orders::read` permission.\n" }, { "name": "Repository", "description": "Container image repositories for storing and distributing Docker images to edge compute nodes. Requires `repositories::read` permission.\n" }, { "name": "Tag", "description": "[Tags](https://docs.trustgrid.io/docs/nodes/shared/tags/) are key-value metadata attached to nodes and clusters for grouping, permissions scoping, and dashboard filtering. Requires `nodes::read` to view, `nodes::tag` to modify.\n" }, { "name": "Upgrade Manager", "description": "The [upgrade manager](https://docs.trustgrid.io/docs/upgrade-manager/) orchestrates software upgrades for nodes and clusters in bulk with scheduling and rollback support. Requires `upgrade-manager::read` permission.\n" }, { "name": "Alarm", "description": "[Alarm filters](https://docs.trustgrid.io/docs/alarms/alarm-filters/) define criteria and thresholds for when events generate alert notifications. Configure alert channels (email, Slack, PagerDuty, OpsGenie, Teams, webhooks) and maintenance windows. Requires `alarms::read` permission.\n" }, { "name": "Certificate", "description": "[TLS certificates](https://docs.trustgrid.io/docs/certificates/) provisioned for nodes to secure communications. Requires `certificates::read` to view, `certificates::modify` to manage.\n" }, { "name": "Virtual Networks", "description": "[Virtual networks](https://docs.trustgrid.io/docs/domain/virtual-networks/) are Layer-3 overlay networks enabling zero-trust connectivity between nodes. Configure routes, DNS, access policies, port forwarding, and IP pools. Requires `virtual-networks::read` permission.\n" }, { "name": "Cluster > VPN", "x-displayName": "VPN", "description": "Per-cluster attachment to virtual networks. Configure which virtual networks a cluster participates in and its VPN interface settings. Requires `node-vpn::read` permission.\n" }, { "name": "Cluster > Compute", "x-displayName": "Compute", "description": "[Cluster edge compute](https://docs.trustgrid.io/docs/nodes/appliances/containers/) — Docker container workloads deployed across cluster nodes. Requires `node-exec::read` permission. Requires `exec` feature flag.\n" }, { "name": "Appliance > VPN", "x-displayName": "VPN", "description": "Per-appliance attachment to virtual networks. Configure which virtual networks an appliance participates in and its VPN interface settings. Requires `node-vpn::read` permission.\n" }, { "name": "Appliance > Compute", "x-displayName": "Compute", "description": "[Appliance edge compute](https://docs.trustgrid.io/docs/nodes/appliances/containers/) — Docker container workloads deployed on a specific appliance. Requires `node-exec::read` permission. Requires `exec` feature flag.\n" }, { "name": "IDP", "description": "[Identity provider](https://docs.trustgrid.io/docs/idps/) integrations (Okta, Azure AD, Google, SAML, OIDC) for SSO authentication and user/group synchronization. Requires `identity-providers::read` permission.\n" }, { "name": "Permissions", "description": "[Role-based access control](https://docs.trustgrid.io/docs/user-management/policies/) via policies assigning permissions to users and groups. Includes a simulator to evaluate permission decisions. Requires `permissions::read` to view, `permissions::modify` to configure.\n" }, { "name": "ServiceUser", "description": "Machine accounts for API-only access, used for automation and integrations. Each service user can have API tokens generated without portal access. Requires `users::read` to view.\n" }, { "name": "ObservabilityExporter", "description": "[Observability exporters](https://docs.trustgrid.io/docs/observability/) configure telemetry data forwarding to external monitoring systems (Splunk, HTTP endpoints) via OpenTelemetry. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.\n" }, { "name": "SplunkExporter", "description": "Splunk-specific observability exporter configuration for forwarding Trustgrid telemetry to a Splunk HEC endpoint. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.\n" }, { "name": "HTTPExporter", "description": "Generic HTTP observability exporter for forwarding telemetry to any OpenTelemetry-compatible HTTP endpoint. Requires `observability::read` to view, `observability::modify` to configure. Requires `observability` feature flag.\n" }, { "name": "DNS", "description": "DNS configuration within virtual networks, including zone and record management for resolving names across the overlay network. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" }, { "name": "DNS Zone", "description": "DNS zones hosted within a virtual network, used to resolve internal hostnames for nodes and services. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" }, { "name": "DNS Record", "description": "Individual DNS A/CNAME records within a virtual network DNS zone. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" }, { "name": "Route", "description": "Static routes within a virtual network directing traffic between nodes and subnets. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" }, { "name": "Access Policy", "description": "Access policies within virtual networks controlling which nodes and groups can communicate. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" }, { "name": "Network Object", "description": "Network objects (subnets, hosts, ranges) used as reusable references in access policies and routes. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" }, { "name": "Network Group", "description": "Named collections of network objects for use in access policies. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" }, { "name": "Port Forwarding", "description": "Port forwarding rules that expose node services through the virtual network to other nodes. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" }, { "name": "Change Management", "description": "Tracked network configuration changes with approval workflows. Requires `virtual-networks::read` to view changes, `virtual-networks::modify` to stage and commit changes.\n" }, { "name": "Auth Group", "description": "Authentication groups that map identity provider groups to Trustgrid access groups, controlling ZTNA application access. Requires `virtual-networks::read` to view, `virtual-networks::modify` to manage.\n" } ], "x-tagGroups": [ { "name": "Alerts", "tags": [ "Alarm", "Alert" ] }, { "name": "Domain", "tags": [ "Domain", "Virtual Networks", "Access Policy", "Change Management", "DNS", "DNS Zone", "DNS Record", "Network Group", "Network Object", "Port Forwarding", "Route" ] }, { "name": "Cluster", "tags": [ "Cluster", "Cluster > VPN", "Cluster > Compute" ] }, { "name": "Appliance", "tags": [ "Appliance", "Appliance > VPN", "Appliance > Compute" ] }, { "name": "Agent", "tags": [ "Agent" ] }, { "name": "Upgrade Manager", "tags": [ "Upgrade Manager" ] }, { "name": "Compute", "tags": [ "Repository" ] }, { "name": "Management", "tags": [ "Audit", "Auth Group", "Certificate", "Group", "HTTPExporter", "IDP", "ObservabilityExporter", "Org", "Order", "Permissions", "ServiceUser", "SplunkExporter", "Tag", "User" ] } ], "paths": { "/alert": { "get": { "operationId": "listAlerts", "deprecated": true, "summary": "List all security and operational events across the organization", "description": "This is deprecated; use `/v2/event` instead.\n\n---\n\nRequires `alerts::read` permission.", "parameters": [ { "description": "Start time (unix timestamp) to query from", "in": "query", "name": "timestamp", "schema": { "type": "number" } }, { "description": "Limit number of alerts to return", "in": "query", "name": "limit", "schema": { "type": "number" } } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Alert" }, "type": "array" } } } } }, "tags": [ "Alert" ] } }, "/alert/{nodeID}": { "get": { "operationId": "listNodeAlerts", "summary": "Retrieve security and operational events for a specific node", "description": "List events for a node (appliance or agent), newest first\n\n---\n\nRequires `alerts::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Alert" }, "type": "array" } } } } }, "tags": [ "Alert" ] }, "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/audit/download/config": { "get": { "operationId": "downloadConfigAudit", "summary": "Export configuration change audit logs as a downloadable file", "description": "Requires `audits::read:config` permission.", "parameters": [ { "description": "ID for the item to audit. If specified, must include itemType.", "in": "query", "name": "itemID", "schema": { "type": "string" } }, { "description": "Type of item to audit, e.g., Node or Cluster. If specified, must include itemID", "in": "query", "name": "itemType", "schema": { "type": "string" } }, { "description": "Start time (unix timestamp) to query from", "in": "query", "name": "timestamp", "schema": { "type": "string" } }, { "description": "End time (unix timestamp) to query to", "in": "query", "name": "eTime", "schema": { "type": "string" } }, { "description": "Audit type to filter (create, delete, change, or action)", "in": "query", "name": "auditEvent", "schema": { "type": "string" } }, { "description": "IP address filter", "in": "query", "name": "ip", "schema": { "type": "string" } }, { "description": "User name filter", "in": "query", "name": "user", "schema": { "type": "string" } }, { "description": "Details text filter", "in": "query", "name": "details", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" } }, "tags": [ "Audit" ] } }, "/audit/download/node": { "get": { "operationId": "downloadNodeAudit", "summary": "Export node activity and operational audit logs as a downloadable file", "description": "Requires `audits::read:node` permission.", "parameters": [ { "description": "Start time (unix timestamp) to query from", "in": "query", "name": "timestamp", "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "query", "name": "FQDN", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" } }, "tags": [ "Audit" ] } }, "/audit/download/user": { "get": { "operationId": "downloadUserAudit", "summary": "Export user authentication and access audit logs as a downloadable file", "description": "Requires `audits::read:user` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Audit" ] } }, "/audit/tail/config": { "get": { "operationId": "tailConfigAudit", "summary": "Retrieve real-time configuration change audit logs with filtering options", "description": "Requires `audits::read:config` permission.", "parameters": [ { "description": "ID for the item to audit. If specified, must include itemType.", "in": "query", "name": "itemID", "schema": { "type": "string" } }, { "description": "Type of item to audit, e.g., Node or Cluster. If specified, must include itemID", "in": "query", "name": "itemType", "schema": { "type": "string" } }, { "description": "Start time (unix timestamp) to query from", "in": "query", "name": "timestamp", "schema": { "type": "string" } }, { "description": "End time (unix timestamp) to query to", "in": "query", "name": "eTime", "schema": { "type": "string" } }, { "description": "Audit type to filter (create, delete, change, or action)", "in": "query", "name": "auditEvent", "schema": { "type": "string" } }, { "description": "IP address filter", "in": "query", "name": "ip", "schema": { "type": "string" } }, { "description": "User name filter", "in": "query", "name": "user", "schema": { "type": "string" } }, { "description": "Details text filter", "in": "query", "name": "details", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "description": "ConfigChange", "properties": { "auditType": { "description": "Type of change", "enum": [ "change", "create", "delete", "action" ], "type": "string" }, "ip": { "description": "IP address of the client that initiated the change", "example": "44.44.44.43", "type": "string" }, "itemId": { "description": "Unique ID of the item that was changed", "example": "19084f81-5668-41ee-adbe-295e4c65531a", "type": "string" }, "itemType": { "description": "Type of the item that was changed", "example": "Node", "type": "string" }, "message": { "description": "Message describing the change", "example": "Node license created", "type": "string" }, "timestamp": { "description": "Unix timestamp when the change happened", "example": 1729533326, "type": "number" }, "uid": { "description": "Unique ID of the change", "example": "8845f684-4ffe-4b01-a62f-5619a7eae486", "type": "string" }, "userName": { "description": "User name of the client that initiated the change", "example": "admin@trustgrid.io", "type": "string" }, "org": { "description": "Organization ID", "type": "string" }, "type": { "description": "Object type discriminator", "example": "AuditLog", "type": "string" } }, "type": "object" }, "type": "array" } } } } }, "tags": [ "Audit" ] } }, "/audit/tail/flow_logs": { "get": { "operationId": "tailFlowLogs", "deprecated": true, "summary": "Retrieve network traffic flow logs with advanced filtering and pagination", "description": "This is deprecated; use `/v2/audit/flow-logs` instead.\n\n---\n\nRequires `audits::read:flows` permission.", "parameters": [ { "description": "Unix timestamp for the start of the log window", "in": "query", "name": "sTime", "schema": { "type": "number" } }, { "description": "Unix timestamp for the end of the log window", "in": "query", "name": "eTime", "schema": { "type": "number" } }, { "description": "Comparison operator for the end of the log window", "in": "query", "name": "eTimeOp", "schema": { "type": "string", "enum": [ "eq", "ne", "gt", "gte", "lt", "lte" ] } }, { "description": "IP protocol", "in": "query", "name": "protocol", "schema": { "type": "string" } }, { "description": "Source IP address", "in": "query", "name": "srcIp", "schema": { "type": "string" } }, { "description": "Destination IP address", "in": "query", "name": "dstIp", "schema": { "type": "string" } }, { "description": "Source port", "in": "query", "name": "srcPort", "schema": { "type": "number" } }, { "description": "Comparison operator for the source port", "in": "query", "name": "srcPortOp", "schema": { "type": "string", "enum": [ "eq", "ne", "gt", "gte", "lt", "lte" ] } }, { "description": "Destination port", "in": "query", "name": "dstPort", "schema": { "type": "number" } }, { "description": "Comparison operator for the dest port", "in": "query", "name": "dstPortOp", "schema": { "type": "string", "enum": [ "eq", "ne", "gt", "gte", "lt", "lte" ] } }, { "description": "Maximum number of results to return", "in": "query", "name": "limit", "schema": { "type": "number" } }, { "description": "Source node name", "in": "query", "name": "srcNode", "schema": { "type": "string" } }, { "description": "Dest node name", "in": "query", "name": "dstNode", "schema": { "type": "string" } }, { "description": "Flow logging node ID", "in": "query", "name": "node", "schema": { "type": "string" } }, { "description": "When true, newer flow logs will be listed first", "in": "query", "name": "reverse", "schema": { "type": "boolean" } }, { "description": "If provided, a flow must match at least one of the TCP flags provided. Decimal encoded, see flow log TCP flag encoding.", "in": "query", "name": "tcpFlags", "style": "form", "explode": false, "schema": { "type": "array", "items": { "type": "number" } } }, { "description": "Continuation cursor from previous query", "in": "query", "name": "cursor", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "headers": { "x-cursor": { "description": "Continuation cursor for the next query", "schema": { "type": "string" } } }, "content": { "application/json": { "schema": { "items": { "description": "FlowLog", "properties": { "nodeId": { "description": "ID of the node that logged this flow", "type": "string" }, "sourceNode": { "description": "Source node name", "example": "mynode", "type": "string" }, "sourceIP": { "description": "Source IP address", "example": "2.2.2.2", "type": "string" }, "sourcePort": { "description": "Source port", "example": 1234, "type": "number" }, "sourceBytes": { "description": "Source bytes transferred", "example": 100, "type": "number" }, "destNode": { "description": "Destination node name", "example": "mynode", "type": "string" }, "destIP": { "description": "Destination IP address", "example": "1.1.1.1", "type": "string" }, "destPort": { "description": "Destination port", "example": 1234, "type": "number" }, "destBytes": { "description": "Destination bytes transferred", "example": 100, "type": "number" }, "startTime": { "description": "Start time of the flow (ISO 8601)", "example": "2022-11-01T22:46:01.765Z", "type": "string" }, "endTime": { "description": "End time of the flow (ISO 8601)", "example": "2022-11-01T22:46:02.730Z", "type": "string" }, "protocol": { "description": "Protocol", "enum": [ "TCP", "UDP", "ICMP", "UNKNOWN" ], "example": "TCP", "type": "string" }, "tcpFlags": { "description": "TCP flags as a bitmask encoded decimal string:\n* 0x01 - FIN\n* 0x02 - SYN\n* 0x04 - RST\n* 0x08 - PSH\n* 0x10 - ACK\n* 0x20 - URG", "example": "2", "type": "string" }, "flags": { "description": "Additional flow flags as a decimal string", "example": "40019", "type": "string" }, "activityID": { "description": "Threat Intelligence activity ID (if applicable)", "example": "9aa2bbc3-4265-475b-b977-c94b1ee25a1f", "type": "string" }, "meta": { "description": "Additional metadata (nullable)", "type": "object", "nullable": true } }, "type": "object" }, "type": "array" } } } } }, "tags": [ "Audit" ] } }, "/audit/tail/node": { "get": { "operationId": "tailNodeAudit", "summary": "Retrieve real-time node operational and security audit logs", "description": "List node (appliance or agent) audits\n\n---\n\nRequires `audits::read:node` permission.", "parameters": [ { "description": "Start time (unix timestamp) to query from", "in": "query", "name": "timestamp", "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "query", "name": "FQDN", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "type": "array", "items": { "type": "object", "properties": { "uid": { "description": "Unique identifier", "type": "string" }, "fqdn": { "description": "FQDN of the node that performed the action", "type": "string" }, "category": { "description": "Action category (e.g. \"Node Action\")", "type": "string" }, "value": { "description": "Human-readable description of the action taken", "type": "string" }, "timestamp": { "description": "Unix epoch timestamp (seconds) when the action occurred", "type": "integer" }, "expires": { "description": "Unix epoch timestamp (seconds) when this audit record expires", "type": "integer" }, "org": { "description": "Organization ID", "type": "string" } } } } } } } }, "tags": [ "Audit" ] } }, "/audit/tail/user": { "get": { "operationId": "tailUserAudit", "summary": "Retrieve real-time user authentication and session audit logs", "description": "Requires `audits::read:user` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "type": "array", "items": { "type": "object", "properties": { "uid": { "description": "Unique identifier", "type": "string" }, "userId": { "description": "User who performed the authentication", "example": "admin@example.com", "type": "string" }, "message": { "description": "Human-readable description (e.g. \"Portal login (Local Authentication)\")", "type": "string" }, "source": { "description": "Authentication source (e.g. \"portal\")", "type": "string" }, "ip": { "description": "IP address of the client", "type": "string" }, "timestamp": { "description": "Unix epoch timestamp (seconds) when the event occurred", "type": "integer" }, "expires": { "description": "Unix epoch timestamp (seconds) when this audit record expires", "type": "integer" }, "orgId": { "description": "Organization ID", "type": "string" }, "type": { "description": "Object type discriminator", "example": "AuthAudit", "type": "string" } } } } } } } }, "tags": [ "Audit" ] } }, "/cluster": { "get": { "operationId": "listClusters", "summary": "Retrieve all high-availability node clusters in the organization", "parameters": [ { "description": "If specified, the nodes will return with their associated configuration.", "in": "query", "name": "withConfig", "required": false, "schema": { "type": "boolean" } } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ClusterModel" }, "type": "array" } } } } }, "tags": [ "Cluster" ] }, "post": { "summary": "Create a new high-availability cluster for grouping nodes", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CreateClusterModel" } } } }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] } }, "/cluster/{clusterFQDN}": { "delete": { "summary": "Permanently remove a cluster and all its configurations", "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] }, "get": { "operationId": "getCluster", "summary": "Retrieve detailed configuration and status of a specific cluster", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ClusterModel" } } } }, "404": { "description": "Cluster not found" } }, "tags": [ "Cluster" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "put": { "summary": "Modify cluster configuration and failover settings", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ClusterModel" } } }, "required": true }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] } }, "/cluster/{clusterFQDN}/active/{nodeID}": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "$ref": "#/components/parameters/nodeID" } ], "put": { "summary": "Manually promote a specific node to be the active member in an HA cluster", "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] } }, "/cluster/{clusterFQDN}/config/connectors": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "put": { "summary": "Update connectors configuration for a cluster\n", "description": "Requires `node::configure::connectors` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/ConnectorConfig" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] }, "delete": { "summary": "Delete the connector config for a cluster\n", "description": "Requires `node::configure::connectors` permissions\n", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster" ] } }, "/v2/cluster/{clusterFQDN}/config/connectors": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "post": { "summary": "Add a connector to a cluster. Requires V2 connector config.\n", "description": "Requires `node::configure::connectors` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/EdgeConnector" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] } }, "/v2/cluster/{clusterFQDN}/config/connectors/upgrade": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "post": { "summary": "Upgrade a cluster's connector config to V2.\n", "description": "Requires `node::configure::connectors` permissions\n", "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] } }, "/v2/cluster/{clusterFQDN}/config/connectors/{connectorID}": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Connector ID", "in": "path", "name": "connectorID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a connector on a cluster\n", "description": "Requires V2 connector config.\n\n---\n\nRequires `node::configure::connectors` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/EdgeConnector" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] }, "delete": { "summary": "Delete a connector from a cluster. Requires V2 connector config.\n", "description": "Requires `node::configure::connectors` permissions\n", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster" ] } }, "/cluster/{clusterFQDN}/config/network": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "put": { "summary": "Update network configuration for a cluster\n", "description": "Requires `node::configure:network` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/Config" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] } }, "/cluster/{clusterFQDN}/config/services": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "put": { "summary": "Update services configuration for a cluster.\n", "description": "Requires `nodes::configure::services` permissions.\n", "requestBody": { "$ref": "#/components/requestBodies/ServiceConfig" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] }, "delete": { "summary": "Remove a cluster's services configuration.\n", "description": "Requires `nodes::configure::services` permissions.\n", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster" ] } }, "/v2/cluster/{clusterFQDN}/config/services": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "post": { "summary": "Add a service to a cluster. Requires V2 services config.\n", "description": "Requires `node::configure::services` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/EdgeService" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] } }, "/v2/cluster/{clusterFQDN}/config/services/upgrade": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "post": { "summary": "Upgrade a cluster's services config to V2.\n", "description": "Requires `node::configure::services` permissions\n", "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] } }, "/v2/cluster/{clusterFQDN}/config/services/{serviceID}": { "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Service ID", "in": "path", "name": "serviceID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a service on a cluster.\n", "description": "Requires V2 services config.\n\n---\n\nRequires `node::configure::services` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/EdgeService" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster" ] }, "delete": { "summary": "Delete a service from a cluster\n", "description": "Requires V2 services config.