@controlplane/schema 1.0.1 → 1.0.3

package/build/src/interfaces/envoyHttp.d.ts

@@ -0,0 +1,273 @@
+import { DurationRestricted, Duration, RetryPolicy, Empty, RouteMatch, RouteMatchRestricted, DataSource, GoogleCallCredentials, Struct, HeaderValue, ApiVersion, UInt32, Priority, GrpcService, ListStringMatcher, HttpStatus, FractionalPercent, RuntimeFeatureFlag, StringMatcher, RuntimeFractionalPercent, HeaderValueOption } from './envoyCommon';
+export interface HttpUri {
+    uri: string;
+    cluster: string;
+    timeout: string | {
+        seconds?: number;
+        nanos?: number;
+    };
+}
+export interface HttpUriRestricted {
+    uri: string;
+    cluster: string;
+    timeout?: DurationRestricted;
+}
+export interface BufferSettings {
+    max_request_bytes?: number;
+    allow_partial_message?: boolean;
+    pack_as_bytes?: boolean;
+}
+export interface JwtProvider {
+    issuer?: string;
+    audiences?: string[];
+    claim_to_headers?: {
+        header_name: string;
+        claim_name: string;
+    }[];
+    remote_jwks?: {
+        http_uri?: HttpUri;
+        cache_duration?: Duration;
+        async_fetch?: {
+            fast_listener?: boolean;
+            failed_refetch_duration?: Duration;
+        };
+        retry_policy?: RetryPolicy;
+    };
+}
+export interface JwtProviderUIRestricted {
+    issuer?: string;
+    audiences?: string[];
+    claim_to_headers?: {
+        header_name: string;
+        claim_name: string;
+    }[];
+    remote_jwks?: {
+        http_uri?: HttpUriRestricted;
+        cache_duration?: DurationRestricted;
+    };
+}
+export interface JwtRequirement {
+    provider_name?: string;
+    provider_and_audiences?: {
+        provider_name?: string;
+        audiences?: string[];
+    };
+    requires_any?: {
+        requirements?: any[];
+    };
+    requires_all?: {
+        requirements?: any[];
+    };
+    allow_missing_or_failed?: Empty;
+    allow_missing?: Empty;
+}
+export interface JwtRequirementRestricted {
+    provider_name?: string;
+}
+export interface JwtRequirementRule {
+    match?: RouteMatch;
+    requires?: JwtRequirement;
+    requirement_name?: string;
+}
+export interface JwtRequirementRuleRestricted {
+    match?: RouteMatchRestricted;
+    requires?: JwtRequirementRestricted;
+}
+export interface JwtRequirementMap {
+    [x: string]: JwtRequirement;
+}
+export interface RateLimitService {
+    grpc_service: {
+        envoy_grpc?: {
+            cluster_name: string;
+            authority?: string;
+            retry_policy?: RetryPolicy;
+        };
+        google_grpc?: {
+            target_uri: string;
+            channel_credentials?: {
+                ssl_credentials?: {
+                    root_certs?: DataSource;
+                    private_key?: DataSource;
+                    cert_chain?: DataSource;
+                };
+                google_default?: Empty;
+            };
+            call_credentials?: GoogleCallCredentials[];
+            stat_prefix: string;
+            credentials_factory_name?: string;
+            config?: Struct;
+        };
+        timeout?: string | {
+            seconds?: number;
+            nanos?: number;
+        };
+        initial_metadata?: HeaderValue[];
+    };
+    transport_api_version?: ApiVersion;
+}
+export interface Descriptor {
+    key: string;
+    value?: string;
+    rate_limit?: {
+        name?: string;
+        replaces?: {
+            name?: string;
+        }[];
+        unit?: 'second' | 'minute' | 'hour' | 'day';
+        requests_per_unit?: UInt32;
+    };
+    shadow_mode?: string;
+    detailed_metric?: string;
+}
+export interface ExtAuthz {
+    priority?: Priority;
+    excludedWorkloads?: string[];
+    name: 'envoy.filters.http.ext_authz';
+    typed_config?: {
+        grpc_service?: GrpcService;
+        http_service?: {
+            server_uri?: HttpUri;
+            path_prefix?: string;
+            authroization_request?: {
+                allowed_headers?: ListStringMatcher;
+                headers_to_add?: HeaderValue[];
+            };
+            authorization_response?: {
+                allowed_upstream_headers?: ListStringMatcher;
+                allowed_upstream_headers_to_append?: ListStringMatcher;
+                allowed_client_headers?: ListStringMatcher;
+                allowed_client_headers_on_success?: ListStringMatcher;
+                dynamic_metadata_from_headers?: ListStringMatcher;
+            };
+        };
+        failure_mode_allow?: boolean;
+        failure_mode_allow_header_add?: boolean;
+        with_request_body?: BufferSettings;
+        clear_route_cache?: boolean;
+        status_on_error?: HttpStatus;
+        metadata_context_namespaces?: string[];
+        typed_metadata_context_namespaces?: string[];