\n\n---\n\nRequires `node::configure::services` permissions\n", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster" ] } }, "/cluster/{clusterFQDN}/tag/{tagName}": { "delete": { "summary": "Delete a tag from a cluster", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Set a tag on a cluster", "requestBody": { "$ref": "#/components/requestBodies/TagValueModel" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster" ] } }, "/domain/{domainName}": { "get": { "operationId": "getDomain", "summary": "Retrieve domain configuration including security and network settings", "description": "Requires `domains::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "description": "Domain", "properties": { "config": { "description": "Domain-level configuration. Includes firewall policy snapshots derived from virtual network access policies, API gateway routing, and hosted gateway settings.", "type": "object", "properties": { "updateTime": { "description": "Unix timestamp of the last configuration update", "type": "integer" }, "gateway": { "description": "Hosted gateway settings for the domain", "type": "object", "properties": { "hosted": { "description": "Whether the domain uses a Trustgrid-managed hosted gateway", "type": "boolean" } } }, "apigw": { "description": "API gateway routing configuration for the domain", "type": "object", "properties": { "host": { "description": "API gateway hostname", "type": "string" }, "port": { "description": "API gateway port", "type": "string" }, "gateway_node": { "description": "FQDN of the node acting as the primary API gateway", "type": "string" }, "application_gateway_node": { "description": "FQDN of the application gateway node (if separate from the primary)", "type": "string" } } }, "firewall": { "description": "Compiled firewall policy snapshot derived from virtual network access policies. Read-only; updated automatically when network policies change.", "type": "object" } } } }, "type": "object" } } } }, "404": { "description": "Not found" } }, "tags": [ "Domain" ] }, "parameters": [ { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ] }, "/domain/{domainName}/config/alert": { "parameters": [ { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Configure domain-wide alert thresholds and notification settings", "description": "Requires `domains::configure:thresholds` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Domain-level alert threshold configuration", "type": "object", "properties": { "enabled": { "description": "Whether alert threshold evaluation is active for this domain", "type": "boolean" }, "thresholds": { "description": "Alert rules evaluated against node telemetry values within the domain", "type": "array", "items": { "type": "object", "properties": { "id": { "description": "Rule ID (UUID)", "type": "string" }, "name": { "description": "Human-readable rule name", "type": "string" }, "telemetry": { "description": "Shadow `reported` key to evaluate (e.g. `memory`, `storage`)", "type": "string" }, "max": { "description": "Upper bound — alert fires when the value exceeds this", "type": "number" }, "exceededWindow": { "description": "Number of time units the value must continuously exceed `max`", "type": "number" }, "exceededWindowUnit": { "description": "Time unit for `exceededWindow` (e.g. `minutes`, `hours`)", "type": "string" } } } } } } } }, "description": "Alert configuration", "required": true }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain" ] } }, "/domain/{domainName}/config/apigw": { "parameters": [ { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Configure domain-level API gateway settings and access policies", "description": "Requires `domains::configure:gateway` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Domain-level API gateway routing configuration", "type": "object", "properties": { "gateway_node": { "description": "FQDN of the node that acts as the primary API gateway for the domain", "example": "gw.myorg.trustgrid.io", "type": "string" }, "new_cloud_gateway": { "description": "Enable the next-generation cloud gateway routing path", "type": "boolean" } } } } }, "description": "APIGW configuration", "required": true }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain" ] } }, "/group": { "get": { "operationId": "listGroups", "summary": "Retrieve all user groups and their access permissions", "description": "Requires `groups::read` permissions", "responses": { "200": { "description": "List of groups", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Group" }, "type": "array" } } } } }, "tags": [ "User", "Group" ] }, "post": { "summary": "Create a new user group with specified access permissions", "description": "Requires `groups::modify` permissions", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Group" } } }, "description": "The group object to be created", "required": true }, "responses": { "200": { "description": "Group successfully created" } }, "tags": [ "User", "Group" ] } }, "/group/{groupId}/members/{email}": { "delete": { "summary": "Remove a user from a group and revoke associated permissions", "description": "Requires `groups::modify` permissions", "parameters": [ { "description": "ID of the group to remove a member from", "in": "path", "name": "groupId", "required": true, "schema": { "type": "string" } }, { "description": "Email of the member to be removed", "in": "path", "name": "email", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Member successfully removed from the group" } }, "tags": [ "User", "Group" ] } }, "/group/{uid}": { "delete": { "summary": "Permanently delete a group and remove all member associations", "description": "Requires `groups::modify` permissions", "parameters": [ { "description": "ID of the group to delete", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Group successfully deleted" } }, "tags": [ "User", "Group" ] }, "get": { "operationId": "getGroup", "summary": "Retrieve detailed information about a specific group", "description": "Requires `groups::read` permissions", "parameters": [ { "description": "UID of the group to retrieve", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "The group object", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Group" } } } }, "404": { "description": "Group does not exist" } }, "tags": [ "User", "Group" ] } }, "/group/{uid}/idps": { "get": { "operationId": "listGroupIdps", "summary": "List all identity providers associated with a group", "description": "Requires `groups::read` permissions", "parameters": [ { "description": "UID of the group", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "List of Identity Providers", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/IdpGroup" }, "type": "array" } } } } }, "tags": [ "User", "Group" ] } }, "/group/{uid}/members": { "get": { "operationId": "listGroupMembers", "summary": "Retrieve all users that belong to a specific group", "description": "Requires `groups::read` permissions", "parameters": [ { "description": "UID of the group", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "List of group members", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/GroupMember" }, "type": "array" } } } } }, "tags": [ "User", "Group" ] }, "post": { "summary": "Add a new user to a group and grant associated permissions", "description": "Requires `groups::modify` permissions", "parameters": [ { "description": "ID of the group to add a member to", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GroupMember" } } }, "description": "The group member object to be added", "required": true }, "responses": { "200": { "description": "Member successfully added to the group" } }, "tags": [ "User", "Group" ] } }, "/node": { "get": { "operationId": "listNodes", "summary": "Retrieve all network nodes including appliances and agents with filtering options", "description": "List both appliances and agents. The fields `config` and `shadow` will be empty unless\nspecified in the `projection` parameter. The query for the config or shadow must be at least\none level deep - `projection[0][0]=config` won't work, but `projection[0][0]=config&projection[0][1]=gateway`\nwill result in `config.gateway` being populated.\n\n---\n\nRequires `nodes::read` permission.", "parameters": [ { "description": "When provided, limit the nodes to members of the cluster. Should be the full cluster FQDN, e.g., `mycluster.trustgrid.io`.", "in": "query", "name": "cluster", "schema": { "type": "string" } }, { "description": "Comma-separated key:value pairs for tag filtering, e.g., `location:Austin,device:Trustgrid`.", "in": "query", "name": "tags", "schema": { "type": "string" } }, { "description": "Reduces the response to a smaller set of fields. When **omitted**, all fields are returned (`name`, `fqdn`, `online`, `cluster`, `lastip`, `last_connect`, `created_at`, `device`, `location`, `heartbeat`, `lifecycleState`, `disconnectTime`, `orderID`, plus base fields).\n\nWhen **specified**, the response contains only a fixed base set plus each explicitly requested field.\n\n**Base set** (always present when any projection is specified): `uid`, `state`, `type`, `tags`, `tgTags`, `tgrn`, `keys`.\n**Top-level requestable fields**: `name`, `fqdn`, `online`, `cluster`, `lastip`, `last_connect`, `created_at`, `device`, `location`, `heartbeat`, `lifecycleState`, `disconnectTime`, `orderID`\n\n**IMPORTANT**: `shadow` and `config` cannot be used as flat projection keys (e.g., `projection[]=shadow` or `projection[]=config` are rejected as too large). To retrieve data from these objects, you must use nested indexed projection (see below).\n\n**WARNING**: Dot-notation strings do NOT work. `projection[]=config.gateway.enabled` silently returns an empty `config: {}` object. Do not use dot notation.\n\n**Nested projection** uses indexed bracket notation where each projection entry has an outer index N and each path segment has an inner index M. To request `config.gateway.enabled` as entry 0 and `shadow.reported[\"node-core.version\"]` as entry 1:\n`projection[0][0]=config&projection[0][1]=gateway&projection[0][2]=enabled&projection[1][0]=shadow&projection[1][1]=reported&projection[1][2]=node-core.version`\n\nIf using curl, use the `-g` flag to prevent brace expansion.", "in": "query", "name": "projection[]", "style": "form", "explode": true, "schema": { "type": "array", "items": { "oneOf": [ { "type": "string" }, { "type": "array", "items": { "type": "string" } } ] } } } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Node" }, "type": "array" } } } } }, "tags": [ "Appliance", "Agent" ] } }, "/node/license": { "get": { "operationId": "getNodeLicense", "summary": "Generate a license key for registering a new node to the organization", "responses": { "200": { "description": "License body", "content": { "text/plain": { "schema": { "type": "string" } } } }, "422": { "description": "Validation error", "content": { "text/plain": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance" ] }, "parameters": [ { "description": "node name", "in": "query", "name": "name", "required": true, "schema": { "type": "string" } } ] }, "/node/by-fqdn/{fqdn}": { "get": { "operationId": "getNodeByFQDN", "summary": "Retrieve a node by its fully-qualified domain name", "description": "Get a node using its FQDN directly, as an alternative to looking up the nodeID first.\n\n---\n\nRequires `nodes::read` permission on the node.", "parameters": [ { "name": "fqdn", "in": "path", "required": true, "description": "Node FQDN (e.g., appliance.example.trustgrid.io)", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Node" } } } }, "404": { "description": "Node not found or permission denied" } }, "tags": [ "Appliance", "Agent" ] } }, "/node/{nodeID}": { "delete": { "summary": "Permanently remove a node from the organization and revoke access", "description": "Delete a node (appliance or agent)\n\n---\n\nRequires `nodes::delete` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Appliance", "Agent" ] }, "get": { "operationId": "getNode", "summary": "Retrieve detailed configuration and status information for a specific node", "description": "Get a node (appliance or agent)\n\n---\n\nRequires `nodes::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Node" } } } }, "404": { "description": "Not Found" } }, "tags": [ "Appliance", "Agent" ] }, "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify node settings including cluster assignment and operational state", "description": "Update a node (appliance or agent)\n\n---\n\nRequires `nodes::manage` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Node updates (both fields are optional).", "properties": { "cluster": { "description": "Cluster FQDN - requires `nodes::cluster` permission to modify. If set to `null`, the node will be removed from the cluster.", "example": "mycluster.trustgrid.io", "type": "string" }, "state": { "description": "Node state", "enum": [ "ACTIVE", "INACTIVE" ], "type": "string" } }, "type": "object" } } }, "description": "Node updates" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance", "Agent" ] } }, "/node/{nodeID}/config/alert": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "put": { "summary": "Configure alert thresholds and notification settings for a specific appliance", "description": "Applicable to appliances only.\n", "requestBody": { "$ref": "#/components/requestBodies/Config2" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/node/{nodeID}/config/cluster": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "put": { "summary": "Configure high-availability cluster settings for a specific appliance", "description": "Applicable to appliances only.\n", "requestBody": { "$ref": "#/components/requestBodies/Config2" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/node/{nodeID}/config/connectors": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "put": { "summary": "Configure inbound network connectors for external access to node services", "requestBody": { "$ref": "#/components/requestBodies/ConnectorConfig" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance", "Agent" ] }, "delete": { "summary": "Remove all connector configurations from a node", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance", "Agent" ] } }, "/v2/node/{nodeID}/config/connectors": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "post": { "summary": "Create a new inbound connector to expose services running on the node", "description": "Requires `node::configure::connectors` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/EdgeConnector" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance", "Agent" ] } }, "/v2/node/{nodeID}/config/connectors/upgrade": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "post": { "summary": "Migrate a node's connector configuration to the latest V2 format", "description": "Requires `node::configure::connectors` permissions\n", "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance", "Agent" ] } }, "/v2/node/{nodeID}/config/connectors/{connectorID}": { "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Connector ID", "in": "path", "name": "connectorID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify settings for an existing connector on a node", "description": "Applies to appliances and agents. Requires V2 connector config.\n---\nRequires `node::configure::connectors` permissions", "requestBody": { "$ref": "#/components/requestBodies/EdgeConnector" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance", "Agent" ] }, "delete": { "summary": "Remove a specific connector configuration from a node", "description": "Delete a connector from a node (appliance or agent). Requires V2 connector config.\n\n---\n\nRequires `node::configure::connectors` permissions\n", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance", "Agent" ] } }, "/node/{nodeID}/config/network": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "put": { "summary": "Configure network interfaces, routing, and firewall rules for an appliance", "description": "Update network configuration for a node (appliance)\n\n---\n\nRequires `node::configure:network` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/Config" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/node/{nodeID}/config/services": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "put": { "summary": "Configure outbound services for external connections from the node", "description": "Update services configuration for a node (appliance or agent)\n\n---\n\nNote: request body will be validated by JSON schema of the plugin\n", "requestBody": { "$ref": "#/components/requestBodies/ServiceConfig" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance", "Agent" ] } }, "/v2/node/{nodeID}/config/services": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "post": { "summary": "Create a new outbound service connection for external resource access", "description": "Requires `node::configure::services` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/EdgeService" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance", "Agent" ] } }, "/v2/node/{nodeID}/config/services/upgrade": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "post": { "summary": "Migrate a node's service configuration to the latest V2 format", "description": "Requires `node::configure::services` permissions\n", "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance", "Agent" ] } }, "/v2/node/{nodeID}/config/services/{serviceID}": { "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Service ID", "in": "path", "name": "serviceID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify settings for an existing service connection on a node", "description": "Update a service on a node. Requires V2 services config.\n\n---\n\nRequires `node::configure::services` permissions\n", "requestBody": { "$ref": "#/components/requestBodies/EdgeService" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance", "Agent" ] }, "delete": { "summary": "Remove a specific service configuration from a node", "description": "Delete a service from a node. Requires V2 services config.\n\n---\n\nRequires `node::configure::services` permissions\n", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance", "Agent" ] } }, "/node/{nodeID}/config/ztnagw": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "put": { "summary": "Configure Zero Trust Network Access gateway settings for secure remote access", "description": "Update ZTNA gateway configuration for a node (appliance)\n\nNote that this endpoint used to be `apigw`. The config section is still named `apigw`.\n---\n\n\"WireGuard\" is a registered trademark of Jason A. Donenfeld.\n\nRequires `node::configure::apigw` permissions\n", "requestBody": { "content": { "application/json": { "schema": { "example": { "cert": "myztnahost.mycompany.com", "enabled": true, "host": "myztnahost.mycompany.com", "port": 9927, "wireguardEnabled": true, "wireguardEndpoint": "myztnahost.mycompany.com", "wireguardPort": 9926 }, "properties": { "cert": { "description": "ZTNA gateway certificate (FQDN)", "type": "string" }, "enabled": { "description": "Enable this plugin", "type": "boolean" }, "host": { "description": "ZTNA gateway host", "type": "string" }, "port": { "description": "ZTNA gateway port", "maximum": 65535, "minimum": 1, "type": "number" }, "wireguardEnabled": { "description": "Enable wireguard", "type": "boolean" }, "wireguardEndpoint": { "description": "WireGuard endpoint", "format": "hostname", "type": "string" }, "wireguardPort": { "description": "WireGuard port", "maximum": 65535, "minimum": 1, "type": "number" } }, "type": "object" } } } }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] }, "delete": { "summary": "Remove ZTNA gateway configuration and disable secure remote access", "description": "Delete the ZTNA gateway configuration for a node (appliance)\n\n---\n\nRequires `node::configure::apigw` permissions\n", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/node/{nodeID}/config/gateway": { "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Configure node as a network gateway for routing traffic between networks", "description": "Update gateway configuration\n\nUse `host` (not `ip`) for the gateway hostname.\n\n---\n\nRequires `nodes::configure:gateway` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Gateway config", "properties": { "cert": { "description": "Certificate", "example": "mygateway.trustgrid.io", "type": "string" }, "clients": { "items": { "description": "Gateway client", "properties": { "enabled": { "description": "Client is allowed to connect", "example": true, "type": "boolean" }, "name": { "description": "Node or cluster name", "example": "mynode", "type": "string" } }, "type": "object" }, "type": "array" }, "connectToPublic": { "description": "Connect to public", "type": "boolean" }, "enabled": { "description": "Enable gateway plugin", "type": "boolean" }, "host": { "description": "Hostname of the gateway", "example": "mygateway.trustgrid.io", "type": "string" }, "maxClientWriteMbps": { "description": "Max egress MBPS", "example": 1000, "type": "number" }, "maxmbps": { "description": "Max ingress MBPS", "example": 1000, "type": "number" }, "monitorHops": { "description": "Monitor hops", "type": "boolean" }, "port": { "description": "Port of the gateway", "example": 8080, "type": "number" }, "type": { "description": "Type of gateway", "enum": [ "private", "public", "hub" ], "type": "string" }, "udpEnabled": { "description": "Enable UDP", "type": "boolean" }, "udpPort": { "description": "UDP port", "example": 8081, "type": "number" } }, "required": [ "enabled" ], "type": "object" } } }, "description": "Gateway config" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Agent", "Appliance" ] } }, "/node/{nodeID}/lock": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ] }, "/node/{nodeID}/snmp": { "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Configure SNMP monitoring settings for network management integration", "description": "Update SNMP configuration\n\n---\n\nRequires `nodes::configure:snmp` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "SNMP config", "properties": { "authPassphrase": { "description": "Auth passphrase", "example": "myauthpass", "type": "string" }, "authProtocol": { "description": "Auth passphrase", "enum": [ "SHA", "MD5" ], "type": "string" }, "enabled": { "description": "Enable SNMP plugin", "type": "boolean" }, "engineId": { "description": "Engine ID", "example": "myengineid", "type": "string" }, "interface": { "description": "Interface", "example": "eth0", "type": "string" }, "port": { "description": "Port", "example": 161, "type": "number" }, "privacyPassphrase": { "description": "Privacy passphrase", "example": "myprivpass", "type": "string" }, "privacyProtocol": { "description": "Privacy protocol", "enum": [ "AES128", "AES192", "AES256", "DES" ], "type": "string" }, "username": { "description": "Username", "example": "myuser", "type": "string" } }, "required": [ "enabled" ], "type": "object" } } }, "description": "SNMP config" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Agent", "Appliance" ] } }, "/node/{nodeID}/tag/{tagName}": { "delete": { "summary": "Remove a metadata tag from a node for organizational categorization", "responses": { "200": { "description": "OK" } }, "tags": [ "Agent", "Appliance" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Add or update a metadata tag on a node for organizational categorization", "requestBody": { "$ref": "#/components/requestBodies/TagValueModel" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance", "Agent" ] } }, "/node/{nodeID}/trigger/{event}": { "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "in": "path", "name": "event", "required": true, "description": "Event name to trigger on the node. This parameter is open-ended; the backend\nmay support additional event names beyond those documented here.\n\nKnown values include: aws-route-tables, gateway-routes, tg-tcpdump,\ndatastore-manager, gateway-ping, gateway-perf, gateway-traceroute,\ngateway-mtr, wg-clients, vpn-dump, vpn-key, vpn-nats, vpn-routes,\nnode-debug, tg-net-ping, tg-net-nc, nat-hits, ipsec-statusall,\nipsec-restart, tg-ping, tg-cluster-ping, speed-test, tg-nc,\ntg-traceroute, flows, tg-mtr, bgp, tg-arping,\nnode-restart-service, node-reboot, node-upgrade, web-sessions.\n\nEach requires either `nodes::remote-execute` or `nodes::service:{event}` permission.", "schema": { "type": "string", "example": "gateway-routes" } } ], "post": { "summary": "Execute a remote operation or command on a specific node", "description": "Sends an event to the node and optionally waits for its response.\n\nCommon `event` values:\n- `node-restart-service` — restart the Trustgrid node service (requires `nodes::service:node-restart-service`)\n- `node-reboot` — reboot the host OS (requires `nodes::service:node-reboot`)\n- `node-upgrade` — upgrade node software (requires `nodes::service:node-upgrade`)\n- `gateway-routes` — fetch current gateway routes (requires `nodes::service:gateway-routes`)\n- `vpn-routes` — fetch virtual network routing table (requires `nodes::service:vpn-routes`)\n- `vpn-nats` — fetch virtual network NAT table (requires `nodes::service:vpn-nats`)\n- `tg-ping` — run a ping via the Trustgrid overlay (requires `nodes::service:tg-ping`)\n- `tg-traceroute` — run a traceroute via the overlay (requires `nodes::service:tg-traceroute`)\n- `tg-net-ping` — ping through the virtual network (requires `nodes::service:tg-net-ping`)\n- `speed-test` — measure internet bandwidth (requires `nodes::service:speed-test`)\n- `flows` — manage active network flows (requires `nodes::service:flows`)\n- `bgp` — interact with the BGP server (requires `nodes::service:bgp`)\n- `ipsec-restart` — restart the IPSec service (requires `nodes::service:ipsec-restart`)\n- `ipsec-statusall` — retrieve IPSec status (requires `nodes::service:ipsec-statusall`)\n\nAll services require either `nodes::remote-execute` or `nodes::service:{event}`\npermission.\n\nAdd `?wait=1` to block until the node responds (useful for synchronous checks).", "parameters": [ { "description": "Pass `1` to block until the node responds and return its output. Omit for fire-and-forget.", "in": "query", "name": "wait", "required": false, "schema": { "type": "integer", "enum": [ 1 ] } } ], "requestBody": { "required": false, "content": { "application/json": { "schema": { "type": "object", "additionalProperties": true, "description": "Optional event-specific payload. The request body shape depends on the `{event}` being executed." } } } }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "anyOf": [ { "type": "boolean" }, { "$ref": "#/components/schemas/NodeTriggerContainerActionResponse" }, { "$ref": "#/components/schemas/NodeTriggerContainerStatusResponse" }, { "$ref": "#/components/schemas/NodeTriggerContainerImageListResponse" }, { "$ref": "#/components/schemas/NodeTriggerContainerImageDeleteResponse" } ] } } } } }, "tags": [ "Appliance", "Agent" ] } }, "/org/mine": { "get": { "operationId": "getOrg", "summary": "Retrieve organization details and configuration settings", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrgModel" } } } }, "404": { "description": "Org not found" } }, "tags": [ "Org" ] } }, "/provisioning/api/v1/orders": { "get": { "operationId": "listOrders", "summary": "Retrieve all hardware provisioning orders and their current status", "description": "The responses for orders from this API request are not fully hydrated (eg, no nodes).", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/OrderModel" }, "type": "array" } } } } }, "tags": [ "Order" ] }, "post": { "summary": "Submit a new hardware provisioning order for appliances or agents", "requestBody": { "$ref": "#/components/requestBodies/OrderModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Order" ] } }, "/provisioning/api/v1/orders/{uid}": { "get": { "operationId": "getOrder", "summary": "Retrieve detailed information about a specific provisioning order", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrderModel" } } } } }, "tags": [ "Order" ] }, "parameters": [ { "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify the details and requirements of an existing provisioning order", "requestBody": { "$ref": "#/components/requestBodies/OrderModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Order" ] } }, "/provisioning/api/v1/orders/{uid}/comment": { "parameters": [ { "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Add a note or comment to track order progress and communication", "requestBody": { "content": { "application/json": { "schema": { "properties": { "body": { "type": "string" } }, "type": "object" } } } }, "responses": { "200": { "description": "OK" } }, "tags": [ "Order" ] } }, "/provisioning/api/v1/orders/{uid}/flag": { "delete": { "summary": "Remove priority flag from an order to normalize processing", "responses": { "200": { "description": "OK" } }, "tags": [ "Order" ] }, "parameters": [ { "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Mark an order as high priority or requiring special attention", "responses": { "200": { "description": "OK" } }, "tags": [ "Order" ] } }, "/repositories": { "get": { "operationId": "listRepositories", "summary": "Retrieve all container repositories available for edge computing", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/RepositoryModel" }, "type": "array" } } } } }, "tags": [ "Repository" ] } }, "/repositories/{reponame}": { "delete": { "summary": "Permanently remove a container repository and all its images", "responses": { "200": { "description": "OK" } }, "tags": [ "Repository" ] }, "get": { "operationId": "getRepository", "summary": "Retrieve available image tags and metadata for a specific repository", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/RepositoryTagModel" }, "type": "array" } } } } }, "tags": [ "Repository" ] }, "parameters": [ { "in": "path", "name": "reponame", "required": true, "schema": { "type": "string" } } ] }, "/repositories/{reponame}/{tag}": { "delete": { "summary": "Remove a specific image tag from a container repository", "responses": { "200": { "description": "OK" } }, "tags": [ "Repository" ] }, "parameters": [ { "in": "path", "name": "reponame", "required": true, "schema": { "type": "string" } }, { "in": "path", "name": "tag", "required": true, "schema": { "type": "string" } } ] }, "/stats/realtime/usage": { "get": { "operationId": "getRealtimeUsage", "summary": "Retrieve real-time network usage statistics and bandwidth metrics for nodes", "description": "Returns an array of usage data buckets for specified nodes within the specified time range and interval.", "parameters": [ { "description": "The relative start time for the data (e.g., \"-7 days\").", "in": "query", "name": "relative_start", "schema": { "type": "string" } }, { "description": "The relative end time for the data (e.g., \"now\").", "in": "query", "name": "relative_end", "schema": { "type": "string" } }, { "description": "The size of the time buckets in minutes.", "in": "query", "name": "intervalInMinutes", "schema": { "type": "string" } }, { "description": "The start time for the data in Unix timestamp format (if not using relative_start).", "in": "query", "name": "start", "schema": { "type": "integer", "format": "int64" } }, { "description": "The end time for the data in Unix timestamp format (if not using relative_end).", "in": "query", "name": "end", "schema": { "type": "integer", "format": "int64" } }, { "description": "The filters to apply when querying for nodes, like tags.", "in": "query", "name": "filters", "schema": { "type": "string" } } ], "responses": { "200": { "description": "An array of usage data buckets.", "content": { "application/json": { "schema": { "items": { "properties": { "bytes": { "description": "The number of bytes in the bucket.", "format": "int64", "type": "integer" }, "count": { "description": "The number of flows in the bucket.", "format": "int64", "type": "integer" }, "t": { "description": "The time of the bucket in Unix timestamp format.", "format": "int64", "type": "integer" } }, "type": "object" }, "type": "array" } } } } }, "tags": [ "Appliance" ] } }, "/tags": { "get": { "operationId": "listTags", "summary": "Retrieve all available metadata tags used for node and cluster organization", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Tag" }, "type": "array" } } } } }, "tags": [ "Tag" ] } }, "/tags/{tagName}": { "get": { "operationId": "getTag", "summary": "Retrieve details and usage information for a specific tag", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Tag" } } } }, "404": { "description": "Tag not found" } }, "tags": [ "Tag" ] }, "parameters": [ { "description": "Tag name", "in": "path", "name": "tagName", "required": true, "schema": { "type": "string" } } ] }, "/upgrade-manager/api/v1/upgrades": { "get": { "operationId": "listUpgrades", "summary": "Retrieve all firmware upgrade campaigns and their execution status", "description": "Requires `upgrade-manager::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Upgrade" }, "type": "array" } } } } }, "tags": [ "Upgrade Manager" ] }, "post": { "summary": "Create a new firmware upgrade campaign for multiple nodes", "description": "Requires `upgrade-manager::modify` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "description": "UID", "properties": { "uid": { "description": "Unique ID", "example": "a9f7cfec-da06-4822-b4ab-389e4ad51931", "type": "string" } }, "title": "UID", "type": "object" } } } } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/active": { "get": { "operationId": "getActiveUpgrade", "summary": "Retrieve the currently running firmware upgrade campaign", "description": "Requires `upgrade-manager::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Upgrade" } } } }, "404": { "description": "Not Found - no upgrade is active" } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/{upgradeID}": { "delete": { "summary": "Cancel and permanently remove an upgrade campaign", "description": "Requires `upgrade-manager::modify` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] }, "get": { "operationId": "getUpgrade", "summary": "Retrieve detailed status and progress of a specific upgrade campaign", "description": "Requires `upgrade-manager::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Upgrade" } } } }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] }, "parameters": [ { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify upgrade campaign settings and target selection criteria", "description": "Requires `upgrade-manager::modify` permission.", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/UpgradeUpdateParams" } } }, "description": "Upgrade Input", "required": true }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Upgrade" } } } }, "404": { "description": "Not Found" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/{upgradeID}/approve-failover": { "parameters": [ { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Authorize automatic failover of HA clusters during upgrade process", "description": "Requires `upgrade-manager::modify` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/{upgradeID}/complete": { "parameters": [ { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Manually mark an upgrade campaign as finished and finalize the process", "description": "Requires `upgrade-manager::modify` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/{upgradeID}/dismiss/{workflowID}": { "parameters": [ { "description": "Unique ID of workflow", "in": "path", "name": "workflowID", "required": true, "schema": { "type": "string" } }, { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Acknowledge and dismiss a failed or problematic upgrade workflow", "description": "Requires `upgrade-manager::modify` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/{upgradeID}/dryrun": { "parameters": [ { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Test an upgrade campaign by creating and executing a non-destructive simulation", "description": "Requires `upgrade-manager::modify` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "description": "UID", "properties": { "uid": { "description": "Unique ID", "example": "a9f7cfec-da06-4822-b4ab-389e4ad51931", "type": "string" } }, "title": "UID", "type": "object" } } } }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/{upgradeID}/logs": { "get": { "operationId": "getUpgradeLogs", "summary": "Retrieve detailed execution logs and error messages for an upgrade campaign", "description": "Requires `upgrade-manager::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/UpgradeLog" }, "type": "array" } } } }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] }, "parameters": [ { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ] }, "/upgrade-manager/api/v1/upgrades/{upgradeID}/note/{workflowID}": { "parameters": [ { "description": "Unique ID of workflow", "in": "path", "name": "workflowID", "required": true, "schema": { "type": "string" } }, { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Add administrative notes or comments to an upgrade workflow for tracking", "description": "Requires `upgrade-manager::modify` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Note", "type": "string" } } }, "description": "Note", "required": true }, "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/{upgradeID}/retry/{workflowID}": { "parameters": [ { "description": "Unique ID of workflow", "in": "path", "name": "workflowID", "required": true, "schema": { "type": "string" } }, { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Restart a failed upgrade workflow to attempt the operation again", "description": "Requires `upgrade-manager::modify` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] } }, "/upgrade-manager/api/v1/upgrades/{upgradeID}/start": { "parameters": [ { "description": "Unique ID of upgrade", "in": "path", "name": "upgradeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Begin execution of a configured upgrade campaign across target nodes", "description": "Requires `upgrade-manager::modify` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Upgrade Manager" ] } }, "/user": { "get": { "operationId": "listUsers", "summary": "Retrieve all users in the organization with their roles and permissions", "description": "Changes to users sometimes take a few minutes to appear while being indexed\n", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/UserModel" }, "type": "array" } } } } }, "tags": [ "User" ] }, "post": { "summary": "Send an invitation email to a new user to join the organization", "description": "For organizations using the default Trustgrid authentication provider, users must be **invited** and then they should sign up with the invited email address.\nFor custom IDP integrations, users should be **added** instead.\n", "requestBody": { "content": { "application/json": { "schema": { "properties": { "email": { "description": "User's email", "type": "string" }, "policyId": { "description": "ID of the policy to be applied to the user upon account creation", "type": "string" } }, "required": [ "email", "policyId" ], "type": "object" } } } }, "responses": { "200": { "description": "OK" } }, "tags": [ "User" ] } }, "/user/add": { "post": { "summary": "Directly add a user account for organizations with custom identity providers", "description": "Add a user. This is only available to organizations with custom IDP integrations.\n", "requestBody": { "content": { "application/json": { "schema": { "properties": { "email": { "description": "User's email", "type": "string" }, "idp": { "description": "ID of the IDP to be used for the user", "type": "string" }, "policyIds": { "description": "IDs of the policy/policies to be applied to the user", "items": { "type": "string" }, "type": "array" } }, "required": [ "email", "policyIds", "idp" ], "type": "object" } } } }, "responses": { "200": { "description": "OK" } }, "tags": [ "User" ] } }, "/user/{email}": { "delete": { "summary": "Permanently remove a user from the organization and revoke all access", "responses": { "200": { "description": "OK" }, "422": { "description": "Cannot delete root user", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "User" ] }, "parameters": [ { "description": "User email", "in": "path", "name": "email", "required": true, "schema": { "type": "string" } } ] }, "/user/{email}/policy": { "get": { "summary": "Retrieve the effective merged policy for a user", "description": "Returns the combined policy derived from all policies directly attached to the user plus those inherited via group membership.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Policy" } } } } }, "tags": [ "User" ] }, "parameters": [ { "description": "User email", "in": "path", "name": "email", "required": true, "schema": { "type": "string" } } ] }, "/user/{email}/policy/{name}": { "parameters": [ { "description": "User email", "in": "path", "name": "email", "required": true, "schema": { "type": "string" } }, { "description": "Policy name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Attach a named policy to a user", "description": "Adds `name` to the user's set of directly attached policies.\n\nPolicies whose names start with `restricted-` cannot be attached via this endpoint.\n\nRequires `permissions::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "User" ] }, "delete": { "summary": "Detach a named policy from a user", "description": "Requires `permissions::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "User" ] } }, "/user/{email}/groups": { "get": { "operationId": "listUserGroups", "summary": "Retrieve all groups that a specific user belongs to", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/GroupModel" }, "type": "array" } } } } }, "tags": [ "User" ] }, "parameters": [ { "description": "User email", "in": "path", "name": "email", "required": true, "schema": { "type": "string" } } ] }, "/v2/alarm": { "get": { "operationId": "listAlarms", "summary": "Retrieve all configured alarm filters and their trigger conditions", "description": "Requires `alarms::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/AlarmModel" }, "type": "array" } } } } }, "tags": [ "Alarm" ] }, "post": { "summary": "Create a new alarm filter to monitor events and trigger notifications", "description": "Requires `alarms::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/AlarmModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Alarm" ] } }, "/v2/alarm-channel": { "get": { "operationId": "listAlarmChannels", "summary": "Retrieve all configured notification channels for alarm delivery", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/AlarmChannelModel" }, "type": "array" } } } } }, "tags": [ "Alarm" ] }, "post": { "summary": "Configure a new notification channel for alarm delivery (email, Slack, etc.)", "requestBody": { "$ref": "#/components/requestBodies/AlarmChannelModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Alarm" ] } }, "/v2/alarm-channel/{uid}": { "delete": { "summary": "Permanently remove a notification channel configuration", "responses": { "200": { "description": "OK" } }, "tags": [ "Alarm" ] }, "get": { "operationId": "getAlarmChannel", "summary": "Retrieve configuration details for a specific notification channel", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AlarmChannelModel" } } } } }, "tags": [ "Alarm" ] }, "parameters": [ { "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify settings for an existing notification channel", "requestBody": { "$ref": "#/components/requestBodies/AlarmChannelModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Alarm" ] } }, "/v2/alarm/suppression": { "delete": { "summary": "Cancel an active alert suppression window and resume normal notifications", "responses": { "200": { "description": "OK" } }, "tags": [ "Alarm" ] }, "get": { "operationId": "getAlarmSuppression", "summary": "Retrieve current or upcoming alert suppression schedule details", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AlertSuppressionModel" } } } } }, "tags": [ "Alarm" ] }, "post": { "summary": "Schedule a time period to temporarily disable alarm notifications", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AlertSuppressionModel" } } }, "description": "Alarm channel body", "required": true }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Alarm" ] } }, "/v2/alarm/{uid}": { "delete": { "summary": "Permanently remove an alarm filter and stop monitoring conditions", "responses": { "200": { "description": "OK" } }, "tags": [ "Alarm" ] }, "get": { "operationId": "getAlarm", "summary": "Retrieve detailed configuration of a specific alarm filter", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AlarmModel" } } } } }, "tags": [ "Alarm" ] }, "parameters": [ { "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify trigger conditions and settings for an existing alarm filter", "requestBody": { "$ref": "#/components/requestBodies/AlarmModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Alarm" ] } }, "/v2/alert": { "get": { "operationId": "listAlertsV2", "summary": "Retrieve all recent security and operational alerts across the organization", "description": "Requires `alerts::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/AlertV2" }, "type": "array" } } } } }, "tags": [ "Alert" ] } }, "/v2/alert/{nodeID}": { "get": { "operationId": "listNodeAlertsV2", "summary": "Retrieve security and operational alerts specific to a single node", "description": "Requires `alerts::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/AlertV2" }, "type": "array" } } } } }, "tags": [ "Alert" ] }, "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/alert/{nodeID}/{alertType}": { "delete": { "summary": "Manually resolve and dismiss a specific alert type for a node", "description": "Requires `alerts::read` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Alert" ] }, "parameters": [ { "description": "Alert type, eg Node Disconnect", "in": "path", "name": "alertType", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/audit/flow-logs": { "get": { "operationId": "getFlowLogs", "summary": "Retrieve network traffic flow logs with advanced filtering and pagination", "description": "Requires `audits::read:flows` permission.", "parameters": [ { "description": "Unix timestamp for the start of the log window", "in": "query", "name": "sTime", "schema": { "type": "number" } }, { "description": "Unix timestamp for the end of the log window", "in": "query", "name": "eTime", "schema": { "type": "number" } }, { "description": "Comparison operator for the end of the log window", "in": "query", "name": "eTimeOp", "schema": { "type": "string", "enum": [ "eq", "ne", "gt", "gte", "lt", "lte" ] } }, { "description": "IP protocol", "in": "query", "name": "protocol", "schema": { "type": "string" } }, { "description": "Source IP address", "in": "query", "name": "srcIp", "schema": { "type": "string" } }, { "description": "Destination IP address", "in": "query", "name": "dstIp", "schema": { "type": "string" } }, { "description": "Source port", "in": "query", "name": "srcPort", "schema": { "type": "number" } }, { "description": "Comparison operator for the source port", "in": "query", "name": "srcPortOp", "schema": { "type": "string", "enum": [ "eq", "ne", "gt", "gte", "lt", "lte" ] } }, { "description": "Destination port", "in": "query", "name": "dstPort", "schema": { "type": "number" } }, { "description": "Comparison operator for the dest port", "in": "query", "name": "dstPortOp", "schema": { "type": "string", "enum": [ "eq", "ne", "gt", "gte", "lt", "lte" ] } }, { "description": "Maximum number of results to return", "in": "query", "name": "limit", "schema": { "type": "number" } }, { "description": "Source node name", "in": "query", "name": "srcNode", "schema": { "type": "string" } }, { "description": "Dest node name", "in": "query", "name": "dstNode", "schema": { "type": "string" } }, { "description": "Flow logging node ID", "in": "query", "name": "node", "schema": { "type": "string" } }, { "description": "Page of results to return", "in": "query", "name": "page", "schema": { "type": "string" } }, { "description": "Sort results, like `port:desc`", "in": "query", "name": "sort", "schema": { "type": "string" } }, { "description": "When true, newer flow logs will be listed first", "in": "query", "name": "reverse", "schema": { "type": "boolean" } }, { "description": "If provided, a flow must match at least one of the TCP flags provided. Decimal encoded, see flow log TCP flag encoding.", "in": "query", "name": "tcpFlags", "style": "form", "explode": false, "schema": { "type": "array", "items": { "type": "number" } } } ], "responses": { "200": { "description": "OK", "headers": { "x-total-count": { "description": "Total number of flows matching query", "schema": { "type": "number" } } }, "content": { "application/json": { "schema": { "items": { "description": "FlowLog", "properties": { "nodeId": { "description": "ID of the node that logged this flow", "type": "string" }, "sourceNode": { "description": "Source node name", "example": "mynode", "type": "string" }, "sourceIP": { "description": "Source IP address", "example": "2.2.2.2", "type": "string" }, "sourcePort": { "description": "Source port", "example": 1234, "type": "number" }, "sourceBytes": { "description": "Source bytes transferred", "example": 100, "type": "number" }, "destNode": { "description": "Destination node name", "example": "mynode", "type": "string" }, "destIP": { "description": "Destination IP address", "example": "1.1.1.1", "type": "string" }, "destPort": { "description": "Destination port", "example": 1234, "type": "number" }, "destBytes": { "description": "Destination bytes transferred", "example": 100, "type": "number" }, "startTime": { "description": "Start time of the flow (ISO 8601)", "example": "2022-11-01T22:46:01.765Z", "type": "string" }, "endTime": { "description": "End time of the flow (ISO 8601)", "example": "2022-11-01T22:46:02.730Z", "type": "string" }, "protocol": { "description": "Protocol", "enum": [ "TCP", "UDP", "ICMP", "UNKNOWN" ], "example": "TCP", "type": "string" }, "tcpFlags": { "description": "TCP flags as a bitmask encoded decimal string:\n* 0x01 - FIN\n* 0x02 - SYN\n* 0x04 - RST\n* 0x08 - PSH\n* 0x10 - ACK\n* 0x20 - URG", "example": "2", "type": "string" }, "flags": { "description": "Additional flow flags as a decimal string", "example": "40019", "type": "string" }, "activityID": { "description": "Threat Intelligence activity ID (if applicable)", "example": "9aa2bbc3-4265-475b-b977-c94b1ee25a1f", "type": "string" }, "meta": { "description": "Additional metadata (nullable)", "type": "object", "nullable": true } }, "type": "object" }, "type": "array" } } } } }, "tags": [ "Audit" ] } }, "/v2/certificates": { "get": { "operationId": "listCertificates", "summary": "Retrieve all TLS certificates and their expiration status", "description": "Requires `certificates::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Certificate" }, "type": "array" } } } } }, "tags": [ "Certificate" ] }, "post": { "summary": "Upload and install a new TLS certificate for secure communications", "description": "Requires `certificates::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/CertificateParts" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Certificate" ] } }, "/v2/certificates/{fqdn}": { "delete": { "summary": "Remove a TLS certificate and disable secure communications for the domain", "description": "Requires `certificates::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Certificate" ] }, "parameters": [ { "description": "FQDN of certificate", "in": "path", "name": "fqdn", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Replace an existing TLS certificate with an updated version", "description": "Requires `certificates::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/CertificateParts" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Certificate" ] } }, "/v2/cluster/{clusterFQDN}/exec/container": { "get": { "operationId": "listClusterContainers", "summary": "Retrieve all edge computing containers running on a cluster", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Container" }, "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Deploy a new containerized application to run on the cluster", "description": "Requires `node-exec::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/Container" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] } }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}": { "delete": { "summary": "Remove a containerized application from the cluster and stop execution", "description": "Requires `node-exec::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > Compute" ] }, "get": { "operationId": "getClusterContainer", "summary": "Get edge compute container configuration on a cluster", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Container" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a container", "description": "Requires `node-exec::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/Container" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] } }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/capability": { "get": { "operationId": "getClusterContainerCapabilities", "summary": "Retrieve security capabilities and permissions for a container", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerCapabilities" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/config": { "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update container config", "description": "Requires `node-exec::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/ContainerConfig" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] } }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/healthcheck": { "get": { "operationId": "getClusterContainerHealthCheck", "summary": "Get container health check", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerHealthCheck" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/interface": { "get": { "operationId": "listClusterContainerInterfaces", "summary": "List container interfaces", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerInterfaces" }, "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/limit": { "get": { "operationId": "listClusterContainerLimits", "summary": "List container limits", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerLimits" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/logging": { "get": { "operationId": "getClusterContainerLogging", "summary": "Get container logging configuration", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerLogging" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/mount": { "get": { "operationId": "listClusterContainerMounts", "summary": "List container mounts", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerMount" }, "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/port-mapping": { "get": { "operationId": "listClusterContainerPortMappings", "summary": "List container port mappings", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerPortMapping" }, "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/variable": { "get": { "operationId": "listClusterContainerVariables", "summary": "List container variables", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerVariable" }, "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/virtual-network": { "get": { "operationId": "listClusterContainerVirtualNetworks", "summary": "List container virtual networks", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerVirtualNetwork" }, "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/volume": { "get": { "operationId": "listClusterContainerVolumes", "summary": "List container volumes", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Volume" }, "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/container/{containerID}/vrf": { "get": { "operationId": "getClusterContainerVrf", "summary": "Get container VRF", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerVRF" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/exec/volume": { "get": { "operationId": "listClusterVolumes", "summary": "List volumes", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Volume" }, "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create volume", "description": "Requires `node-exec::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/Volume" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Cluster > Compute" ] } }, "/v2/cluster/{clusterFQDN}/exec/volume/{volumeName}": { "delete": { "summary": "Delete a volume", "description": "Requires `node-exec::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > Compute" ] }, "parameters": [ { "description": "Volume Name", "in": "path", "name": "volumeName", "required": true, "schema": { "type": "string" } }, { "description": "Node FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } } ] }, "/v2/cluster/{clusterFQDN}/vpn": { "get": { "operationId": "listClusterVpnNetworks", "summary": "List all VPN networks attached to a cluster, including IP assignments and routing", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnClusterNetworkModel" }, "type": "array" } } } } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" } ], "post": { "summary": "Attach a VPN network", "requestBody": { "$ref": "#/components/requestBodies/VpnNetworkUpdateModel2" }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnClusterNetworkInventoryModel" } } } }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}": { "delete": { "summary": "Delete a VPN network", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > VPN" ] }, "get": { "operationId": "getClusterVpnNetwork", "summary": "Get full details of a VPN network on a cluster, including routes, services, interfaces, and DNS", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnClusterNetworkInventoryModel" } } } } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN network", "requestBody": { "$ref": "#/components/requestBodies/VpnNetworkUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/dns": { "delete": { "summary": "Delete a VPN DNS configuration", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > VPN" ] }, "get": { "operationId": "getClusterVpnDns", "summary": "Get a VPN DNS configuration", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnClusterDnsModel" } } } } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN DNS configuration", "requestBody": { "$ref": "#/components/requestBodies/VpnDnsUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] }, "put": { "summary": "Update a VPN DNS configuration", "requestBody": { "$ref": "#/components/requestBodies/VpnDnsUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route": { "get": { "operationId": "listClusterVpnExportRoutes", "summary": "Get a VPN's dynamic export routes", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnClusterRouteModel" }, "type": "array" } } } } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN export route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/export-route/{uid}": { "delete": { "summary": "Delete a VPN export route", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Route ID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN export route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route": { "get": { "operationId": "listClusterVpnImportRoutes", "summary": "Get a VPN's dynamic import routes", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnClusterRouteModel" }, "type": "array" } } } } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN import route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/dynamic/import-route/{uid}": { "delete": { "summary": "Delete a VPN import route", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Route ID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN import route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/interface": { "get": { "operationId": "listClusterVpnInterfaces", "summary": "Get a VPN's interfaces", "description": "Get the list of interfaces attached to a VPN network on a cluster. Note: NATs within a VPN interface can share the same source and destination CIDRs provided they are differentiated by route metric. This is intentional and not a configuration error.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnClusterInterfaceModel" }, "type": "array" } } } } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN interface", "description": "`inDefaultRoute` and `outDefaultRoute` are mutually exclusive — set at most one to `true`.\n\nInside NATs (`insideNats`) rewrite traffic arriving from the VPN before it enters the local network.\nOutside NATs (`outsideNats`) rewrite traffic leaving the local network before it enters the VPN.\n\nAfter creating or updating a VPN interface, push the cluster config for the change to take effect.", "requestBody": { "$ref": "#/components/requestBodies/VpnInterfaceUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/interface/{interfaceName}": { "delete": { "summary": "Delete a VPN interface", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Interface name", "in": "path", "name": "interfaceName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN interface", "description": "`inDefaultRoute` and `outDefaultRoute` are mutually exclusive — set at most one to `true`.\n\nInside NATs (`insideNats`) rewrite traffic arriving from the VPN before it enters the local network.\nOutside NATs (`outsideNats`) rewrite traffic leaving the local network before it enters the VPN.