+        route_metadata_context_namespaces?: string[];
+        route_typed_metadata_context_namespaces?: string[];
+        filter_enabled?: FractionalPercent;
+        deny_at_disable?: RuntimeFeatureFlag;
+        include_peer_certificate?: boolean;
+        stat_prefix?: string;
+        bootstrap_metadata_labels_key?: string;
+        allowed_headers?: ListStringMatcher;
+        include_tls_session?: boolean;
+        charge_cluster_response_stats?: boolean;
+        transport_api_version?: ApiVersion;
+        "@type": 'type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz';
+    };
+}
+export interface JwtAuthn {
+    priority?: Priority;
+    excludedWorkloads?: string[];
+    name: 'envoy.filters.http.jwt_authn';
+    typed_config?: {
+        providers?: {
+            [x: string]: JwtProvider;
+        };
+        rules?: JwtRequirementRuleRestricted[];
+        filter_state_rules?: {
+            name: string;
+            requires?: JwtRequirementMap;
+        };
+        bypass_cors_preflight?: boolean;
+        requirement_map?: {
+            [x: string]: JwtRequirement;
+        };
+        "@type": 'type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication';
+    };
+}
+export interface GrpcWeb {
+    priority?: Priority;
+    excludedWorkloads?: string[];
+    name: 'envoy.filters.http.grpc_web';
+    typed_config?: {
+        "@type": 'type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb';
+    };
+}
+export interface GrpcJsonTranscoder {
+    priority?: Priority;
+    excludedWorkloads?: string[];
+    name: 'envoy.filters.http.grpc_json_transcoder';
+    typed_config?: {
+        proto_descriptor?: string;
+        proto_descriptor_bin?: any;
+        services?: string[];
+        print_options?: {
+            add_whitespace?: boolean;
+            always_print_primitive_fields?: boolean;
+            always_print_enums_as_ints?: boolean;
+            preserve_proto_field_names?: boolean;
+            stream_newline_delimited?: boolean;
+        };
+        match_incoming_request_route?: boolean;
+        ignored_query_parameters?: string[];
+        auto_mapping?: boolean;
+        ignore_unknown_query_parameters?: boolean;
+        convert_grpc_status?: boolean;
+        url_unescape_spec?: 'ALL_CHARACTERS_EXCEPT_RESERVED' | 'ALL_CHARACTERS_EXCEPT_SLASH' | 'ALL_CHARACTERS';
+        query_param_unescape_plus?: boolean;
+        match_unregistered_custom_verb?: boolean;
+        request_validation_options?: {
+            reject_unknown_method?: boolean;
+            reject_unknown_query_parameters?: boolean;
+            reject_binding_body_field_collisions?: boolean;
+        };
+        case_insensitive_enum_parsing?: boolean;
+        max_request_body_size?: UInt32;
+        max_response_body_size?: UInt32;
+        "@type": 'type.googleapis.com/envoy.extensions.filters.http.grpc_json_transcoder.v3.GrpcJsonTranscoder';
+    };
+}
+export interface Cors {
+    priority?: Priority;
+    excludedWorkloads?: string[];
+    name: 'envoy.filters.http.cors';
+    typed_config?: {
+        allow_origin_string_match?: StringMatcher[];
+        allow_methods?: string;
+        allow_headers?: string;
+        expose_headers?: string;
+        max_age?: string;
+        allow_credentials?: boolean;
+        filter_enabled?: RuntimeFractionalPercent;
+        shadow_enabled?: RuntimeFractionalPercent;
+        allow_private_network_access?: boolean;
+        "@type": 'type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors';
+    };
+}
+export interface RateLimit {
+    priority?: Priority;
+    excludedWorkloads?: string[];
+    name: 'envoy.filters.http.ratelimit';
+    typed_config?: {
+        domain: string;
+        stage?: number;
+        request_type?: 'internal' | 'external' | 'both';
+        timeout?: Duration;
+        failure_mode_deny?: boolean;
+        rate_limited_as_resource_exhausted?: boolean;
+        rate_limit_service?: RateLimitService;
+        enable_x_ratelimit_headers?: 'OFF' | 'DRAFT_VERSION_03';
+        disable_x_envoy_ratelimited_header?: boolean;
+        rate_limited_status?: HttpStatus;
+        response_headers_to_add?: HeaderValueOption[];
+        status_on_error?: HttpStatus;
+        stat_prefix?: string;
+        "@type": 'type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit';
+    };
+}
+export interface ConnectRpc {
+    priority?: Priority;
+    excludedWorkloads?: string[];
+    name: 'envoy.filters.http.connect_grpc_bridge';
+    typed_config?: {
+        "@type": 'type.googleapis.com/envoy.extensions.filters.http.connect_grpc_bridge.v3.FilterConfig';
+    };
+}
+export type HttpFilter = ExtAuthz | JwtAuthn | GrpcWeb | ConnectRpc | GrpcJsonTranscoder | Cors | RateLimit;