\n\nAfter creating or updating a VPN interface, push the cluster config for the change to take effect.", "requestBody": { "$ref": "#/components/requestBodies/VpnInterfaceUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/route": { "get": { "operationId": "listClusterVpnRoutes", "summary": "Get a VPN's routes", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnClusterRouteModel" }, "type": "array" } } } } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/route/{uid}": { "delete": { "summary": "Delete a VPN route", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Route ID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/service": { "get": { "operationId": "listClusterVpnServices", "summary": "Get a VPN's services", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnClusterServiceModel" }, "type": "array" } } } } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN Service", "requestBody": { "$ref": "#/components/requestBodies/VpnServiceUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/cluster/{clusterFQDN}/vpn/{networkName}/service/{uid}": { "delete": { "summary": "Delete a Service", "responses": { "200": { "description": "OK" } }, "tags": [ "Cluster > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/clusterFQDN" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Service ID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a Service", "requestBody": { "$ref": "#/components/requestBodies/VpnServiceUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Cluster > VPN" ] } }, "/v2/domain/{domainName}/network": { "get": { "operationId": "listVirtualNetworks", "summary": "List virtual networks", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetwork" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks" ] }, "parameters": [ { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a virtual network network", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetwork" } } }, "description": "Virtual network configuration", "required": true }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks" ] } }, "/v2/domain/{domainName}/network/{networkName}": { "delete": { "summary": "Delete a virtual network - this change is not staged and will immediately affect the domain", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ] }, "/v2/domain/{domainName}/network/{networkName}/access-policy": { "get": { "operationId": "listNetworkAccessPolicies", "summary": "List a virtual network's access policies", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkAccessPolicy" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Access Policy" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a network access policy", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkAccessPolicy" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Access Policy" ] } }, "/v2/domain/{domainName}/network/{networkName}/access-policy/{accessPolicyID}": { "delete": { "summary": "Delete a network access policy", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Access Policy" ] }, "parameters": [ { "description": "Unique ID of access policy", "in": "path", "name": "accessPolicyID", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a network access policy", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkAccessPolicy" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Access Policy" ] } }, "/v2/domain/{domainName}/network/{networkName}/auth-group": { "get": { "operationId": "listNetworkAuthGroups", "summary": "List a network's auth groups", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkAuthorizationGroup" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Auth Group" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a network auth group", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkAuthorizationGroup" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Auth Group" ] } }, "/v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}": { "delete": { "summary": "Delete a network auth group", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "Auth Group" ] }, "get": { "operationId": "getNetworkAuthGroup", "summary": "List a network auth group's members", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkAuthorizationGroupMembership" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Auth Group" ] }, "parameters": [ { "description": "Network auth group name", "in": "path", "name": "groupName", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Add a network auth group member", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkAuthorizationGroupMembership" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Auth Group" ] }, "put": { "summary": "Update a network auth group", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkAuthorizationGroup" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Auth Group" ] } }, "/v2/domain/{domainName}/network/{networkName}/auth-group/{groupName}/{memberID}": { "delete": { "summary": "Remove a network auth group member", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "Auth Group" ] }, "parameters": [ { "description": "Group member ID", "in": "path", "name": "memberID", "required": true, "schema": { "type": "string" } }, { "description": "Network auth group name", "in": "path", "name": "groupName", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a membership", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkAuthorizationGroupMembership" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Auth Group" ] } }, "/v2/domain/{domainName}/network/{networkName}/change": { "get": { "operationId": "listNetworkChanges", "summary": "List staged changes awaiting commit", "description": "Returns staged (uncommitted) changes to the virtual network. Changes are staged before being committed via the change/commit endpoint. Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/VirtualNetworkInventory" } } } } } }, "tags": [ "Domain", "Virtual Networks", "Change Management" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ] }, "/v2/domain/{domainName}/network/{networkName}/change/commit": { "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Commit staged changes", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "digest", "properties": { "digest": { "description": "Digest of the network and its changes", "example": "55ca6286e3e4f4fba5d0448333fa99fc5a404a73", "type": "string" } }, "type": "object" } } }, "description": "Digest", "required": true }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Change Management" ] } }, "/v2/domain/{domainName}/network/{networkName}/change/validate": { "get": { "operationId": "validateNetworkChanges", "summary": "List validation errors for staged changes", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "description": "digest", "properties": { "digest": { "description": "Digest of the network and its changes", "example": "55ca6286e3e4f4fba5d0448333fa99fc5a404a73", "type": "string" } }, "type": "object" } } } }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Change Management" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ] }, "/v2/domain/{domainName}/network/{networkName}/change/{changeID}": { "delete": { "summary": "Revert a staged change. If the item is newly added and not committed, the item will be deleted along with any associated changes.", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "Change Management" ] }, "parameters": [ { "description": "Change ID", "in": "path", "name": "changeID", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ] }, "/v2/domain/{domainName}/network/{networkName}/dns": { "get": { "operationId": "getNetworkDns", "summary": "Get a network's DNS configuration", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkDNSConfiguration" } } } } }, "tags": [ "Domain", "Virtual Networks", "DNS" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a network's DNS configuration", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkDNSConfiguration" } } }, "description": "DNS configuration", "required": true }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "DNS" ] } }, "/v2/domain/{domainName}/network/{networkName}/dns-zone": { "get": { "operationId": "listNetworkDnsZones", "summary": "List a network's DNS zones", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkDNSZone" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "DNS Zone" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a DNS zone", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkDNSZone" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "DNS Zone" ] } }, "/v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}": { "delete": { "summary": "Delete a DNS zone", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "DNS Zone" ] }, "parameters": [ { "description": "DNS zone name", "in": "path", "name": "zoneName", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a DNS zone", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkDNSZone" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "DNS Zone" ] } }, "/v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record": { "get": { "operationId": "listNetworkDnsRecords", "summary": "List a network zone's DNS records", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkDNSRecord" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "DNS Record" ] }, "parameters": [ { "description": "DNS zone name", "in": "path", "name": "zoneName", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a DNS record", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkDNSRecord" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "DNS Record" ] } }, "/v2/domain/{domainName}/network/{networkName}/dns-zone/{zoneName}/dns-record/{recordName}/{recordType}": { "delete": { "summary": "Delete a DNS record", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "DNS Record" ] }, "parameters": [ { "description": "DNS record type", "in": "path", "name": "recordType", "required": true, "schema": { "type": "string" } }, { "description": "DNS record name", "in": "path", "name": "recordName", "required": true, "schema": { "type": "string" } }, { "description": "DNS zone name", "in": "path", "name": "zoneName", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a DNS record", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkDNSRecord" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "DNS Record" ] } }, "/v2/domain/{domainName}/network/{networkName}/network-group": { "get": { "operationId": "listNetworkGroups", "summary": "List a network's groups", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkGroup" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Network Group" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a network group", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkGroup" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Network Group" ] } }, "/v2/domain/{domainName}/network/{networkName}/network-group/{groupName}": { "delete": { "summary": "Delete a network group", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "Network Group" ] }, "get": { "operationId": "getNetworkGroup", "summary": "List a network's group memberships", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkGroupMembership" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Network Group" ] }, "parameters": [ { "description": "Network group name", "in": "path", "name": "groupName", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a network group", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkGroup" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Network Group" ] } }, "/v2/domain/{domainName}/network/{networkName}/network-group/{groupName}/{objectName}": { "delete": { "summary": "Remove a network object from a network group", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "Network Group" ] }, "parameters": [ { "description": "Network object name", "in": "path", "name": "objectName", "required": true, "schema": { "type": "string" } }, { "description": "Network group name", "in": "path", "name": "groupName", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Add a network object to a network group (represented by a network group membership", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "Network Group" ] } }, "/v2/domain/{domainName}/network/{networkName}/network-object": { "get": { "operationId": "listNetworkObjects", "summary": "List a network's objects", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkObject" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Network Object" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a network object", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkObject" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Network Object" ] } }, "/v2/domain/{domainName}/network/{networkName}/network-object/{objectName}": { "delete": { "summary": "Delete a network object", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Domain", "Virtual Networks", "Network Object" ] }, "parameters": [ { "description": "Network object name", "in": "path", "name": "objectName", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a network object", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkObject" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Network Object" ] } }, "/v2/domain/{domainName}/network/{networkName}/port-forwarding": { "get": { "operationId": "listNetworkPortForwardings", "summary": "List a network's port forwardings", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/PortForwarding" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Port Forwarding" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a port forwarding", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/PortForwarding" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Port Forwarding" ] } }, "/v2/domain/{domainName}/network/{networkName}/port-forwarding/{portForwardingID}": { "delete": { "summary": "Get a port forwarding", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PortForwarding" } } } } }, "tags": [ "Domain", "Virtual Networks", "Port Forwarding" ] }, "parameters": [ { "description": "Port forwarding ID", "in": "path", "name": "portForwardingID", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a port forwarding", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/PortForwarding" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Port Forwarding" ] } }, "/v2/domain/{domainName}/network/{networkName}/route": { "get": { "operationId": "listNetworkRoutes", "summary": "List a network's routes", "description": "Requires `virtual-networks::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VirtualNetworkRoute" }, "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Route" ] }, "parameters": [ { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a network route", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkRoute" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Route" ] } }, "/v2/domain/{domainName}/network/{networkName}/route/{routeID}": { "delete": { "summary": "Delete a network route", "description": "Requires `virtual-networks::modify` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Domain", "Virtual Networks", "Route" ] }, "parameters": [ { "description": "Route ID", "in": "path", "name": "routeID", "required": true, "schema": { "type": "string" } }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Domain name", "in": "path", "name": "domainName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a network route", "description": "Requires `virtual-networks::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VirtualNetworkRoute" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Domain", "Virtual Networks", "Route" ] } }, "/v2/event": { "get": { "operationId": "listEvents", "summary": "List audit events across the organization filtered by time range and type", "description": "Returns a paginated list of audit events (node connects/disconnects,\nconfig changes, certificate warnings, order updates, etc.) within a\ntime window. Supports filtering by node, event type, level, and item\ntype. Use `sTime`/`eTime` for the time range (ISO 8601).\n\n---\n\nRequires `events::read` permission.", "parameters": [ { "description": "ISO 8601 datetime string for the start of the range (e.g. `2025-01-01T05:00:00.000Z`)", "in": "query", "name": "sTime", "schema": { "type": "string" } }, { "description": "ISO 8601 datetime string for the end of the range (e.g. `2025-01-01T05:00:00.000Z`)", "in": "query", "name": "eTime", "schema": { "type": "string" } }, { "description": "Node IDs to filter events for (optional)", "in": "query", "name": "nodeIDs", "style": "form", "explode": false, "schema": { "type": "array", "items": { "type": "string" } } }, { "description": "Event type(s) filter (optional)", "in": "query", "name": "eventTypes", "style": "form", "explode": false, "schema": { "type": "array", "items": { "type": "string" } } }, { "description": "Event level(s) filter (optional)", "in": "query", "name": "levels", "style": "form", "explode": false, "schema": { "type": "array", "items": { "type": "string", "enum": [ "INFO", "WARNING", "ERROR", "CRITICAL" ] } } }, { "description": "Item Type(s) filter (optional)", "in": "query", "name": "itemTypes", "style": "form", "explode": false, "schema": { "type": "array", "items": { "type": "string", "enum": [ "Node", "Certificate", "Order", "Upgrade", "AlertSuppression" ] } } }, { "description": "Maximum number of results to return", "in": "query", "name": "limit", "schema": { "type": "number" } }, { "description": "Page of results to return", "in": "query", "name": "page", "schema": { "type": "string" } }, { "description": "Sort results, like `level:desc or eventType:asc`", "in": "query", "name": "sort", "schema": { "type": "string" } }, { "description": "Full text search of events", "in": "query", "name": "q", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "headers": { "x-total-count": { "description": "Total number of filtered events", "schema": { "type": "number" } } }, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/EventModel" } } } } } }, "tags": [ "Alert" ] } }, "/v2/event/{nodeId}": { "get": { "operationId": "listNodeEvents", "summary": "Get all events by time range for a Node", "description": "Requires `events::read` permission.", "parameters": [ { "description": "ISO 8601 datetime string for the start of the range (e.g. `2025-01-01T05:00:00.000Z`)", "in": "query", "name": "sTime", "schema": { "type": "string" } }, { "description": "ISO 8601 datetime string for the end of the range (e.g. `2025-01-01T05:00:00.000Z`)", "in": "query", "name": "eTime", "schema": { "type": "string" } }, { "description": "Event type(s) filter (optional)", "in": "query", "name": "eventTypes", "style": "form", "explode": false, "schema": { "type": "array", "items": { "type": "string" } } }, { "description": "Event level(s) filter (optional)", "in": "query", "name": "levels", "style": "form", "explode": false, "schema": { "type": "array", "items": { "type": "string", "enum": [ "INFO", "WARNING", "ERROR", "CRITICAL" ] } } }, { "description": "Maximum number of results to return", "in": "query", "name": "limit", "schema": { "type": "number" } }, { "description": "Page of results to return", "in": "query", "name": "page", "schema": { "type": "string" } }, { "description": "Sort results, like `level:desc or eventType:asc`", "in": "query", "name": "sort", "schema": { "type": "string" } }, { "description": "Full text search of events", "in": "query", "name": "q", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK", "headers": { "x-total-count": { "description": "Total number of filtered node events", "schema": { "type": "number" } } }, "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/EventModel" } } } } } }, "tags": [ "Alert" ] }, "parameters": [ { "in": "path", "name": "nodeId", "required": true, "schema": { "type": "string" } } ] }, "/v2/event/{nodeId}/{eventId}": { "parameters": [ { "in": "path", "name": "nodeId", "required": true, "schema": { "type": "string" } }, { "in": "path", "name": "eventId", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Validate if a specific event would trigger configured alarm filters", "responses": { "200": { "description": "OK" } }, "tags": [ "Alert" ] } }, "/v2/idp": { "get": { "operationId": "listIdps", "summary": "Retrieve all configured identity providers for user authentication", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/IdentityProviderModel" }, "type": "array" } } } } }, "tags": [ "IDP" ] }, "post": { "summary": "Configure a new identity provider for external user authentication", "requestBody": { "$ref": "#/components/requestBodies/IdentityProviderUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "IDP" ] } }, "/v2/idp/openid/{idpID}": { "parameters": [ { "description": "IDP ID", "in": "path", "name": "idpID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Configure OpenID Connect authentication settings for an identity provider", "description": "Requires `identity-providers::modify` permission.", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OpenIDConfig" } } }, "description": "OpenID config" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "IDP" ] } }, "/v2/idp/saml/{idpID}": { "parameters": [ { "description": "IDP ID", "in": "path", "name": "idpID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Configure SAML 2.0 authentication settings for an identity provider", "description": "Requires `identity-providers::modify` permission.", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SAMLConfig" } } }, "description": "SAML config" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "IDP" ] } }, "/v2/idp/{uid}": { "delete": { "summary": "Remove an identity provider and disable external authentication", "responses": { "200": { "description": "OK" } }, "tags": [ "IDP" ] }, "get": { "operationId": "getIdp", "summary": "Retrieve configuration details for a specific identity provider", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IdentityProviderModel" } } } } }, "tags": [ "IDP" ] }, "parameters": [ { "description": "Identity provider UID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify authentication settings for an existing identity provider", "requestBody": { "$ref": "#/components/requestBodies/IdentityProviderUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "IDP" ] } }, "/v2/node/{nodeID}/data-store": { "delete": { "summary": "Delete a file or directory", "description": "Requires `nodes::service:datastore-manager` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "mkdir", "properties": { "filename": { "description": "filename", "type": "string" } }, "required": [ "filename" ], "type": "object" } } }, "description": "rm" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] }, "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/data-store/http-download": { "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Copy a file from an HTTP location to the data store", "description": "Requires `nodes::service:datastore-manager` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Data Store HTTP Download Request", "properties": { "algo": { "description": "Hashing algorithm of the file - MD5, SHA1, or SHA-256", "example": "MD5", "type": "string" }, "filename": { "description": "Target filename", "example": "file.iso", "type": "string" }, "hash": { "description": "Hash of the file", "example": "07c43d77ab8d30cee094ce09b14f87fa", "type": "string" }, "location": { "description": "Target destination directory in data store", "example": "/isos", "type": "string" }, "uri": { "description": "URI of source file", "example": "http://example.com/file.iso", "type": "string" } }, "type": "object" } } }, "description": "Download config" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/v2/node/{nodeID}/data-store/http-upload": { "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Upload a file from the node to an HTTP endpoint", "description": "Requires `nodes::service:datastore-manager` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Data Store HTTP Upload Request", "properties": { "filePath": { "description": "File path in data store", "example": "file.iso", "type": "string" }, "multipart": { "description": "Multipart upload", "example": false, "type": "boolean" }, "uri": { "description": "Destination URI", "example": "http://example.com/file.iso", "type": "string" } }, "type": "object" } } }, "description": "Upload config" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/v2/node/{nodeID}/data-store/list": { "get": { "operationId": "listNodeDataStoreContents", "summary": "List the data store contents", "description": "Requires `nodes::service:datastore-manager` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "description": "File List", "properties": { "files": { "items": { "$ref": "#/components/schemas/DataStoreFile" }, "type": "array" } }, "type": "object" } } } } }, "tags": [ "Appliance" ] }, "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/data-store/mkdir": { "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a directory", "description": "Requires `nodes::service:datastore-manager` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "mkdir", "properties": { "filename": { "description": "filename", "type": "string" } }, "required": [ "filename" ], "type": "object" } } }, "description": "mkdir" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/v2/node/{nodeID}/data-store/s3-download": { "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Copy a file from S3 to the data store", "description": "Requires `nodes::service:datastore-manager` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Data Store S3 Download Request", "properties": { "location": { "description": "Target destination in data store", "example": "your-file.iso", "type": "string" }, "uri": { "description": "S3 location of source file", "example": "s3://your-bucket/your-file.iso", "type": "string" } }, "type": "object" } } }, "description": "Download config" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/v2/node/{nodeID}/data-store/s3-upload": { "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Upload a file from the node to an S3 bucket", "description": "Requires `nodes::service:datastore-manager` permission.", "requestBody": { "content": { "application/json": { "schema": { "description": "Data Store S3 Upload Request", "properties": { "bucketDest": { "description": "S3 destination", "example": "s3://your-bucket/your-destination.iso", "type": "string" }, "filePath": { "description": "File path in data store", "example": "file.iso", "type": "string" } }, "type": "object" } } }, "description": "Upload config" }, "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance" ] } }, "/v2/node/{nodeID}/data-store/tasks": { "get": { "operationId": "listNodeDataStoreTasks", "summary": "List recent data store activity", "description": "Requires `nodes::service:datastore-manager` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "description": "Task List", "properties": { "tasks": { "items": { "$ref": "#/components/schemas/DataStoreTask" }, "type": "array" } }, "type": "object" } } } } }, "tags": [ "Appliance" ] }, "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container": { "get": { "operationId": "listNodeContainers", "summary": "List containers", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Container" }, "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a container", "description": "Requires `node-exec::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/Container" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] } }, "/v2/node/{nodeID}/exec/container/{containerID}": { "delete": { "summary": "Delete a container", "description": "Requires `node-exec::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > Compute" ] }, "get": { "operationId": "getNodeContainer", "summary": "Get edge compute container configuration on a node", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Container" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a container", "description": "Requires `node-exec::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/Container" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] } }, "/v2/node/{nodeID}/exec/container/{containerID}/capability": { "get": { "operationId": "getNodeContainerCapabilities", "summary": "Get container capabilities", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerCapabilities" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/config": { "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update container config", "description": "Requires `node-exec::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/ContainerConfig" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] } }, "/v2/node/{nodeID}/exec/container/{containerID}/healthcheck": { "get": { "operationId": "getNodeContainerHealthCheck", "summary": "Get container health check", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerHealthCheck" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/interface": { "get": { "operationId": "listNodeContainerInterfaces", "summary": "List container interfaces", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerInterfaces" }, "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/limit": { "get": { "operationId": "listNodeContainerLimits", "summary": "List container limits", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerLimits" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/logging": { "get": { "operationId": "getNodeContainerLogging", "summary": "Get container logging configuration", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerLogging" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/mount": { "get": { "operationId": "listNodeContainerMounts", "summary": "List container mounts", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerMount" }, "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/port-mapping": { "get": { "operationId": "listNodeContainerPortMappings", "summary": "List container port mappings", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerPortMapping" }, "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/variable": { "get": { "operationId": "listNodeContainerVariables", "summary": "List container variables", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerVariable" }, "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/virtual-network": { "get": { "operationId": "listNodeContainerVirtualNetworks", "summary": "List container virtual networks", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/ContainerVirtualNetwork" }, "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/volume": { "get": { "operationId": "listNodeContainerVolumes", "summary": "List container volumes", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Volume" }, "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/container/{containerID}/vrf": { "get": { "operationId": "getNodeContainerVrf", "summary": "Get container VRF", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerVRF" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Container ID", "in": "path", "name": "containerID", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/exec/volume": { "get": { "operationId": "listNodeVolumes", "summary": "List volumes", "description": "Requires `node-exec::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Volume" }, "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create volume", "description": "Requires `node-exec::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/Volume" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Appliance > Compute" ] } }, "/v2/node/{nodeID}/exec/volume/{volumeName}": { "delete": { "summary": "Delete a volume", "description": "Requires `node-exec::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > Compute" ] }, "parameters": [ { "description": "Volume Name", "in": "path", "name": "volumeName", "required": true, "schema": { "type": "string" } }, { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } ] }, "/v2/node/{nodeID}/plugin-logs/gateway-details": { "get": { "operationId": "getNodeGatewayDetails", "summary": "Get per-minute gateway RTT telemetry for a node's VPN peer connections", "description": "Returns time-series RTT (round-trip time) statistics for each VPN peer\nthe node is connected to. Each element covers one minute bucket.\nResults are only available for online appliance nodes.\n\n---\n\nRequires `nodes::read` permission.", "tags": [ "Appliance" ], "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "type": "array", "items": { "type": "object", "properties": { "stats": { "description": "Per-peer RTT measurements for this time bucket", "type": "array", "items": { "type": "object", "properties": { "time": { "description": "Unix timestamp in milliseconds of the start of the 1-minute interval. Note: query params startDate/endDate use Unix seconds.", "type": "number" }, "node": { "description": "Friendly name of the VPN peer node being measured", "type": "string" }, "numRtt": { "description": "Number of RTT probes sent in this interval", "type": "number" }, "minRtt": { "description": "Minimum round-trip time in milliseconds", "type": "number" }, "maxRtt": { "description": "Maximum round-trip time in milliseconds", "type": "number" }, "meanRtt": { "description": "Mean round-trip time in milliseconds", "type": "number" }, "stdRtt": { "description": "Standard deviation of RTT in milliseconds", "type": "number" }, "hops": { "description": "Per-hop traceroute telemetry, if available", "type": "array", "items": { "type": "object", "properties": { "hop": { "description": "Hop number (1-based)", "type": "number" }, "ip": { "description": "IP address of this hop", "type": "string" }, "fqdn": { "description": "Reverse DNS name of this hop, if resolved", "type": "string" }, "minRtt": { "type": "number" }, "maxRtt": { "type": "number" }, "meanRtt": { "type": "number" }, "numRtt": { "type": "number" } } } } } } } } } } } } } } }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Start of the time range as a Unix timestamp (seconds)", "in": "query", "name": "startDate", "required": true, "schema": { "type": "number" } }, { "description": "End of the time range as a Unix timestamp (seconds)", "in": "query", "name": "endDate", "required": true, "schema": { "type": "number" } } ] }, "/v2/node/{nodeID}/vpn": { "get": { "operationId": "listNodeVpnNetworks", "summary": "List all VPN networks attached to a node, including IP assignments and routing", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnNodeNetworkModel" }, "type": "array", "description": "" } } } } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "post": { "summary": "Attach a VPN network", "requestBody": { "$ref": "#/components/requestBodies/VpnNetworkUpdateModel2" }, "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnNodeNetworkInventoryModel" } } } }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}": { "delete": { "summary": "Delete a VPN network", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > VPN" ] }, "get": { "operationId": "getNodeVpnNetwork", "summary": "Get full details of a VPN network on a node, including routes, services, interfaces, DNS, and WireGuard config", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnNodeNetworkInventoryModel" } } } } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN network", "requestBody": { "$ref": "#/components/requestBodies/VpnNetworkUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/dns": { "delete": { "summary": "Delete a VPN DNS configuration", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > VPN" ] }, "get": { "operationId": "getNodeVpnDns", "summary": "Get a VPN's DNS configuration", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnNodeDnsModel" } } } } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN DNS configuration", "requestBody": { "$ref": "#/components/requestBodies/VpnDnsUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] }, "put": { "summary": "Update a VPN DNS configuration", "requestBody": { "$ref": "#/components/requestBodies/VpnDnsUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route": { "get": { "operationId": "listNodeVpnExportRoutes", "summary": "Get a VPN's dynamic export routes", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnNodeRouteModel" }, "type": "array" } } } } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN export route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/dynamic/export-route/{uid}": { "delete": { "summary": "Delete a VPN export route", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Route ID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN export route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route": { "get": { "operationId": "listNodeVpnImportRoutes", "summary": "Get a VPN's dynamic import routes", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnNodeRouteModel" }, "type": "array" } } } } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN import route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/dynamic/import-route/{uid}": { "delete": { "summary": "Delete a VPN import route", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Route ID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN import route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/interface": { "get": { "operationId": "listNodeVpnInterfaces", "summary": "Get a VPN's interfaces", "description": "Get the list of interfaces attached to a VPN network on a node. Note: NATs within a VPN interface can share the same source and destination CIDRs provided they are differentiated by route metric. This is intentional and not a configuration error.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnNodeInterfaceModel" }, "type": "array" } } } } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN interface", "description": "`inDefaultRoute` and `outDefaultRoute` are mutually exclusive — set at most one to `true`.\n\nInside NATs (`insideNats`) rewrite traffic arriving from the VPN before it enters the local network.\nOutside NATs (`outsideNats`) rewrite traffic leaving the local network before it enters the VPN.\n\nAfter creating or updating a VPN interface, push the node config for the change to take effect.", "requestBody": { "$ref": "#/components/requestBodies/VpnInterfaceUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/interface/{interfaceName}": { "delete": { "summary": "Delete a VPN interface", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Interface name", "in": "path", "name": "interfaceName", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN interface", "description": "`inDefaultRoute` and `outDefaultRoute` are mutually exclusive — set at most one to `true`.\n\nInside NATs (`insideNats`) rewrite traffic arriving from the VPN before it enters the local network.\nOutside NATs (`outsideNats`) rewrite traffic leaving the local network before it enters the VPN.\n\nAfter creating or updating a VPN interface, push the node config for the change to take effect.", "requestBody": { "$ref": "#/components/requestBodies/VpnInterfaceUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/route": { "get": { "operationId": "listNodeVpnRoutes", "summary": "Get a VPN's routes", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnNodeRouteModel" }, "type": "array" } } } } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/route/{uid}": { "delete": { "summary": "Delete a VPN route", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Route ID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a VPN route", "requestBody": { "$ref": "#/components/requestBodies/VpnRouteUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/service": { "get": { "operationId": "listNodeVpnServices", "summary": "Get a VPN's services", "description": "Requires `node-vpn::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/VpnNodeServiceModel" }, "type": "array" } } } } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Create a VPN Service", "description": "Requires `node-vpn::modify` permission.", "requestBody": { "$ref": "#/components/requestBodies/VpnServiceUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/vpn/{networkName}/service/{uid}": { "delete": { "summary": "Delete a VPN Service", "description": "Requires `node-vpn::modify` permission.", "responses": { "200": { "description": "OK" } }, "tags": [ "Appliance > VPN" ] }, "parameters": [ { "$ref": "#/components/parameters/nodeID" }, { "description": "Network name", "in": "path", "name": "networkName", "required": true, "schema": { "type": "string" } }, { "description": "Service ID", "in": "path", "name": "uid", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Update a Service", "requestBody": { "$ref": "#/components/requestBodies/VpnServiceUpdateModel" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation Failed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance > VPN" ] } }, "/v2/node/{nodeID}/lifecycle-state": { "parameters": [ { "$ref": "#/components/parameters/nodeID" } ], "put": { "summary": "Update the lifecycle state of a specific node", "description": "Update the lifecycle state for a node (appliance or agent).\n\n---\n\nRequires `nodes::manage` permission.", "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/LifecycleStateRequest" } } }, "description": "Lifecycle state update", "required": true }, "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" }, "422": { "description": "Validation error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ValidationFailed" } } } } }, "tags": [ "Appliance", "Agent" ] } }, "/v2/policy": { "get": { "operationId": "listPolicies", "summary": "Retrieve all access control policies and their permission rules", "description": "Requires `permissions::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "items": { "$ref": "#/components/schemas/Policy" }, "type": "array" } } } } }, "tags": [ "Permissions" ] }, "post": { "summary": "Create a new access control policy with specified permissions and conditions", "description": "Requires `permissions::modify` permission.\n\n`resources` is a top-level field on the policy object, not nested inside `statements`.\n\nResource names use TGRN format, e.g. `tgrn:tg::nodes:node/{uid}` or `tgrn:tg::access-apps:app/{uid}`. Use `*` to match all resources of a type.\n\nAction names must match the exact permission identifier accepted by the API, e.g. `nodes::configure:apigw`.", "requestBody": { "$ref": "#/components/requestBodies/Policy" }, "responses": { "200": { "description": "OK" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Permissions" ] } }, "/v2/policy/{name}": { "delete": { "summary": "Remove an access control policy and revoke associated permissions", "description": "Requires `permissions::modify` permission.", "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" } }, "tags": [ "Permissions" ] }, "get": { "operationId": "getPolicy", "summary": "Retrieve detailed configuration of a specific access control policy", "description": "Requires `permissions::read` permission.", "responses": { "200": { "description": "OK", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Policy" } } } }, "404": { "description": "Not Found" } }, "tags": [ "Permissions" ] }, "parameters": [ { "description": "Policy name", "in": "path", "name": "name", "required": true, "schema": { "type": "string" } } ], "put": { "summary": "Modify permissions and conditions for an existing access control policy", "description": "Requires `permissions::modify` permission.\n\n`resources` is a top-level field on the policy object, not nested inside `statements`.\n\nResource names use TGRN format, e.g. `tgrn:tg::nodes:node/{uid}` or `tgrn:tg::access-apps:app/{uid}`. Use `*` to match all resources of a type.\n\nAction names must match the exact permission identifier accepted by the API, e.g. `nodes::configure:apigw`.", "requestBody": { "$ref": "#/components/requestBodies/Policy" }, "responses": { "200": { "description": "OK" }, "404": { "description": "Not Found" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "Permissions" ] } }, "/v2/user/{email}/groups": { "parameters": [ { "description": "User email", "in": "path", "name": "email", "required": true, "schema": { "type": "string" } } ], "post": { "summary": "Add a user to a group and grant associated permissions", "requestBody": { "content": { "application/json": { "schema": { "properties": { "groupId": { "description": "Group ID", "type": "string" } }, "required": [ "groupId" ], "type": "object" } } } }, "responses": { "200": { "description": "OK" } }, "tags": [ "User" ] } }, "/v2/user/{email}/groups/{group}": { "delete": { "summary": "Remove a user from a group and revoke associated permissions", "responses": { "200": { "description": "OK" } }, "tags": [ "User" ] }, "parameters": [ { "description": "User email", "in": "path", "name": "email", "required": true, "schema": { "type": "string" } }, { "description": "Group ID", "in": "path", "name": "group", "required": true, "schema": { "type": "string" } } ] }, "/v2/service-user/{name}": { "get": { "operationId": "getServiceUser", "summary": "Retrieve configuration details for a specific service account", "parameters": [ { "name": "name", "in": "path", "required": true, "description": "The name of the service user", "schema": { "type": "string" } } ], "responses": { "200": { "description": "A service user", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ServiceUser" } } } }, "404": { "description": "Service user not found" } }, "tags": [ "ServiceUser" ] } }, "/v2/service-user/{name}/token": { "post": { "summary": "Generate new API credentials (client ID and secret) for a service account", "parameters": [ { "name": "name", "in": "path", "required": true, "description": "The name of the service user", "schema": { "type": "string" } } ], "responses": { "200": { "description": "API credentials", "content": { "application/json": { "schema": { "type": "object", "properties": { "clientId": { "type": "string" }, "secret": { "type": "string" } } } } } }, "404": { "description": "Service user not found" } }, "tags": [ "ServiceUser" ] } }, "/v2/service-user": { "get": { "operationId": "listServiceUsers", "summary": "Retrieve all API-only service accounts configured for the organization", "responses": { "200": { "description": "A list of service users", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ServiceUser" } } } } } }, "tags": [ "ServiceUser" ] }, "post": { "summary": "Create a new API-only service account with specified permissions", "requestBody": { "content": { "application/json": { "schema": { "type": "object", "properties": { "name": { "type": "string" }, "policyIds": { "type": "array", "items": { "type": "string" } } } } } }, "required": true }, "responses": { "201": { "description": "Service user created", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ServiceUser" } } } }, "400": { "description": "Invalid input" } }, "tags": [ "ServiceUser" ] } }, "/v2/observability-exporter": { "get": { "operationId": "listObservabilityExporters", "summary": "Retrieve all configured telemetry data exporters for external monitoring systems", "description": "Requires `observability::read` permission and Organization `observability` feature needs to be enabled.", "responses": { "200": { "description": "A list of observability exporters", "content": { "application/json": { "schema": { "type": "array", "items": { "$ref": "#/components/schemas/ObservabilityExporter" } } } } } }, "tags": [ "ObservabilityExporter" ] }, "post": { "summary": "Configure a new telemetry data exporter for external monitoring integration", "description": "Requires `observability::modify` permission and Organization `observability` feature needs to be enabled.", "requestBody": { "$ref": "#/components/requestBodies/ObservabilityExporter" }, "responses": { "200": { "description": "Observability exporter created", "content": { "application/json": { "schema": { "type": "object", "properties": { "uid": { "type": "string" } } } } } }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "ObservabilityExporter" ] } }, "/v2/observability-exporter/{id}": { "get": { "operationId": "getObservabilityExporter", "summary": "Retrieve configuration details for a specific telemetry data exporter", "description": "Requires `observability::read` permission and Organization `observability` feature needs to be enabled.", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "The id of the observability exporter", "schema": { "type": "string" } } ], "responses": { "200": { "description": "An observability exporter", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ObservabilityExporter" } } } }, "404": { "description": "Observability exporter not found" } }, "tags": [ "ObservabilityExporter" ] }, "put": { "summary": "Modify settings for an existing telemetry data exporter", "description": "Requires `observability::modify` permission and Organization `observability` feature needs to be enabled.", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "The id of the observability exporter", "schema": { "type": "string" } } ], "requestBody": { "$ref": "#/components/requestBodies/ObservabilityExporter" }, "responses": { "200": { "description": "OK" }, "404": { "description": "Observability exporter not found" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "ObservabilityExporter" ] }, "delete": { "summary": "Remove a telemetry data exporter and stop external monitoring integration", "description": "Requires `observability::modify` permission and Organization `observability` feature needs to be enabled.", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "The id of the observability exporter", "schema": { "type": "string" } } ], "responses": { "200": { "description": "OK" } }, "tags": [ "ObservabilityExporter" ] } }, "/v2/observability-exporter/splunk/{id}": { "get": { "operationId": "getSplunkObservabilityExporter", "summary": "Retrieve Splunk-specific configuration for a telemetry data exporter", "description": "Requires `observability::read` permission and Organization `observability` feature needs to be enabled.", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "The id of the observability exporter", "schema": { "type": "string" } } ], "responses": { "200": { "description": "An observability exporter", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SplunkExporter" } } } }, "404": { "description": "Observability exporter not found" } }, "tags": [ "ObservabilityExporter", "SplunkExporter" ] }, "put": { "summary": "Modify Splunk-specific settings for a telemetry data exporter", "description": "Requires `observability::modify` permission and Organization `observability` feature needs to be enabled.", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "The id of the observability exporter", "schema": { "type": "string" } } ], "requestBody": { "$ref": "#/components/requestBodies/SplunkExporter" }, "responses": { "200": { "description": "OK" }, "404": { "description": "Observability exporter not found" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "ObservabilityExporter", "SplunkExporter" ] } }, "/v2/observability-exporter/http/{id}": { "get": { "operationId": "getHttpObservabilityExporter", "summary": "Retrieve HTTP-specific configuration for a telemetry data exporter", "description": "Requires `observability::read` permission and Organization `observability` feature needs to be enabled.", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "The id of the observability exporter", "schema": { "type": "string" } } ], "responses": { "200": { "description": "An observability exporter", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/HTTPExporter" } } } }, "404": { "description": "Observability exporter not found" } }, "tags": [ "ObservabilityExporter", "HTTPExporter" ] }, "put": { "summary": "Modify HTTP-specific settings for a telemetry data exporter", "description": "Requires `observability::modify` permission and Organization `observability` feature needs to be enabled.", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "The id of the observability exporter", "schema": { "type": "string" } } ], "requestBody": { "$ref": "#/components/requestBodies/HTTPExporter" }, "responses": { "200": { "description": "OK" }, "404": { "description": "Observability exporter not found" }, "422": { "description": "Validation failed", "content": { "application/json": { "schema": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" } } } } }, "tags": [ "ObservabilityExporter", "HTTPExporter" ] } } }, "security": [ { "JWTAuthorizer": [] } ], "servers": [ { "url": "https://api.trustgrid.io" } ], "components": { "parameters": { "clusterFQDN": { "description": "Cluster FQDN", "in": "path", "name": "clusterFQDN", "required": true, "schema": { "type": "string" } }, "nodeID": { "description": "Node ID", "in": "path", "name": "nodeID", "required": true, "schema": { "type": "string" } } }, "requestBodies": { "VpnDnsUpdateModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnDnsUpdateModel" } } } }, "VpnNetworkUpdateModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnNetworkUpdateModel" } } } }, "VirtualNetworkDNSRecord": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkDNSRecord" } } }, "description": "DNS record configuration", "required": true }, "VirtualNetworkAuthorizationGroupMembership": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkAuthorizationGroupMembership" } } }, "description": "Network auth group member", "required": true }, "OrderModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrderModel" } } } }, "VpnInterfaceUpdateModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnInterfaceUpdateModel" } } } }, "VpnServiceUpdateModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnServiceUpdateModel" } } } }, "EdgeService": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EdgeService" } } }, "description": "Service", "required": true }, "EdgeConnector": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/EdgeConnector" } } }, "description": "Connector", "required": true }, "ContainerConfig": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ContainerConfig" } } }, "description": "Container config" }, "VpnRouteUpdateModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnRouteUpdateModel" } } } }, "Policy": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Policy" } } }, "description": "Policy" }, "AlarmModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AlarmModel" } } }, "description": "Alarm body", "required": true }, "TagValueModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TagValueModel" } } }, "required": true }, "VirtualNetworkRoute": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkRoute" } } }, "description": "Route configuration", "required": true }, "Container": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Container" } } }, "description": "Container" }, "IdentityProviderUpdateModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/IdentityProviderUpdateModel" } } } }, "ServiceConfig": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ServiceConfig" } } }, "description": "Config body", "required": true }, "VirtualNetworkAccessPolicy": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkAccessPolicy" } } }, "description": "Access policy configuration", "required": true }, "ConnectorConfig": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ConnectorConfig" } } }, "description": "Config body", "required": true }, "Config": { "content": { "application/json": { "schema": { "properties": { "acls": { "items": { "properties": { "action": { "enum": [ "allow", "drop", "reject" ], "type": "string" }, "description": { "type": "string" }, "dest": { "description": "Destination IP CIDR", "type": "string" }, "line": { "description": "Line number", "maximum": 32768, "minimum": 1, "type": "number" }, "ports": { "description": "Port or port range", "type": "string" }, "protocol": { "enum": [ "any", "icmp", "tcp", "udp" ], "type": "string" }, "source": { "description": "Source IP CIDR", "type": "string" } }, "required": [ "protocol", "source", "dest", "action" ], "type": "object" }, "type": "array" }, "darkMode": { "type": "boolean" }, "forwarding": { "type": "boolean" }, "interfaces": { "items": { "properties": { "cloudRoutes": { "items": { "properties": { "description": { "description": "Route description", "example": "My route", "type": "string" }, "route": { "description": "Route CIDR", "example": "192.168.10.0/24", "type": "string" } }, "type": "object" }, "type": "array" }, "clusterIP": { "description": "Cluster IP", "type": "string" }, "clusterRouteTables": { "items": { "description": "Cluster route tables", "type": "string" }, "type": "array" }, "clusterRoutes": { "items": { "description": "Cluster routes", "properties": { "description": { "description": "Route description", "example": "My route", "type": "string" }, "route": { "description": "Route CIDR", "example": "192.168.10.0/24", "type": "string" } }, "required": [ "route" ], "type": "object" }, "type": "array" }, "description": { "description": "Interface description", "example": "My interface", "type": "string" }, "dhcp": { "default": false, "description": "Enable DHCP", "example": false, "type": "boolean" }, "dhcpPool": { "description": "DHCP pool", "type": "string" }, "dns": { "items": { "description": "DNS servers", "type": "string" }, "type": "array" }, "duplex": { "description": "Interface duplex", "enum": [ "full", "half" ], "type": "string" }, "gateway": { "description": "Gateway IP", "type": "string" }, "ip": { "description": "Interface IP", "type": "string" }, "mode": { "description": "Interface mode", "enum": [ "auto", "manual" ], "type": "string" }, "mtu": { "description": "MTU", "example": 1500, "maximum": 9001, "minimum": 1300, "type": "number" }, "nic": { "description": "Network interface name", "example": "eth0", "type": "string" }, "routes": { "items": { "properties": { "description": { "description": "Route description", "example": "My route", "type": "string" }, "next": { "description": "Next hop", "example": "192.168.10.10", "type": "string" }, "route": { "description": "Route CIDR", "example": "192.168.10.0/24", "type": "string" } }, "required": [ "route" ], "type": "object" }, "type": "array" }, "speed": { "description": "Interface speed", "type": "number" }, "subInterfaces": { "items": { "properties": { "description": { "description": "Interface description", "example": "My interface", "type": "string" }, "ip": { "description": "sub-interface IP", "type": "string" }, "routes": { "items": { "properties": { "description": { "description": "Route description", "example": "My route", "type": "string" }, "next": { "description": "Next hop", "example": "192.168.10.10", "type": "string" }, "route": { "description": "Route CIDR", "example": "192.168.10.0/24", "type": "string" } }, "required": [ "route" ], "type": "object" }, "type": "array" }, "vlanID": { "default": 1, "description": "VLAN ID", "example": 1, "maximum": 4094, "minimum": 1, "type": "number" }, "vrf": { "description": "VRF name", "example": "default", "type": "string" } }, "required": [ "vlanID", "ip" ], "type": "object" }, "type": "array" }, "virtual": { "default": false, "description": "Whether the interface is virtual", "example": false, "type": "boolean" }, "vrf": { "description": "VRF name", "example": "default", "type": "string" } }, "required": [ "nic" ], "type": "object" }, "type": "array" }, "nats": { "description": "NAT rules (SNAT, DNAT, masquerade) applied to this interface. Duplicate source/dest CIDR pairs are allowed when differentiated by route metric.", "items": { "properties": { "description": { "description": "NAT description", "type": "string" }, "dest": { "description": "NAT destination IP CIDR", "type": "string" }, "masquerade": { "type": "boolean" }, "source": { "description": "NAT source IP CIDR", "type": "string" }, "toDest": { "description": "Translated dest IP CIDR", "type": "string" }, "toSource": { "description": "Translated source IP CIDR", "type": "string" } }, "type": "object" }, "type": "array" }, "routes": { "items": { "properties": { "description": { "type": "string" }, "dest": { "type": "string" }, "dev": { "type": "string" }, "metric": { "description": "Route metric", "maximum": 200, "minimum": 1, "type": "number" }, "via": { "description": "Next hop IP address", "type": "string" } }, "required": [ "dest" ], "type": "object" }, "type": "array" }, "rules": { "items": { "properties": { "action": { "enum": [ "accept", "drop", "reject", "forward", "dnat" ], "type": "string" }, "description": { "description": "Rule description", "type": "string" }, "dest": { "description": "Destination IP CIDR or `public` or `private`", "type": "string" }, "dmac": { "description": "DNAT MAC address", "type": "string" }, "dnat": { "description": "DNAT IP address", "type": "string" }, "iface": { "description": "Interface name", "type": "string" }, "in": { "type": "string" }, "line": { "description": "Rule number", "maximum": 32768, "minimum": 1, "type": "number" }, "ports": { "description": "Port or port range", "type": "string" }, "protocol": { "enum": [ "any", "icmp", "tcp", "udp" ], "type": "string" }, "snat": { "description": "Enable SNAT", "type": "boolean" }, "source": { "description": "Source IP CIDR or `public` or `private`", "type": "string" }, "vrf": { "description": "VRF name", "type": "string" } }, "required": [ "protocol", "source", "dest", "action" ], "type": "object" }, "type": "array" }, "tunnels": { "items": { "properties": { "description": { "type": "string" }, "destination": { "type": "string" }, "dpdInterval": { "type": "number" }, "dpdRetries": { "type": "number" }, "enabled": { "type": "boolean" }, "ike": { "enum": [ 1, 2 ], "type": "number" }, "ikeCipher": { "enum": [ "aes128-sha1", "aes128-sha256", "aes256-sha1", "aes256-sha256" ], "type": "string" }, "ikeGroup": { "enum": [ 2, 5, 14, 15, 16 ], "type": "number" }, "ip": { "type": "string" }, "ipsecCipher": { "enum": [ "aes128-sha1", "aes128-sha256", "aes256-sha1", "aes256-sha256" ], "type": "string" }, "localId": { "type": "string" }, "mtu": { "maximum": 10000, "minimum": 1000, "type": "number" }, "name": { "type": "string" }, "networkId": { "type": "string" }, "pfs": { "enum": [ 0, 2, 5, 14, 15, 16 ], "type": "number" }, "presharedKey": { "type": "string" }, "psk": { "type": "string" }, "publicKey": { "type": "string" }, "rekeyInterval": { "type": "number" }, "remoteId": { "type": "string" }, "replayWindow": { "enum": [ 32, 64, 128, 256, 512, 1024, 2048, 4096, 8192 ], "type": "number" }, "type": { "enum": [ "ipsec", "gre", "vnet", "wireguard" ], "type": "string" }, "vrf": { "type": "string" } }, "required": [ "name", "enabled", "mtu" ], "type": "object" }, "type": "array" }, "vrfs": { "items": { "properties": { "acls": { "items": { "properties": { "action": { "enum": [ "allow", "drop", "reject" ], "type": "string" }, "description": { "description": "ACL description", "type": "string" }, "dest": { "description": "Destination IP CIDR", "type": "string" }, "line": { "description": "Line number", "maximum": 32768, "minimum": 1, "type": "number" }, "ports": { "description": "Port or port range", "type": "string" }, "protocol": { "enum": [ "any", "icmp", "tcp", "udp" ], "type": "string" }, "source": { "description": "Source IP CIDR", "type": "string" } }, "required": [ "protocol", "source", "dest", "action" ], "type": "object" }, "type": "array" }, "description": { "description": "VRF description", "type": "string" }, "forwarding": { "type": "boolean" }, "name": { "description": "VRF name", "type": "string" }, "nats": { "description": "NAT rules within this VRF. Duplicate source/dest CIDR pairs are allowed when differentiated by route metric.", "items": { "properties": { "description": { "description": "NAT description", "type": "string" }, "dest": { "description": "NAT destination IP CIDR", "type": "string" }, "masquerade": { "description": "Enable masquerade", "type": "boolean" }, "source": { "description": "NAT source IP CIDR", "type": "string" }, "toDest": { "description": "Translated dest IP CIDR", "type": "string" }, "toSource": { "description": "Translated source IP CIDR", "type": "string" } }, "type": "object" }, "type": "array" }, "routes": { "items": { "properties": { "description": { "description": "Route description", "example": "My route", "type": "string" }, "dest": { "description": "Route CIDR", "type": "string" }, "dev": { "description": "Device name", "type": "string" }, "metric": { "description": "Route metric", "maximum": 200, "minimum": 1, "type": "number" }, "via": { "description": "Next hop IP address", "type": "string" } }, "required": [ "dest" ], "type": "object" }, "type": "array" }, "rules": { "items": { "properties": { "action": { "enum": [ "accept", "drop", "reject", "forward", "dnat" ], "type": "string" }, "description": { "description": "Rule description", "type": "string" }, "dest": { "description": "Destination IP CIDR or `public` or `private`", "type": "string" }, "dmac": { "description": "DNAT MAC address", "type": "string" }, "dnat": { "description": "DNAT IP address", "type": "string" }, "iface": { "description": "Interface name", "type": "string" }, "in": { "type": "string" }, "line": { "description": "Rule number", "maximum": 32768, "minimum": 1, "type": "number" }, "ports": { "description": "Port or port range", "type": "string" }, "protocol": { "enum": [ "any", "icmp", "tcp", "udp" ], "type": "string" }, "snat": { "description": "Enable SNAT", "type": "boolean" }, "source": { "description": "Source IP CIDR or `public` or `private`", "type": "string" }, "vrf": { "description": "VRF name", "type": "string" } }, "required": [ "protocol", "source", "dest", "action" ], "type": "object" }, "type": "array" } }, "required": [ "name" ], "type": "object" }, "type": "array" } }, "type": "object" } } }, "description": "Network Config", "required": true }, "Config2": { "content": { "application/json": { "schema": { "type": "object" } } }, "description": "Config body", "required": true }, "AlarmChannelModel": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/AlarmChannelModel" } } }, "description": "Alarm channel body", "required": true }, "CertificateParts": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CertificateParts" } } }, "description": "Certificate parts", "required": true }, "Volume": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Volume" } } }, "description": "Volume" }, "VpnNetworkUpdateModel2": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VpnNetworkUpdateModel" } } }, "required": true }, "VirtualNetworkAuthorizationGroup": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkAuthorizationGroup" } } }, "description": "Network auth group configuration", "required": true }, "VirtualNetworkDNSZone": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkDNSZone" } } }, "description": "DNS zone configuration", "required": true }, "VirtualNetworkGroup": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkGroup" } } }, "description": "Network group configuration", "required": true }, "VirtualNetworkObject": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VirtualNetworkObject" } } }, "description": "Network object configuration", "required": true }, "PortForwarding": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/PortForwarding" } } }, "description": "Port forwarding configuration", "required": true }, "ObservabilityExporter": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ObservabilityExporter" } } }, "description": "Observability Exporter" }, "SplunkExporter": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/SplunkExporter" } } }, "description": "Splunk Exporter" }, "HTTPExporter": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/HTTPExporter" } } }, "description": "HTTP Exporter" } }, "securitySchemes": { "JWTAuthorizer": { "description": "JWT Bearer token. Send as `Authorization: Bearer `. Obtain via the Trustgrid portal or service user credentials. See https://docs.trustgrid.io/docs/user-management/api-access/", "type": "http", "scheme": "bearer", "bearerFormat": "JWT" } }, "schemas": { "AlarmChannelModel": { "description": "A notification channel used to deliver alarm alerts. Exactly one of the channel-type fields should be populated to indicate the delivery method.", "properties": { "name": { "description": "Human-readable name for the channel", "type": "string" }, "uid": { "description": "Unique identifier for this channel", "type": "string" }, "orgId": { "description": "Organization ID that owns this channel", "type": "string" }, "internal": { "description": "Whether this channel is managed by Trustgrid (read-only)", "type": "boolean" }, "emails": { "description": "Comma-separated email addresses for email delivery", "type": "string" }, "slackWebhook": { "description": "Slack incoming webhook URL", "type": "string" }, "slackChannel": { "description": "Slack channel name (requires Slack integration)", "type": "string" }, "pagerduty": { "description": "PagerDuty integration key", "type": "string" }, "opsGenie": { "description": "OpsGenie API key", "type": "string" }, "msTeams": { "description": "Microsoft Teams webhook URL", "type": "string" }, "genericWebhook": { "description": "Generic HTTPS webhook URL for custom integrations", "type": "string" } }, "required": [ "name" ], "title": "AlarmChannel", "type": "object" }, "AlarmModel": { "description": "An alarm filter that watches for matching events and delivers alerts to configured channels. Criteria fields are combined using `operator`.", "properties": { "uid": { "description": "Unique identifier for this alarm filter", "type": "string" }, "name": { "description": "Human-readable name for the alarm filter", "type": "string" }, "description": { "description": "Optional description of the alarm's purpose", "type": "string" }, "enabled": { "description": "Whether this alarm filter is active", "type": "boolean" }, "internal": { "description": "Whether this alarm is managed by Trustgrid (read-only)", "type": "boolean" }, "orgId": { "description": "Organization ID that owns this alarm", "type": "string" }, "channels": { "description": "UIDs of AlarmChannels to notify when this alarm triggers", "items": { "type": "string" }, "type": "array" }, "types": { "description": "Event types to match (e.g., \"Node Connect\", \"Node Disconnect\", \"Network Error\"). An empty list matches all types.", "items": { "type": "string" }, "type": "array" }, "nodes": { "description": "Node names to scope this alarm to. Empty matches all nodes.", "items": { "type": "string" }, "type": "array" }, "tags": { "description": "Tag filters expressed as `key=value` strings. Nodes must match these tags (combined per `operator`) to trigger this alarm.", "items": { "type": "string" }, "type": "array" }, "operator": { "description": "How multiple criteria (nodes, tags, types) are combined. `all` = all criteria must match; `any` = at least one must match; `none` = no criteria should match.", "enum": [ "any", "all", "none" ], "type": "string" }, "tagsOperator": { "description": "How multiple tag criteria are combined", "enum": [ "any", "all" ], "type": "string" }, "threshold": { "description": "Minimum event severity level to trigger this alarm", "enum": [ "INFO", "WARNING", "ERROR", "CRITICAL" ], "type": "string" }, "freetext": { "description": "Free-text string that must appear in the event message", "type": "string" }, "expr": { "description": "CEL (Common Expression Language) expression for advanced matching", "type": "string" } }, "required": [ "name" ], "title": "Alarm", "type": "object" }, "Alert": { "description": "Alert", "properties": { "alert_message": { "description": "More information about the alert", "example": "Node mynode abnormally disconnected", "type": "string" }, "node": { "description": "Node name that generated the alert", "example": "mynode", "type": "string" }, "node_id": { "description": "Node ID that generated the alert", "example": "19084f81-5668-41ee-adbe-295e4c65531a", "type": "string" }, "timestamp": { "description": "Unix timestamp of alert", "example": 1661440360, "type": "number" }, "type": { "description": "Type of alert", "example": "Data Plane Disruption", "type": "string" }, "uid": { "description": "Unique ID of alert", "example": "2DqxLdknjWxEkGt474d2Cstsa1O", "type": "string" } }, "title": "Alert", "type": "object" }, "AlertSuppressionModel": { "properties": { "description": { "type": "string" }, "end": { "format": "date-time", "type": "string" }, "start": { "format": "date-time", "type": "string" } }, "required": [ "start", "end" ], "title": "AlertSuppression", "type": "object" }, "AlertV2": { "description": "Alert V2", "properties": { "eventType": { "description": "Type of alert", "example": "Data Plane Disruption", "type": "string" }, "message": { "description": "More information about the alert", "example": "Node mynode abnormally disconnected", "type": "string" }, "nodeId": { "description": "Node ID that generated the alert", "example": "19084f81-5668-41ee-adbe-295e4c65531a", "type": "string" }, "nodeName": { "description": "Node name that generated the alert", "example": "mynode", "type": "string" }, "timestamp": { "description": "Unix timestamp of alert", "example": 1661440360, "type": "number" }, "uid": { "description": "Unique ID of alert", "example": "2DqxLdknjWxEkGt474d2Cstsa1O", "type": "string" } }, "title": "Alert V2", "type": "object" }, "Certificate": { "description": "TLS certificate managed by the Trustgrid platform", "properties": { "expiresAt": { "description": "Unix timestamp (seconds) when the certificate expires", "type": "number" }, "fqdn": { "description": "Fully qualified domain name the certificate covers", "example": "mynode.trustgrid.io", "type": "string" }, "orgId": { "description": "Organization ID that owns this certificate", "example": "aad89024-5927-4ebd-97e2-3cc605c1da5f", "type": "string" }, "warning": { "description": "Warning status for the certificate. `none` means healthy; other values indicate expiration proximity or issues.", "example": "none", "type": "string" } }, "title": "Certificate", "type": "object" }, "CertificateParts": { "description": "CertificateParts", "properties": { "chain": { "description": "Certificate chain in PEM format", "type": "string" }, "private_key": { "description": "Private key for the certificate in PEM format", "type": "string" } }, "required": [ "chain", "private_key" ], "title": "CertificateParts", "type": "object" }, "ContainerImageRecord": { "description": "Cached container image reference", "properties": { "name": { "description": "Image repository or name", "example": "mycontainer", "type": "string" }, "tag": { "description": "Image tag", "example": "latest", "type": "string" } }, "required": [ "name", "tag" ], "title": "ContainerImageRecord", "type": "object" }, "ContainerRuntimeStatus": { "description": "Runtime status for a container service on a node", "properties": { "status": { "description": "Current container runtime state", "enum": [ "INITIALIZING", "RUNNING", "STOPPED" ], "type": "string" }, "imageName": { "description": "Resolved image name for the running container", "example": "mycontainer/latest", "type": "string" }, "imageId": { "description": "Resolved image identifier for the running container", "example": "a1b2c3d4e5f6", "type": "string" } }, "title": "ContainerRuntimeStatus", "type": "object" }, "ClusterModel": { "properties": { "config": { "description": "Cluster Configuration", "type": "object" }, "domain": { "description": "Cluster domain", "type": "string" }, "fqdn": { "description": "Cluster FQDN", "type": "string" }, "health": { "description": "Cluster health", "enum": [ "healthy", "unhealthy", "offline", "unknown" ], "type": "string" }, "mode": { "description": "Cluster Failback Mode", "enum": [ "autoFailback", "manualFailback" ], "type": "string" }, "name": { "description": "Cluster name", "type": "string" }, "org": { "description": "Organization ID (UUID) that owns this cluster", "type": "string" }, "tags": { "description": "User-defined tags for organizing and filtering clusters", "type": "object", "additionalProperties": { "type": "string" } }, "tgTags": { "description": "System-managed tags assigned by the Trustgrid platform (read-only)", "type": "object", "additionalProperties": { "type": "string" } }, "tgrn": { "description": "Trustgrid Resource Name for this cluster. Format: `tgrn:tg::nodes:cluster/{fqdn}`", "example": "tgrn:tg::nodes:cluster/mycluster.myorg.trustgrid.io", "type": "string" }, "created_at": { "description": "Unix timestamp (seconds) when the cluster was created", "type": "integer" }, "lifecycleState": { "description": "Operational lifecycle state of the cluster", "enum": [ "pre-production", "production", "maintenance", "decommissioned" ], "type": "string" } }, "title": "ClusterModel", "type": "object" }, "ClusterUpgrade": { "description": "ClusterUpgrade", "properties": { "error": { "description": "Error message", "type": "string" }, "fqdn": { "description": "Cluster FQDN", "example": "mycluster.trustgrid.io", "type": "string" }, "nodeUpgrades": { "items": { "$ref": "#/components/schemas/NodeUpgrade" }, "type": "array" }, "state": { "description": "Upgrade state", "type": "string" }, "tags": { "additionalProperties": { "description": "Tag values", "type": "string" }, "description": "Cluster tags", "type": "object" } }, "title": "ClusterUpgrade", "type": "object" }, "EdgeConnector": { "example": { "description": "My connector", "enabled": true, "localIp": "100.100.64.1", "maxmbps": 100, "nic": "eth0", "node": "node1", "port": 1234, "index": 1, "protocol": "tcp", "service": "ssh" }, "properties": { "description": { "description": "connector description", "type": "string" }, "enabled": { "description": "whether connector is enabled", "type": "boolean" }, "index": { "description": "Sorting index for the connector", "type": "number" }, "localIp": { "description": "local IP address", "type": "string" }, "maxmbps": { "description": "maximum bandwidth in Mbps", "type": "number" }, "nic": { "description": "network interface name", "type": "string" }, "node": { "description": "node name", "type": "string" }, "port": { "description": "connector port", "type": "number" }, "protocol": { "description": "connector protocol", "enum": [ "udp", "tcp", "tftp", "ftp" ], "type": "string" }, "service": { "description": "service name", "type": "string" }, "sourceBlock": { "description": "if provided, only traffic from this CIDR block will be allowed", "type": "string" } }, "required": [ "node", "port", "protocol", "service" ] }, "NodeTriggerContainerActionRequest": { "description": "Request body used when `{event}` is set to a container service name and you want to start or stop that service.", "additionalProperties": false, "properties": { "cmd_action": { "description": "Container service action to execute", "enum": [ "start", "stop" ], "type": "string" }, "name": { "description": "Optional container service name echoed by some clients", "example": "mycontainer", "type": "string" } }, "required": [ "cmd_action" ], "title": "NodeTriggerContainerActionRequest", "type": "object" }, "NodeTriggerContainerActionResponse": { "description": "Response returned by a container start or stop request", "properties": { "message": { "description": "Human-readable service response message", "example": "Successful start", "type": "string" } }, "title": "NodeTriggerContainerActionResponse", "type": "object" }, "NodeTriggerContainerImageDeleteResponse": { "description": "Response returned after attempting to delete a cached image", "properties": { "success": { "description": "Success message when the image delete completed", "example": "Successful deletion", "type": "string" }, "error": { "description": "Error message when the image could not be deleted", "example": "Unable to delete image because it is currently in use", "type": "string" } }, "title": "NodeTriggerContainerImageDeleteResponse", "type": "object" }, "NodeTriggerContainerImageListResponse": { "description": "Cached container images available on the node", "properties": { "images": { "items": { "$ref": "#/components/schemas/ContainerImageRecord" }, "type": "array" } }, "title": "NodeTriggerContainerImageListResponse", "type": "object" }, "NodeTriggerContainerImageRequest": { "description": "Request body used when `{event}` is `container-image` to list cached images or delete one cached image.", "oneOf": [ { "type": "object", "additionalProperties": false, "properties": { "action": { "description": "Image management action", "enum": [ "list" ], "type": "string" } }, "required": [ "action" ] }, { "type": "object", "additionalProperties": false, "properties": { "action": { "description": "Image management action", "enum": [ "delete" ], "type": "string" }, "image": { "description": "Image reference to delete, in `repository/tag` format. Required when `action` is `delete`.", "example": "mycontainer/latest", "type": "string" } }, "required": [ "action", "image" ] } ], "title": "NodeTriggerContainerImageRequest", "type": "object" }, "NodeTriggerContainerStatusRequest": { "description": "Request body used when `{event}` is `container-status` to retrieve the runtime status of one container or all containers.", "additionalProperties": false, "properties": { "container": { "description": "Optional container service name to filter the response", "example": "mycontainer", "type": "string" } }, "title": "NodeTriggerContainerStatusRequest", "type": "object" }, "NodeTriggerContainerStatusResponse": { "description": "Map of container service name to runtime status details. When `container` is provided, the response typically contains a single entry.", "additionalProperties": { "$ref": "#/components/schemas/ContainerRuntimeStatus" }, "title": "NodeTriggerContainerStatusResponse", "type": "object" }, "ConnectorConfig": { "example": { "connectors": [ { "description": "My connector", "enabled": true, "id": "1e1d36b2-63b6-46bb-8334-a80a828afb5e", "localIp": "100.100.64.1", "maxmbps": 100, "nic": "eth0", "node": "node1", "port": 1234, "protocol": "tcp", "service": "ssh" } ] }, "properties": { "connectors": { "items": { "properties": { "description": { "description": "connector description", "type": "string" }, "enabled": { "description": "whether connector is enabled", "type": "boolean" }, "id": { "description": "unique ID of connector", "type": "string" }, "localIp": { "description": "local IP address", "type": "string" }, "maxmbps": { "description": "maximum bandwidth in Mbps", "type": "number" }, "nic": { "description": "network interface name", "type": "string" }, "node": { "description": "node name", "type": "string" }, "port": { "description": "connector port", "type": "number" }, "protocol": { "description": "connector protocol", "enum": [ "udp", "tcp", "tftp", "ftp" ], "type": "string" }, "service": { "description": "service name", "type": "string" }, "sourceBlock": { "description": "if provided, only traffic from this CIDR block will be allowed", "type": "string" } }, "required": [ "id", "node", "port", "protocol", "service" ], "type": "object" }, "type": "array" } }, "type": "object" }, "Container": { "description": "Container", "properties": { "command": { "description": "Command to run in the container", "type": "string" }, "description": { "description": "Container description", "example": "my container", "type": "string" }, "enabled": { "type": "boolean" }, "execType": { "description": "Execution type", "enum": [ "onDemand", "service", "recurring" ], "type": "string" }, "hostname": { "description": "Container hostname", "example": "mycontainer", "type": "string" }, "id": { "description": "Container ID", "example": "b4011aa3-d0d5-4c5c-9c0b-19095ba515d5", "type": "string" }, "image": { "$ref": "#/components/schemas/Image" }, "name": { "description": "Container name", "example": "mycontainer", "type": "string" }, "privileged": { "description": "Run the container as a privileged user", "type": "boolean" }, "requireConnectivity": { "description": "Only start the container if the node has connectivity to the control plane. Needed for encrypted volumes.", "type": "boolean" }, "stopTime": { "description": "Grace period for container to stop when requested, in seconds", "example": "60", "type": "string" }, "useInit": { "description": "Indicates that an init process should be used as PID 1 in the container. Ensures responsibilities of an init system are performed inside the container (e.g., handling exit signals).", "type": "boolean" }, "user": { "description": "User name (or UID) and optionally the group (or GID) to use when starting the container. This will override the USER specified in the image", "type": "string" }, "nodeUid": { "description": "UUID of the node this container is configured on", "type": "string" }, "namespace": { "description": "Container namespace, typically \"exec\"", "type": "string" }, "saveOutput": { "description": "Whether to persist stdout/stderr from on-demand container runs", "type": "boolean" } }, "title": "Container", "type": "object" }, "ContainerCapabilities": { "description": "Container Capabilities", "properties": { "addCaps": { "items": { "description": "Added capabilities", "type": "string" }, "type": "array" }, "dropCaps": { "items": { "description": "Dropped capabilities", "type": "string" }, "type": "array" } }, "title": "Container Capabilities", "type": "object" }, "ContainerConfig": { "description": "ContainerConfig", "properties": { "capabilities": { "$ref": "#/components/schemas/ContainerCapabilities" }, "healthCheck": { "$ref": "#/components/schemas/ContainerHealthCheck" }, "interfaces": { "items": { "$ref": "#/components/schemas/ContainerInterfaces" }, "type": "array" }, "limits": { "$ref": "#/components/schemas/ContainerLimits" }, "logging": { "$ref": "#/components/schemas/ContainerLogging" }, "mounts": { "items": { "$ref": "#/components/schemas/ContainerMount" }, "type": "array" }, "portMappings": { "items": { "$ref": "#/components/schemas/ContainerPortMapping" }, "type": "array" }, "variables": { "items": { "$ref": "#/components/schemas/ContainerVariable" }, "type": "array" }, "virtualNetworks": { "items": { "$ref": "#/components/schemas/ContainerVirtualNetwork" }, "type": "array" }, "vrf": { "$ref": "#/components/schemas/ContainerVRF" } }, "title": "ContainerConfig", "type": "object" }, "ContainerHealthCheck": { "description": "Container Health Check", "properties": { "command": { "description": "Command", "example": "/bin/sh -c 'exit 0'", "type": "string" }, "interval": { "description": "Interval", "example": 10, "type": "number" }, "retries": { "default": 3, "description": "Number of health check retries before a container is marked unhealthy", "example": 10, "type": "number" }, "startPeriod": { "description": "Grace period before health checks are monitored, in seconds", "example": 10, "type": "number" }, "timeout": { "description": "Timeout", "example": 10, "type": "number" } }, "title": "Container Health Check", "type": "object" }, "ContainerInterfaces": { "description": "Container Interfaces", "properties": { "dest": { "description": "Destination", "example": "10.10.14.0/24", "type": "string" }, "name": { "description": "Interface name", "example": "eth0", "type": "string" }, "uid": { "description": "UID", "example": "7da978ea-3d64-470a-8494-20ca4981e184", "type": "string" } }, "title": "Container Interfaces", "type": "object" }, "ContainerLimits": { "description": "Container Limits", "properties": { "cpuMax": { "description": "CPU max", "example": 80, "type": "number" }, "ioRbps": { "description": "IO read rate", "example": 80, "type": "number" }, "ioRiops": { "description": "IO read IOPS", "example": 80, "type": "number" }, "ioWbps": { "description": "IO write rate", "example": 80, "type": "number" }, "ioWiops": { "description": "IO write IOPS", "example": 80, "type": "number" }, "legacyMemHigh": { "description": "Legacy memory high", "example": 80, "type": "number" }, "legacyMemMax": { "description": "Legacy memory max", "example": 80, "type": "number" }, "limits": { "items": { "description": "Limit", "properties": { "hard": { "description": "Hard limit", "example": 20, "type": "number" }, "soft": { "description": "Soft limit", "example": 10, "type": "number" }, "type": { "description": "Limit type", "enum": [ "core", "cpu", "data", "fsize", "locks", "memlock", "msgqueue", "nice", "nofile", "nproc", "rss", "rtprio", "rttime", "sigpending", "stack" ], "type": "string" } }, "type": "object" }, "type": "array" }, "memHigh": { "description": "Memory high", "example": 80, "type": "number" }, "memMax": { "description": "Memory max", "example": 80, "type": "number" } }, "title": "Container Limits", "type": "object" }, "ContainerLogging": { "description": "Container Logging", "properties": { "maxFileSize": { "description": "Maximum file size in MB", "example": 10, "type": "number" }, "numFiles": { "description": "Maximum number of files", "example": 10, "type": "number" } }, "title": "Container Logging", "type": "object" }, "ContainerMount": { "description": "Container Mount", "properties": { "dest": { "description": "Destination", "example": "/myvolume", "type": "string" }, "encrypted": { "description": "Encrypted", "type": "boolean" }, "mountType": { "description": "Mount type", "enum": [ "volume", "bind" ], "type": "string" }, "source": { "description": "Source", "example": "myvolume", "type": "string" }, "uid": { "description": "UID", "example": "3ae09040-396e-4a7a-a3b7-dfb99a241685", "type": "string" } }, "title": "Container Mount", "type": "object" }, "ContainerPortMapping": { "description": "Container Port Mapping", "properties": { "containerPort": { "description": "Container port", "example": "8080", "type": "string" }, "hostPort": { "description": "Host port", "example": "8080", "type": "string" }, "iface": { "description": "Interface", "example": "eth0", "type": "string" }, "protocol": { "description": "Protocol", "enum": [ "tcp", "udp" ], "type": "string" }, "uid": { "description": "UID", "example": "d0522f1b-cc1a-4aad-bb46-99304a5e152d", "type": "string" } }, "title": "Container Port Mapping", "type": "object" }, "ContainerVRF": { "description": "Container VRF", "properties": { "name": { "description": "VRF name", "example": "myvrf", "type": "string" } }, "title": "Container VRF", "type": "object" }, "ContainerVariable": { "description": "Container Variable", "properties": { "name": { "description": "Variable name", "example": "myvar", "type": "string" }, "value": { "description": "Variable value", "example": "myvalue", "type": "string" } }, "title": "Container Variable", "type": "object" }, "ContainerVirtualNetwork": { "description": "Container Virtual Network", "properties": { "allowOutbound": { "description": "Allow outbound traffic", "type": "boolean" }, "ip": { "description": "Virtual IP", "example": "10.10.10.14", "type": "string" }, "network": { "description": "Network name", "example": "mynetwork", "type": "string" }, "uid": { "description": "UID", "example": "59349874-2e2a-4c51-b864-2782a3a489af", "type": "string" } }, "title": "Container Virtual Network", "type": "object" }, "CreateClusterModel": { "properties": { "name": { "description": "Cluster name", "type": "string" } }, "required": [ "name" ], "title": "CreateClusterModel", "type": "object" }, "DataStoreFile": { "description": "Data Store File", "properties": { "files": { "description": "Children, if a directory. This is a recursive model.", "type": "string" }, "name": { "description": "File name", "example": "win2019-serverli.qcow2", "type": "string" }, "path": { "description": "File path", "example": "qcows/win2019-serverli.qcow2", "type": "string" }, "size": { "description": "File size", "example": "9.4 GB", "type": "string" }, "type": { "description": "File type", "enum": [ "file", "directory" ], "type": "string" } }, "title": "Data Store File", "type": "object" }, "DataStoreTask": { "description": "DataStoreTask", "properties": { "details": { "description": "Task details", "example": "Finished the file transfer", "type": "string" }, "eTime": { "description": "End timestamp", "example": 1667861503331, "type": "number" }, "id": { "description": "ID", "example": "0d7f7145-32bd-45e9-ac4b-9cf04887392", "type": "string" }, "name": { "description": "Task name", "example": "Upload S3 File", "type": "string" }, "sTime": { "description": "Start timestamp", "example": 1667861503331, "type": "number" }, "status": { "description": "Task status", "example": "Completed", "type": "string" } }, "title": "DataStoreTask", "type": "object" }, "VirtualNetworkAccessPolicy": { "description": "Virtual Network Access Policy", "properties": { "uid": { "description": "Unique identifier (UUID)", "type": "string" }, "action": { "description": "Whether traffic matching this policy is allowed or denied", "type": "string", "enum": [ "allow", "deny" ] }, "source": { "description": "Source CIDR", "type": "string" }, "dest": { "description": "Destination CIDR", "type": "string" }, "notDest": { "description": "Invert the destination match", "type": "boolean" }, "protocol": { "description": "Protocol", "enum": [ "any", "tcp", "udp", "icmp" ], "type": "string" }, "ports": { "description": "Port or port range (empty string means all ports)", "type": "string" }, "description": { "type": "string" }, "lineNumber": { "description": "Display order position of this policy rule", "type": "integer" }, "networkName": { "description": "Virtual network this policy belongs to", "type": "string" }, "domainName": { "description": "Domain this policy belongs to", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "type": { "description": "Object type discriminator", "example": "AccessPolicy", "type": "string" } }, "required": [ "protocol", "source", "dest" ], "title": "Virtual Network Access Policy", "type": "object" }, "VirtualNetworkAuthorizationGroup": { "description": "Virtual Network Authorization Group", "properties": { "description": { "type": "string" }, "name": { "description": "Group name", "type": "string" } }, "title": "Virtual Network Authorization Group", "type": "object" }, "VirtualNetworkAuthorizationGroupMembership": { "description": "Virtual Network Authorization Group Membership", "properties": { "description": { "type": "string" }, "idp": { "type": "string" }, "memberType": { "type": "string" }, "name": { "type": "string" }, "uid": { "type": "string" } }, "title": "Virtual Network Authorization Group Membership", "type": "object" }, "VirtualNetworkDNSConfiguration": { "description": "DNS configuration for a virtual network", "properties": { "enabled": { "description": "Whether DNS is enabled for the network", "type": "boolean" }, "server": { "description": "IP address of the DNS server", "example": "1.1.1.13", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "networkName": { "description": "Virtual network name this config belongs to", "type": "string" }, "domainName": { "description": "Domain name this config belongs to", "type": "string" }, "type": { "description": "Object type discriminator", "example": "DNSConfig", "type": "string" } }, "title": "Virtual Network DNS Configuration", "type": "object" }, "VirtualNetworkDNSRecord": { "description": "Virtual Network DNS Record", "properties": { "name": { "type": "string" }, "recordType": { "type": "string" }, "ttl": { "type": "number" }, "value": { "type": "string" } }, "title": "Virtual Network DNS Record", "type": "object" }, "VirtualNetworkDNSZone": { "description": "Virtual Network DNS Zone", "properties": { "name": { "description": "DNS zone name (e.g. \"test.com\")", "type": "string" }, "description": { "type": "string" }, "resolver": { "description": "Custom resolver IP (if set)", "type": "string" }, "networkName": { "description": "Virtual network this zone belongs to", "type": "string" }, "domainName": { "description": "Domain this zone belongs to", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "type": { "description": "Object type discriminator", "example": "DNSZone", "type": "string" } }, "title": "Virtual Network DNS Zone", "type": "object" }, "VirtualNetworkGroup": { "description": "Virtual Network Group", "properties": { "name": { "description": "Group name", "type": "string" }, "description": { "type": "string" }, "networkName": { "description": "Virtual network this group belongs to", "type": "string" }, "domainName": { "description": "Domain this group belongs to", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "type": { "description": "Object type discriminator", "example": "NetworkGroup", "type": "string" } }, "title": "Virtual Network Group", "type": "object" }, "VirtualNetworkGroupMembership": { "description": "Membership of a network object in a network group", "properties": { "groupName": { "description": "Name of the group this membership belongs to", "type": "string" }, "objectName": { "description": "Name of the network object that is a member", "type": "string" }, "networkName": { "description": "Virtual network this membership belongs to", "type": "string" }, "domainName": { "description": "Domain this membership belongs to", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "type": { "description": "Object type discriminator", "example": "NetworkGroupMembership", "type": "string" } }, "title": "Virtual Network Group Membership", "type": "object" }, "VirtualNetworkInventory": { "description": "Virtual Network Inventory", "properties": { "accessPolicies": { "items": { "$ref": "#/components/schemas/VirtualNetworkAccessPolicy" }, "type": "array" }, "dnsConfig": { "items": { "$ref": "#/components/schemas/VirtualNetworkDNSConfiguration" }, "type": "array" }, "dnsRecords": { "items": { "$ref": "#/components/schemas/VirtualNetworkDNSRecord" }, "type": "array" }, "dnsZones": { "items": { "$ref": "#/components/schemas/VirtualNetworkDNSZone" }, "type": "array" }, "networkGroupMemberships": { "items": { "$ref": "#/components/schemas/VirtualNetworkGroupMembership" }, "type": "array" }, "networkGroups": { "items": { "$ref": "#/components/schemas/VirtualNetworkGroup" }, "type": "array" }, "networkObjects": { "items": { "$ref": "#/components/schemas/VirtualNetworkObject" }, "type": "array" }, "routes": { "items": { "$ref": "#/components/schemas/VirtualNetworkRoute" }, "type": "array" } }, "title": "Virtual Network Inventory", "type": "object" }, "VirtualNetworkObject": { "description": "Virtual Network Object (named CIDR for use in access policies)", "properties": { "name": { "description": "Object name", "type": "string" }, "cidr": { "description": "CIDR this object represents", "example": "1.2.3.0/24", "type": "string" }, "description": { "type": "string" }, "networkName": { "description": "Virtual network this object belongs to", "type": "string" }, "domainName": { "description": "Domain this object belongs to", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "type": { "description": "Object type discriminator", "example": "NetworkObject", "type": "string" } }, "title": "Virtual Network Object", "type": "object" }, "VirtualNetworkRouteMonitor": { "description": "VirtualNetworkRouteMonitor", "properties": { "enabled": { "type": "boolean" }, "name": { "type": "string" }, "protocol": { "type": "string", "enum": [ "tcp", "icmp" ] }, "dest": { "type": "string" }, "port": { "type": "number" }, "interval": { "type": "number" }, "count": { "type": "number" }, "maxLatency": { "type": "number" } }, "type": "object" }, "VirtualNetworkRoute": { "description": "VirtualNetworkRoute", "properties": { "description": { "type": "string" }, "domainName": { "type": "string" }, "metric": { "type": "number" }, "networkCidr": { "type": "string" }, "networkName": { "type": "string" }, "nodeName": { "type": "string" }, "uid": { "type": "string" }, "monitors": { "items": { "$ref": "#/components/schemas/VirtualNetworkRouteMonitor" }, "type": "array" } }, "title": "VirtualNetworkRoute", "type": "object" }, "EventModel": { "description": "Event", "title": "Event", "type": "object", "properties": { "level": { "description": "Event log level", "example": "ERROR", "type": "string", "enum": [ "INFO", "WARNING", "ERROR", "CRITICAL" ] }, "message": { "description": "Event message", "example": "Node Disconnected", "type": "string" }, "timestamp": { "description": "Unix epoch timestamp (seconds) when the event was generated", "example": 1775196846, "type": "integer" }, "receivedTime": { "description": "Unix epoch timestamp (seconds) when the control plane received the event", "example": 1775196846, "type": "integer" }, "subject": { "description": "Event item type", "example": "Node", "type": "string", "enum": [ "Node", "Certificate", "Order", "Upgrade", "AlertSuppression" ] }, "eventType": { "description": "Event type", "example": "Node Connect", "type": "string" }, "orgId": { "description": "Org ID", "example": "0000000-0000-0000-0000-000000000001", "type": "string" }, "uid": { "description": "Event ID", "example": "32Nt3pyfAJisyUADctXZW6bcwJC", "type": "string" }, "nodeId": { "description": "Node ID (if applicable)", "example": "0000000-0000-0000-0000-000000000002", "type": "string" }, "nodeName": { "description": "Node name (if applicable)", "example": "test", "type": "string" }, "domain": { "description": "Domain name (if applicable)", "example": "Domain", "type": "string" }, "fqdn": { "description": "FQDN (if applicable)", "example": "test.dev.io", "type": "string" }, "orderId": { "description": "Order ID (if applicable)", "example": "32Nt3pyfAJisyUADctXZW6bcwJD", "type": "string" }, "details": { "description": "Metadata associated to the event. Shape varies by `eventType`. Values may be strings, numbers, or nested objects.", "type": "object", "additionalProperties": {} }, "state": { "description": "Event state (if applicable)", "example": "EXCEEDED", "type": "string", "enum": [ "EXCEEDED", "CLEARED", "UNKNOWN" ] } } }, "Group": { "description": "User group for organizing access permissions", "properties": { "uid": { "description": "Group unique identifier (UUID)", "type": "string" }, "name": { "description": "Group display name", "type": "string" }, "description": { "type": "string" }, "referenceId": { "description": "Internal reference identifier (e.g. \"idp-name group-name\")", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "policyIds": { "description": "Named policies assigned to this group. May be an object map or an array of policy ID strings depending on context.", "additionalProperties": {} }, "type": { "description": "Object type discriminator", "example": "Group", "type": "string" } }, "type": "object" }, "GroupMember": { "properties": { "group": { "type": "string" }, "user": { "type": "string" } }, "type": "object" }, "GroupModel": { "properties": { "description": { "description": "Group Description", "type": "string" }, "name": { "description": "Group Name", "type": "string" }, "uid": { "description": "Group ID", "type": "string" } }, "title": "GroupModel", "type": "object" }, "IdentityProviderModel": { "allOf": [ { "$ref": "#/components/schemas/IdentityProviderUpdateModel" }, { "properties": { "uid": { "type": "string" } }, "type": "object" } ] }, "IdentityProviderUpdateModel": { "properties": { "clientId": { "type": "string" }, "description": { "type": "string" }, "name": { "type": "string" }, "uri": { "type": "string" } }, "type": "object" }, "IdpGroup": { "properties": { "group": { "type": "string" }, "groupReferenceId": { "type": "string" }, "idp": { "type": "string" } }, "type": "object" }, "Image": { "description": "Image", "properties": { "repository": { "description": "Image repository", "example": "mycompany.trustgrid.io/myimage", "type": "string" }, "tag": { "description": "Image tag", "example": "latest", "type": "string" } }, "title": "Image", "type": "object" }, "LifecycleStateRequest": { "description": "Request body for updating a node's lifecycle state", "properties": { "lifecycleState": { "description": "The lifecycle state to set on the node", "enum": [ "pre-production", "production", "maintenance", "decommissioned" ], "example": "production", "type": "string" } }, "required": [ "lifecycleState" ], "title": "LifecycleStateRequest", "type": "object" }, "Node": { "description": "Node", "properties": { "cluster": { "description": "Cluster FQDN", "example": "mycluster.trustgrid.io", "type": "string" }, "config": { "description": "Node configuration. Each sub-key mirrors an individual `PUT /node/{nodeID}/config/*` endpoint. In direct single-node responses, this object contains the complete configuration. In list responses, `config` may be included when explicitly requested via `projection`; when returned that way, only the projected `config` fields are present.", "type": "object", "properties": { "gateway": { "description": "Gateway configuration — controls whether this node acts as a gateway server accepting client connections, a client connecting to gateway servers, or both.", "type": "object", "properties": { "enabled": { "description": "Whether the gateway plugin is active on this node", "type": "boolean" }, "host": { "description": "IP or hostname the gateway server listens on", "type": "string" }, "port": { "description": "TCP port the gateway server listens on", "type": "integer" }, "udpPort": { "description": "UDP port for DTLS traffic when UDP is enabled", "type": "integer" }, "udpEnabled": { "description": "Enable UDP/DTLS transport in addition to TCP", "type": "boolean" }, "maxmbps": { "description": "Maximum aggregate throughput cap for all connected clients, in Mbps", "type": "number" }, "maxClientWriteMbps": { "description": "Per-client write throughput cap, in Mbps", "type": "number" }, "connectToPublic": { "description": "Whether this node connects outbound through the public gateway tier", "type": "boolean" }, "monitorGateway": { "description": "Enable latency and hop monitoring for gateway connections", "type": "boolean" }, "master": { "description": "Whether this node is the active master in a cluster gateway pair", "type": "boolean" }, "mesh": { "description": "Mesh group name if this node participates in a gateway mesh", "type": "string" }, "cert": { "description": "Name of the TLS certificate used by the gateway server", "type": "string" }, "paths": { "description": "Outbound client paths — connections this node makes to gateway servers", "type": "array", "items": { "type": "object", "properties": { "id": { "description": "Path identifier (UUID)", "type": "string" }, "host": { "description": "Gateway server hostname or IP", "type": "string" }, "port": { "description": "Gateway server TCP port", "type": "integer" }, "node": { "description": "FQDN of the target gateway server node", "type": "string" }, "enabled": { "type": "boolean" }, "default": { "description": "Whether this is the preferred (default) path", "type": "boolean" }, "local": { "description": "Local IP to bind when opening this path", "type": "string" } } } }, "clients": { "description": "Named clients permitted to connect to this gateway server", "type": "array", "items": { "type": "object", "properties": { "name": { "description": "Client node FQDN", "type": "string" }, "enabled": { "type": "boolean" } } } }, "routes": { "description": "Static routes advertised through the gateway", "type": "array", "items": { "type": "object", "properties": { "route": { "description": "CIDR", "type": "string" }, "dest": { "description": "Destination gateway node FQDN", "type": "string" }, "metric": { "type": "integer" } } } }, "acls": { "description": "Gateway-level access control rules", "type": "array", "items": { "type": "object", "properties": { "source": { "description": "Source CIDR or node FQDN", "type": "string" }, "dest": { "description": "Destination CIDR or node FQDN", "type": "string" } } } } } }, "cluster": { "description": "High-availability cluster settings for this node", "type": "object", "properties": { "enabled": { "description": "Whether cluster mode is active on this node", "type": "boolean" }, "host": { "description": "IP address used for cluster heartbeat traffic", "type": "string" }, "port": { "description": "TCP port used for cluster heartbeat communication", "type": "integer" }, "shared": { "description": "Floating IP address managed by the active cluster master", "type": "string" }, "master": { "description": "Whether this node is currently the cluster master", "type": "boolean" }, "statusHost": { "description": "Host used for cluster health-status checks", "type": "string" }, "statusPort": { "description": "Port used for cluster health-status checks", "type": "integer" }, "updateTime": { "description": "Unix timestamp of the last cluster config change", "type": "integer" }, "versionCounter": { "description": "Monotonically increasing config version counter", "type": "integer" }, "masterVersion": { "description": "Config version currently held by the cluster master", "type": "integer" } } }, "exec": { "description": "Edge compute (container runtime) configuration", "type": "object", "properties": { "commands": { "description": "Container definitions managed by this node", "type": "array", "items": { "$ref": "#/components/schemas/ContainerConfig" } }, "volumes": { "description": "Named volumes available to containers on this node", "type": "array", "items": { "type": "object" } }, "limits": { "description": "Global resource limits applied across all containers", "type": "object" } } }, "snmp": { "description": "SNMPv3 monitoring agent configuration", "type": "object", "properties": { "enabled": { "description": "Whether the SNMP agent is running", "type": "boolean" }, "interface": { "description": "Network interface the SNMP agent binds to (e.g. `eth0`)", "type": "string" }, "port": { "description": "UDP port the SNMP agent listens on (default 161)", "type": "integer" }, "engineId": { "description": "SNMP engine identifier", "type": "string" }, "username": { "description": "SNMPv3 username", "type": "string" }, "authProtocol": { "description": "Authentication hash algorithm", "enum": [ "SHA", "MD5" ], "type": "string" }, "authPassphrase": { "description": "Authentication passphrase", "type": "string" }, "privacyProtocol": { "description": "Privacy (encryption) algorithm", "enum": [ "AES128", "AES192", "AES256", "DES" ], "type": "string" }, "privacyPassphrase": { "description": "Privacy passphrase", "type": "string" } } }, "alert": { "description": "Node-level alert threshold configuration", "type": "object", "properties": { "enabled": { "description": "Whether alert threshold evaluation is active on this node", "type": "boolean" }, "thresholds": { "description": "Alert rules evaluated against shadow reported telemetry values", "type": "array", "items": { "type": "object", "properties": { "id": { "description": "Rule ID (UUID)", "type": "string" }, "name": { "description": "Human-readable rule name", "type": "string" }, "telemetry": { "description": "Shadow `reported` key to evaluate (e.g. `memory`, `storage`)", "type": "string" }, "max": { "description": "Upper bound — alert fires when the value exceeds this", "type": "number" }, "exceededWindow": { "description": "Number of time units the value must continuously exceed `max` before the alert fires", "type": "number" }, "exceededWindowUnit": { "description": "Time unit for `exceededWindow` (e.g. `minutes`, `hours`)", "type": "string" } } } } } }, "vpn": { "description": "Virtual network (overlay) membership and routing configuration", "type": "object", "properties": { "networks": { "description": "Per-virtual-network configuration entries for this node", "type": "array", "items": { "type": "object", "properties": { "id": { "description": "Virtual network numeric ID", "type": "integer" }, "name": { "description": "Virtual network name", "type": "string" }, "ip": { "description": "Node's IP address within this virtual network", "type": "string" }, "interfaces": { "description": "LAN-side interface bindings with inside/outside NAT rules", "type": "array", "items": { "type": "object" } }, "routes": { "description": "Routes exported into or imported from this virtual network", "type": "array", "items": { "type": "object" } }, "services": { "description": "Services exposed through this virtual network", "type": "array", "items": { "type": "object" } }, "dns": { "description": "DNS settings for this virtual network membership", "type": "object" } } } } } }, "dns": { "description": "Local DNS resolver configuration on the node", "type": "object", "properties": { "enabled": { "description": "Whether the local DNS resolver is active", "type": "boolean" }, "upstream": { "description": "Upstream DNS server IPs the resolver forwards to", "type": "array", "items": { "type": "string" } }, "records": { "description": "Static DNS records served by the local resolver", "type": "array", "items": { "type": "object", "properties": { "name": { "description": "Hostname for this record", "type": "string" } } } } } }, "network": { "description": "Layer-3 network configuration — physical interfaces, tunnels, static routes, NAT rules, ACLs, traffic rules, and VRFs", "type": "object", "properties": { "interfaces": { "description": "Physical and logical network interface configurations", "type": "array", "items": { "type": "object" } }, "tunnels": { "description": "IPsec, GRE, WireGuard, and VNet tunnel definitions", "type": "array", "items": { "type": "object" } }, "routes": { "description": "Static routes installed on this node", "type": "array", "items": { "type": "object" } }, "nats": { "description": "NAT rules (SNAT, DNAT, masquerade)", "type": "array", "items": { "type": "object" } }, "acls": { "description": "IP access control rules", "type": "array", "items": { "type": "object" } }, "rules": { "description": "Advanced traffic shaping and policy-based forwarding rules", "type": "array", "items": { "type": "object" } }, "vrfs": { "description": "VRF (Virtual Routing and Forwarding) instance definitions", "type": "array", "items": { "type": "object" } }, "darkMode": { "description": "When true the node ignores unsolicited inbound traffic (stealth mode)", "type": "boolean" }, "forwarding": { "description": "Enable IP forwarding between interfaces", "type": "boolean" }, "bridgeCIDR": { "description": "CIDR assigned to the bridge interface used by container networking", "type": "string" } } }, "services": { "description": "Edge service (port-forwarding target) configuration", "type": "object", "properties": { "enabled": { "description": "Whether the services plugin is active on this node", "type": "boolean" }, "version": { "description": "Schema version — `2` means `items` is a UUID-keyed map; absent means `services` is a legacy ordered array", "type": "integer", "enum": [ 2 ] }, "items": { "description": "Service definitions keyed by UUID (version 2 only)", "type": "object", "additionalProperties": { "type": "object" } }, "services": { "description": "Service definitions as an ordered array (legacy version 1 only)", "type": "array", "items": { "type": "object" } } } }, "connectors": { "description": "Edge connector (outbound tunnel endpoint) configuration", "type": "object", "properties": { "enabled": { "description": "Whether the connectors plugin is active on this node", "type": "boolean" }, "version": { "description": "Schema version — `2` means `items` is a UUID-keyed map; absent means `connectors` is a legacy ordered array", "type": "integer", "enum": [ 2 ] }, "items": { "description": "Connector definitions keyed by UUID (version 2 only)", "type": "object", "additionalProperties": { "type": "object" } }, "connectors": { "description": "Connector definitions as an ordered array (legacy version 1 only)", "type": "array", "items": { "type": "object" } } } }, "jvm": { "description": "JVM heap memory settings for embedded Java workloads", "type": "object", "properties": { "memory": { "type": "object", "properties": { "min": { "description": "Minimum heap size (e.g. `512m`, `1g`)", "type": "string" }, "max": { "description": "Maximum heap size (e.g. `2g`)", "type": "string" } } } } } } }, "name": { "description": "Node name", "example": "mynode", "type": "string" }, "online": { "description": "True when the node is connected to the control plane", "type": "boolean" }, "shadow": { "description": "AWS IoT Device Shadow — the node's desired and reported state store. `reported` is a flat key-value map updated by the node itself; `desired` holds pending configuration the node has not yet acknowledged (usually empty). Most fields in `reported` use dot-notation keys. Common `reported` keys: `node-core.version` (software version), `memory` (RAM in MB), `storage` (disk free in GB), `cores` (CPU count), `dnsResolution` (\"healthy\"/\"unhealthy\"), `repoConnectivity` (\"true\"/\"false\"), `os.distro.id` (e.g., \"ubuntu\"), `ssh.local` (\"true\"/\"false\"), `profile.name`, `node.upgrade.state`, `features` (object of enabled feature flags), `nic.{name}.mac/mtu/speed/dhcp` (NIC telemetry).", "type": "object", "properties": { "desired": { "description": "Pending configuration changes the node has not yet applied. Typically empty.", "type": "object" }, "reported": { "description": "Live telemetry reported by the node. Keys use dot-notation (e.g., `nic.eth0.mtu`). Values may be strings, numbers, or objects.", "type": "object", "additionalProperties": {} } } }, "state": { "description": "Node state", "enum": [ "ACTIVE", "INACTIVE" ], "type": "string" }, "tags": { "description": "Node tags", "type": "object" }, "type": { "description": "Device type", "enum": [ "Agent", "Node" ], "type": "string" }, "uid": { "description": "Node ID", "example": "19084f81-5668-41ee-adbe-295e4c65531a", "type": "string" }, "fqdn": { "description": "Fully qualified domain name, e.g., `mynode.myorg.trustgrid.io`. Omitted when projection[] is used without this field.", "example": "mynode.myorg.trustgrid.io", "type": "string" }, "lastip": { "description": "Last IP address observed when the node connected. Omitted when projection[] is used without this field.", "example": "203.0.113.42", "type": "string" }, "last_connect": { "description": "Unix timestamp in milliseconds of the most recent control plane connection. Omitted when projection[] is used without this field.", "type": "integer" }, "org": { "description": "Organization ID (UUID) that owns this node. Returned only by GET /node/{nodeID}.", "example": "aad89024-5927-4ebd-97e2-3cc605c1da5f", "type": "string" }, "domain": { "description": "Domain FQDN this node belongs to. Returned only by GET /node/{nodeID}.", "example": "myorg.trustgrid.io", "type": "string" }, "tgTags": { "description": "System-managed tags assigned by the Trustgrid platform. Read-only; always returned in list and single-node responses.", "type": "object", "additionalProperties": { "type": "string" } }, "keys": { "description": "Named cryptographic public keys used for node authentication and WireGuard tunneling. Always returned but rarely needed directly.", "type": "object" }, "tgrn": { "description": "Trustgrid Resource Name — a globally unique identifier for this node across the platform. Format: `tgrn:tg::nodes:node/{uid}`. Always returned.", "example": "tgrn:tg::nodes:node/19084f81-5668-41ee-adbe-295e4c65531a", "type": "string" }, "created_at": { "description": "Unix timestamp (seconds) when the node was registered. Omitted when projection[] is used without this field.", "type": "integer" }, "device": { "description": "Hardware device information detected from the physical or virtual appliance. Omitted when projection[] is used without this field.", "type": "object", "properties": { "mac": { "description": "MAC address of the primary network interface", "type": "string" }, "model": { "description": "Hardware model identifier (e.g., `esx`, `kvm`)", "type": "string" }, "vendor": { "description": "Hardware vendor name (e.g., `vmware`)", "type": "string" } } }, "location": { "description": "IP geolocation derived from the node's last observed IP address. Omitted when projection[] is used without this field.", "type": "object" }, "heartbeat": { "description": "Most recent heartbeat received from the node's control plane connection. Omitted when projection[] is used without this field.", "type": "object", "properties": { "nodeId": { "type": "string" }, "orgId": { "type": "string" }, "gatekeeper": { "description": "ARN of the AWS ECS task handling this node's connection", "type": "string" }, "timestamp": { "description": "Unix timestamp of the heartbeat", "type": "integer" }, "source": { "type": "string" } } }, "lifecycleState": { "description": "Operational lifecycle state of the node. Omitted when projection[] is used without this field.", "enum": [ "pre-production", "production", "maintenance", "decommissioned" ], "type": "string" }, "disconnectTime": { "description": "Unix timestamp (seconds) when the node last disconnected from the control plane. Omitted when projection[] is used without this field.", "type": "integer" }, "orderID": { "description": "UUID of the hardware provisioning order associated with this node. Omitted when projection[] is used without this field.", "type": "string" } }, "title": "Node", "type": "object" }, "NodeUpgrade": { "description": "NodeUpgrade", "properties": { "error": { "description": "Error message", "type": "string" }, "name": { "description": "Node name", "example": "mynode", "type": "string" }, "nodeID": { "description": "Node ID", "example": "19084f81-5668-41ee-adbe-295e4c65531a", "type": "string" }, "state": { "description": "Upgrade state", "type": "string" }, "tags": { "additionalProperties": { "description": "Tag values", "type": "string" }, "description": "Node tags", "type": "object" } }, "title": "NodeUpgrade", "type": "object" }, "OpenIDConfig": { "description": "OpenID Config", "properties": { "authEndpoint": { "description": "Auth endpoint", "example": "https://your-endpoint-url", "type": "string" }, "clientId": { "description": "Client ID", "example": "some-client-id", "type": "string" }, "issuer": { "description": "Issuer", "example": "https://your-issuer-url", "type": "string" }, "secret": { "description": "Client secret", "example": "some-client-secret", "type": "string" }, "tokenEndpoint": { "description": "Token endpoint", "example": "https://your-token-url", "type": "string" }, "userInfoEndpoint": { "description": "User info endpoint", "example": "https://your-user-info-url", "type": "string" } }, "title": "OpenID Config", "type": "object" }, "OrderModel": { "properties": { "address1": { "type": "string" }, "address2": { "type": "string" }, "applianceType": { "type": "string" }, "attn": { "type": "string" }, "city": { "type": "string" }, "clusterIp": { "type": "string" }, "comments": { "items": { "type": "object" }, "type": "array" }, "companyName": { "type": "string" }, "contactEmail": { "type": "string" }, "contactName": { "type": "string" }, "contactPhone": { "type": "string" }, "customerRefNum": { "type": "string" }, "domain": { "type": "string" }, "dueDate": { "type": "string" }, "endUserAccountNum": { "type": "string" }, "flagged": { "type": "boolean" }, "ha": { "description": "True when this order is for an HA pair", "type": "boolean" }, "interfacesCount": { "description": "Number of interfaces to configure per node", "maximum": 2, "minimum": 1, "type": "number" }, "locationName": { "type": "string" }, "nats": { "items": { "properties": { "description": { "description": "Description", "type": "string" }, "localCidr": { "description": "Local CIDR", "type": "string" }, "networkCidr": { "description": "Network CIDR", "type": "string" } }, "type": "object" }, "type": "array" }, "nodeCount": { "description": "Number of nodes needed to fulfill order", "maximum": 2, "minimum": 1, "type": "number" }, "nodeName": { "type": "string" }, "nodes": { "items": { "properties": { "dns1": { "type": "string" }, "dns2": { "type": "string" }, "interfaces": { "items": { "properties": { "dhcp": { "type": "boolean" }, "gateway": { "type": "string" }, "ip": { "type": "string" }, "subnet": { "type": "string" } }, "type": "object" }, "type": "array" }, "name": { "type": "string" } }, "type": "object" }, "type": "array" }, "notes": { "type": "string" }, "orderNum": { "description": "System-wide unique order number", "type": "number" }, "routedNetworks": { "type": "string" }, "siteType": { "description": "Site deployment type", "enum": [ "primary", "secondary", "test" ], "type": "string" }, "state": { "type": "string" }, "status": { "description": "Order status. API-side holistic validations apply to orders whose status is in provisioning, qa, shipped, delivered, installed, and in production.", "enum": [ "new", "gathering info", "pending feedback", "info received", "provisioning", "qa", "shipped", "delivered", "installed", "in production", "archived", "cancelled" ], "type": "string" }, "technicalContactEmail": { "type": "string" }, "technicalContactName": { "type": "string" }, "technicalContactPhone": { "type": "string" }, "uid": { "type": "string" }, "zip": { "type": "string" } }, "type": "object" }, "OrgModel": { "properties": { "uid": { "description": "Organization ID (UUID)", "type": "string" }, "name": { "description": "Organization display name", "type": "string" }, "domain": { "description": "Root domain for this organization (e.g. \"myorg.trustgrid.io\")", "type": "string" }, "idp_provider": { "description": "Identity provider used for authentication (e.g. \"trustgrid\" for built-in)", "type": "string" }, "aws_account_id": { "description": "AWS account ID associated with the organization", "type": "string" }, "supportable": { "description": "Whether Trustgrid support can access this org", "type": "boolean" }, "allowed_ips": { "description": "IP allowlist for portal access (empty = unrestricted)", "type": "array", "items": { "type": "string" } }, "emergencyDestination": { "description": "Emergency contact email", "type": "string" }, "licenses": { "description": "License counts for node types", "type": "object", "properties": { "appliances": { "type": "integer" }, "agents": { "type": "integer" } } }, "technicalContact": { "description": "Technical contact for the organization", "type": "object", "properties": { "name": { "type": "string", "nullable": true }, "phone": { "type": "string", "nullable": true }, "email": { "type": "string", "nullable": true } } }, "billingContact": { "description": "Billing contact for the organization", "type": "object", "properties": { "name": { "type": "string", "nullable": true }, "phone": { "type": "string", "nullable": true }, "email": { "type": "string", "nullable": true } } }, "businessContact": { "description": "Business contact for the organization", "type": "object", "properties": { "name": { "type": "string", "nullable": true }, "phone": { "type": "string", "nullable": true }, "email": { "type": "string", "nullable": true } } }, "s3_bucket": { "description": "S3 bucket for log exports (if configured)", "type": "string" }, "s3_access_key": { "description": "S3 access key for log exports (if configured)", "type": "string" }, "s3_prefix": { "description": "S3 key prefix for log exports (if configured)", "type": "string" }, "s3_region": { "description": "S3 region for log exports (if configured)", "type": "string" } }, "required": [ "name" ], "title": "OrgModel", "type": "object" }, "PolicyExpression": { "description": "Policy expression", "type": "object", "example": { "eq": { "tg:node:tags:environment": [ "production" ], "tg:node:tags:another-tag": [ "always-match" ] }, "ne": { "tg:node:tags:environment": [ "staging" ], "tg:node:tags:another-tag": [ "dont-match" ] } }, "properties": { "ne": { "type": "object", "properties": { "additionalProperties": { "description": "Conditions to not match", "type": "array", "items": { "type": "string" } } } }, "eq": { "type": "object", "properties": { "additionalProperties": { "description": "Conditions to match", "type": "array", "items": { "type": "string" } } } } } }, "Policy": { "description": "Policy", "properties": { "description": { "description": "Policy description", "example": "My policy description", "type": "string" }, "name": { "description": "Policy name", "example": "my-policy", "type": "string" }, "resources": { "items": { "description": "TGRNs affected by the policy", "type": "string" }, "type": "array" }, "conditions": { "type": "object", "properties": { "all": { "$ref": "#/components/schemas/PolicyExpression" }, "any": { "$ref": "#/components/schemas/PolicyExpression" }, "none": { "$ref": "#/components/schemas/PolicyExpression" } } }, "statements": { "items": { "description": "Permission statement", "properties": { "actions": { "items": { "description": "action", "type": "string" }, "type": "array" }, "effect": { "description": "Statement effect", "enum": [ "allow", "deny", "noop" ], "type": "string" } }, "type": "object" }, "type": "array" } }, "title": "Policy", "type": "object" }, "PortForwarding": { "description": "Port Forwarding rule — maps a virtual network service to a node IP and port", "properties": { "uid": { "description": "Unique identifier (UUID)", "type": "string" }, "serviceName": { "description": "Name of the service being forwarded", "type": "string" }, "nodeName": { "description": "Name of the node receiving forwarded traffic", "type": "string" }, "ip": { "description": "Node IP address traffic is forwarded to", "type": "string" }, "port": { "description": "Port number traffic is forwarded to", "type": "integer" }, "networkName": { "description": "Virtual network this rule belongs to", "type": "string" }, "domainName": { "description": "Domain this rule belongs to", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "type": { "description": "Object type discriminator", "example": "PortForward", "type": "string" } }, "title": "Port Forwarding", "type": "object" }, "RepositoryModel": { "properties": { "name": { "type": "string" } }, "title": "RepositoryModel", "type": "object" }, "RepositoryTagModel": { "properties": { "name": { "type": "string" } }, "title": "RepositoryTagModel", "type": "object" }, "SAMLConfig": { "description": "SAML Config", "properties": { "cert": { "description": "Certificate", "example": "your-idp-cert", "type": "string" }, "issuer": { "description": "Issuer", "example": "https://your-issuer-url", "type": "string" }, "loginUrl": { "description": "Login URL", "example": "https://idp-login-url", "type": "string" }, "token_expiration": { "description": "Token expiration", "example": 3600, "type": "number" } }, "title": "SAML Config", "type": "object" }, "EdgeService": { "properties": { "description": { "description": "service description", "type": "string" }, "enabled": { "description": "whether service is enabled", "type": "boolean" }, "host": { "description": "destination host name", "type": "string" }, "index": { "description": "sorting index", "type": "number" }, "name": { "description": "service name", "type": "string" }, "port": { "description": "destination port", "maximum": 65536, "minimum": 1, "type": "number" }, "protocol": { "description": "protocol", "enum": [ "udp", "tcp", "tftp", "ftp", "rdp", "vnc", "ssh" ], "type": "string" } }, "required": [ "host", "port", "protocol", "name" ], "type": "object" }, "ServiceConfig": { "example": { "services": [ { "description": "nginx", "enabled": true, "host": "127.0.0.1", "id": "1e1d36b2-63b6-46bb-8334-a80a828afb5f", "name": "nginx", "port": 80, "protocol": "tcp" } ] }, "properties": { "connectors": { "items": { "properties": { "description": { "description": "service description", "type": "string" }, "enabled": { "description": "whether service is enabled", "type": "boolean" }, "host": { "description": "destination host name", "type": "string" }, "id": { "description": "unique ID of service", "type": "string" }, "name": { "description": "service name", "type": "string" }, "port": { "description": "destination port", "maximum": 65536, "minimum": 1, "type": "number" }, "protocol": { "description": "protocol", "enum": [ "udp", "tcp", "tftp", "ftp", "rdp", "vnc", "ssh" ], "type": "string" } }, "required": [ "id", "host", "port", "protocol", "name" ], "type": "object" }, "type": "array" } }, "type": "object" }, "Tag": { "description": "Tag", "properties": { "created_at": { "description": "Unix timestamp when tag was created", "type": "number" }, "name": { "description": "Tag name", "example": "prod_status", "type": "string" }, "values": { "items": { "description": "Tag values", "type": "string" }, "type": "array" } }, "title": "Tag", "type": "object" }, "TagValueModel": { "properties": { "value": { "description": "Tag value", "type": "string" } }, "required": [ "value" ], "title": "TagValueModel", "type": "object" }, "Upgrade": { "description": "Upgrade", "properties": { "clusterUpgrades": { "items": { "$ref": "#/components/schemas/ClusterUpgrade" }, "type": "array" }, "completedAt": { "description": "Upgrade completion time", "type": "string" }, "dryRun": { "description": "Whether this was a dry-run", "type": "boolean" }, "excludeTags": { "additionalProperties": { "description": "Tag values", "type": "string" }, "description": "Exclude devices with these tags", "type": "object" }, "failoverApproved": { "description": "True once a user has approved cluster failovers", "type": "boolean" }, "includeTags": { "additionalProperties": { "description": "Tag values", "type": "string" }, "description": "Include devices with these tags", "type": "object" }, "manualFailover": { "description": "Whether to require approval to failover clusters", "type": "boolean" }, "name": { "description": "Name of upgrade", "example": "Sep27", "type": "string" }, "nodeUpgrades": { "items": { "$ref": "#/components/schemas/NodeUpgrade" }, "type": "array" }, "offlineTimeout": { "description": "Minutes to wait before failing (timing out) a workflow for a node in the offline state", "type": "number" }, "startedAt": { "description": "Upgrade start time", "type": "string" }, "status": { "description": "Status of upgrade", "enum": [ "active", "planning", "complete" ], "type": "string" }, "uid": { "description": "Unique ID of upgrade", "example": "2DqxLdknjWxEkGt474d2Cstsa1O", "type": "string" }, "upgradeTimeout": { "description": "Minutes to wait before failing (timing out) a workflow", "type": "number" } }, "title": "Upgrade", "type": "object" }, "UpgradeLog": { "description": "UpgradeLog", "properties": { "entity": { "description": "Log subject type", "example": "Node", "type": "string" }, "entityID": { "description": "Log subject ID", "example": "19084f81-5668-41ee-adbe-295e4c65531a", "type": "string" }, "level": { "description": "Level of log, like error/warn/info", "type": "string" }, "message": { "description": "Log message", "type": "string" }, "timestamp": { "description": "Timestamp of log entry", "example": "2024-10-21 11:55:26.066709233 -0600 MDT m=+0.000520863", "type": "string" }, "uid": { "description": "Unique ID of log entry", "example": "821abe7a-f895-4fa7-93d6-e03d4f82153c", "type": "string" } }, "title": "UpgradeLog", "type": "object" }, "UpgradeUpdateParams": { "description": "UpgradeUpdateParams", "properties": { "excludeTags": { "additionalProperties": { "description": "Tag values", "type": "string" }, "description": "Exclude devices with these tags", "type": "object" }, "includeTags": { "additionalProperties": { "description": "Tag values", "type": "string" }, "description": "Include devices with these tags", "type": "object" }, "manualFailover": { "description": "Whether to require approval to failover clusters", "type": "boolean" }, "name": { "description": "Upgrade name", "type": "string" }, "offlineTimeout": { "description": "Minutes to wait before failing (timing out) a workflow for a node in the offline state", "type": "number" }, "upgradeTimeout": { "description": "Minutes to wait before failing (timing out) a workflow", "type": "number" } }, "required": [ "name" ], "title": "UpgradeUpdateParams", "type": "object" }, "UserModel": { "properties": { "email": { "description": "User's email address (also used as login)", "type": "string" }, "status": { "description": "Whether the user account is active", "enum": [ "active", "inactive" ], "type": "string" }, "policyIds": { "description": "IDs of named policies assigned to this user", "items": { "type": "string" }, "type": "array" }, "policy": { "description": "Inline permission policy map. Keys are resource types (e.g. \"virtual-networks\"), values are scope → action → boolean maps. Present when the user has inline permissions in addition to named policies.", "type": "object", "additionalProperties": {} }, "permissions": { "description": "Resolved effective permissions (may be empty object if using policyIds)", "type": "object", "additionalProperties": {} }, "landingPage": { "description": "Custom landing page path after login (null = default)", "type": "string", "nullable": true } }, "title": "UserModel", "type": "object" }, "ValidationFailed": { "description": "ValidationFailed", "items": { "description": "Validation failure", "type": "string" }, "title": "ValidationFailed", "type": "array" }, "VirtualNetwork": { "description": "Virtual Network", "properties": { "id": { "description": "Internal numeric ID", "type": "integer" }, "name": { "description": "Name of virtual network", "type": "string" }, "description": { "type": "string" }, "networkCidr": { "description": "Virtual network CIDR", "example": "10.10.14.0/24", "type": "string" }, "orgId": { "description": "Organization ID", "type": "string" }, "uid": { "description": "Unique identifier (UUID)", "type": "string" }, "domainName": { "description": "Domain this network belongs to", "type": "string" }, "noNat": { "description": "Whether NAT is disabled for this network", "type": "boolean" }, "type": { "description": "Object type discriminator", "example": "DomainNetwork", "type": "string" } }, "title": "Virtual Network", "type": "object" }, "Volume": { "description": "Volume", "properties": { "encrypted": { "description": "Encrypted", "type": "boolean" }, "name": { "description": "Volume name", "example": "myvolume", "type": "string" } }, "title": "Volume", "type": "object" }, "VpnClusterDnsModel": { "allOf": [ { "$ref": "#/components/schemas/VpnDnsUpdateModel" }, { "properties": { "fqdn": { "type": "string" }, "networkName": { "type": "string" } }, "type": "object" } ] }, "VpnClusterInterfaceModel": { "allOf": [ { "$ref": "#/components/schemas/VpnInterfaceUpdateModel" }, { "properties": { "fqdn": { "type": "string" }, "networkName": { "type": "string" } }, "type": "object" } ] }, "VpnClusterNetworkInventoryModel": { "properties": { "dns": { "$ref": "#/components/schemas/VpnClusterDnsModel" }, "exportRoutes": { "items": { "$ref": "#/components/schemas/VpnNodeRouteModel" }, "type": "array" }, "importRoutes": { "items": { "$ref": "#/components/schemas/VpnNodeRouteModel" }, "type": "array" }, "interfaces": { "items": { "$ref": "#/components/schemas/VpnClusterInterfaceModel" }, "type": "array" }, "route": { "type": "string" }, "routes": { "items": { "$ref": "#/components/schemas/VpnClusterRouteModel" }, "type": "array" }, "services": { "items": { "$ref": "#/components/schemas/VpnClusterServiceModel" }, "type": "array" } }, "type": "object" }, "VpnClusterNetworkModel": { "allOf": [ { "$ref": "#/components/schemas/VpnNetworkUpdateModel" }, { "properties": { "fqdn": { "type": "string" }, "networkName": { "type": "string" } }, "type": "object" } ] }, "VpnClusterRouteModel": { "allOf": [ { "$ref": "#/components/schemas/VpnRouteUpdateModel" }, { "properties": { "fqdn": { "type": "string" }, "networkName": { "type": "string" }, "uid": { "type": "string" } }, "type": "object" } ] }, "VpnClusterServiceModel": { "allOf": [ { "$ref": "#/components/schemas/VpnServiceUpdateModel" }, { "properties": { "fqdn": { "type": "string" }, "networkName": { "type": "string" }, "uid": { "type": "string" } }, "type": "object" } ] }, "VpnDnsUpdateModel": { "properties": { "enabled": { "description": "Whether DNS forwarding is enabled on this VPN network", "type": "boolean" }, "upstream": { "description": "Upstream DNS servers to forward queries to", "items": { "type": "object", "properties": { "ip": { "description": "IP address of the upstream DNS server", "type": "string" }, "port": { "description": "Port of the upstream DNS server (default 53)", "type": "integer" }, "description": { "description": "Human-readable label for this upstream server", "type": "string" } } }, "type": "array" } }, "type": "object" }, "VpnInterfaceUpdateModel": { "properties": { "inDefaultRoute": { "type": "boolean" }, "insideNats": { "items": { "properties": { "description": { "type": "string" }, "localCidr": { "type": "string" }, "networkCidr": { "type": "string" } }, "type": "object" }, "type": "array" }, "interfaceName": { "type": "string" }, "outDefaultRoute": { "type": "boolean" }, "outsideNats": { "description": "NAT rules for traffic leaving the VPN network (outbound). Maps VPN-side CIDRs to local node CIDRs.", "items": { "properties": { "description": { "type": "string" }, "localCidr": { "description": "Local node CIDR to map to", "type": "string" }, "networkCidr": { "description": "VPN-side CIDR to translate", "type": "string" }, "networkGroup": { "type": "string" }, "proxyArp": { "description": "When true, the node responds to ARP requests for the networkCidr on behalf of local hosts", "type": "boolean" } }, "type": "object" }, "type": "array" } }, "type": "object" }, "VpnNetworkUpdateModel": { "properties": { "ip": { "type": "string" }, "name": { "type": "string" }, "route": { "type": "string" } }, "type": "object" }, "VpnNodeDnsModel": { "allOf": [ { "$ref": "#/components/schemas/VpnDnsUpdateModel" }, { "properties": { "networkName": { "type": "string" }, "nodeUid": { "type": "string" } }, "type": "object" } ] }, "VpnNodeInterfaceModel": { "allOf": [ { "$ref": "#/components/schemas/VpnInterfaceUpdateModel" }, { "properties": { "networkName": { "type": "string" }, "nodeUid": { "type": "string" } }, "type": "object" } ] }, "VpnNodeNetworkInventoryModel": { "description": "Full details of a VPN network attached to a node, including all routes, services, interfaces, DNS, and WireGuard configuration.", "properties": { "networkName": { "description": "Name of the VPN network", "type": "string" }, "ip": { "description": "IP address assigned to this node within the VPN network", "example": "172.16.101.201", "type": "string" }, "route": { "description": "CIDR of the VPN network's address space", "example": "172.16.101.0/24", "type": "string" }, "dns": { "$ref": "#/components/schemas/VpnNodeDnsModel" }, "exportRoutes": { "description": "Dynamic export routes advertised by this node into the VPN", "items": { "$ref": "#/components/schemas/VpnNodeRouteModel" }, "type": "array" }, "importRoutes": { "description": "Dynamic import routes received by this node from the VPN", "items": { "$ref": "#/components/schemas/VpnNodeRouteModel" }, "type": "array" }, "interfaces": { "description": "Physical or virtual interfaces bound to this VPN network with NAT rules", "items": { "$ref": "#/components/schemas/VpnNodeInterfaceModel" }, "type": "array" }, "routes": { "description": "Static routes published by this node into the VPN network", "items": { "$ref": "#/components/schemas/VpnNodeRouteModel" }, "type": "array" }, "services": { "description": "L4 services exposed by this node on the VPN network", "items": { "$ref": "#/components/schemas/VpnNodeServiceModel" }, "type": "array" }, "wireguard": { "description": "WireGuard tunnel configuration for this VPN network attachment", "type": "object", "properties": { "enabled": { "description": "Whether WireGuard tunneling is enabled", "type": "boolean" }, "port": { "description": "WireGuard listen port on this node", "type": "integer" }, "forwarding": { "description": "Whether IP forwarding is enabled for WireGuard traffic", "type": "boolean" }, "clients": { "description": "List of authorized WireGuard peer clients", "type": "array", "items": { "type": "object" } } } } }, "type": "object" }, "VpnNodeNetworkModel": { "description": "Summary of a VPN network attached to a node, as returned by the list endpoint", "allOf": [ { "$ref": "#/components/schemas/VpnNetworkUpdateModel" }, { "properties": { "id": { "description": "Numeric identifier for this node-network attachment", "type": "integer" }, "networkName": { "description": "Name of the VPN network", "type": "string" }, "nodeUid": { "description": "UUID of the node this network is attached to", "type": "string" } }, "type": "object" } ] }, "VpnNodeRouteModel": { "allOf": [ { "$ref": "#/components/schemas/VpnRouteUpdateModel" }, { "properties": { "networkName": { "description": "Name of the VPN network this route belongs to", "type": "string" }, "nodeUid": { "description": "UUID of the node that owns this route", "type": "string" }, "uid": { "description": "Unique identifier for this route", "type": "string" }, "nodeFriendlyName": { "description": "Human-readable name of the node that owns this route", "type": "string" }, "type": { "description": "Record type discriminator, always \"Route\"", "type": "string", "enum": [ "Route" ] } }, "type": "object" } ] }, "VpnNodeServiceModel": { "allOf": [ { "$ref": "#/components/schemas/VpnServiceUpdateModel" }, { "properties": { "networkName": { "description": "Name of the VPN network this service belongs to", "type": "string" }, "nodeUid": { "description": "UUID of the node that owns this service", "type": "string" }, "uid": { "description": "Unique identifier for this service", "type": "string" }, "type": { "description": "Record type discriminator, always \"Service\"", "type": "string", "enum": [ "Service" ] } }, "type": "object" } ] }, "VpnRouteUpdateModel": { "properties": { "description": { "type": "string" }, "metric": { "type": "number" }, "networkCidr": { "type": "string" }, "node": { "type": "string" }, "path": { "type": "string" }, "monitors": { "items": { "$ref": "#/components/schemas/VirtualNetworkRouteMonitor" }, "type": "array" } }, "type": "object" }, "VpnServiceUpdateModel": { "properties": { "ip": { "type": "string" }, "name": { "type": "string" }, "port": { "type": "number" } }, "type": "object" }, "ServiceUser": { "type": "object", "properties": { "name": { "description": "Service account name (used as identifier)", "type": "string" }, "status": { "description": "Whether the service account is active", "type": "string", "enum": [ "active", "inactive" ] }, "clientId": { "description": "Client ID used for API authentication (present after token generation)", "type": "string" }, "policyIds": { "description": "Named policy IDs attached to this service account", "example": [ "builtin-tg-monitor" ], "type": "array", "items": { "type": "string" } }, "tokenCreated": { "description": "Unix epoch timestamp (seconds) when the API token was last generated", "type": "integer" }, "orgId": { "description": "Organization ID", "type": "string" } } }, "ObservabilityExporter": { "properties": { "uid": { "type": "string" }, "name": { "type": "string" }, "enabled": { "type": "boolean" }, "exporterType": { "type": "string", "enum": [ "splunk", "http" ] }, "collectionTypes": { "items": { "type": "string", "enum": [ "metrics", "node_audits", "node_events", "changes" ] }, "type": "array" }, "description": { "type": "string" } }, "required": [ "name", "enabled", "exporterType" ], "title": "ObservabilityExporter", "type": "object" }, "SplunkExporter": { "properties": { "uid": { "type": "string" }, "token": { "type": "string" }, "endpoint": { "type": "string" }, "source": { "type": "string" }, "sourcetype": { "type": "string" }, "index": { "type": "string" }, "cacert": { "type": "string" }, "enableLogData": { "type": "boolean" }, "insecureTLS": { "type": "boolean" } }, "required": [ "token", "endpoint" ], "title": "SplunkExporter", "type": "object" }, "HTTPExporter": { "properties": { "uid": { "type": "string" }, "endpoint": { "type": "string" }, "metricsEndpoint": { "type": "string" }, "logsEndpoint": { "type": "string" }, "encoding": { "type": "string", "enum": [ "json", "proto" ] }, "compression": { "type": "string", "enum": [ "gzip", "zstd", "zlib", "none" ] }, "timeout": { "type": "number" }, "readBufferSize": { "type": "number" }, "writeBufferSize": { "type": "number" }, "cacert": { "type": "string" }, "insecureTLS": { "type": "boolean" } }, "title": "HTTPExporter", "type": "object" } } } }