package/build/src/interfaces/envoyHttp.js

@@ -0,0 +1,3 @@
+"use strict";
+/* auto-generated */
+Object.defineProperty(exports, "__esModule", { value: true });

package/build/src/interfaces/envoyRateLimit.d.ts

@@ -0,0 +1,45 @@
+import { RetryPolicy, DataSource, Empty, GoogleCallCredentials, Struct, ApiVersion, Duration, HttpStatus, HeaderValueOption } from './envoyCommon';
+export interface RateLimitService {
+    grpc_service: {
+        envoy_grpc?: {
+            cluster_name: string;
+            authority?: string;
+            retry_policy?: RetryPolicy;
+        };
+        google_grpc?: {
+            target_uri: string;
+            channel_credentials?: {
+                ssl_credentials?: {
+                    root_certs?: DataSource;
+                    private_key?: DataSource;
+                    cert_chain?: DataSource;
+                };
+                google_default?: Empty;
+            };
+            call_credentials?: GoogleCallCredentials[];
+            stat_prefix: string;
+            credentials_factory_name?: string;
+            config?: Struct;
+        };
+        timeout?: string | {
+            seconds?: number;
+            nanos?: number;
+        };
+    };
+    transport_api_version?: ApiVersion;
+}
+export interface RateLimit {
+    domain: string;
+    stage?: number;
+    request_type?: 'internal' | 'external' | 'both';
+    timeout?: Duration;
+    failure_mode_deny?: boolean;
+    rate_limited_as_resource_exhausted?: boolean;
+    rate_limit_service?: RateLimitService;
+    enable_x_ratelimit_headers?: 'OFF' | 'DRAFT_VERSION_03';
+    disable_x_envoy_ratelimited_header?: boolean;
+    rate_limited_status?: HttpStatus;
+    response_headers?: HeaderValueOption[];
+    status_on_error?: HttpStatus;
+    stat_prefix?: string;
+}

package/build/src/interfaces/envoyRateLimit.js

@@ -0,0 +1,3 @@
+"use strict";
+/* auto-generated */
+Object.defineProperty(exports, "__esModule", { value: true });

package/build/src/interfaces/event.d.ts

@@ -0,0 +1,25 @@
+export interface EventContext {
+    category?: string;
+    component?: 'actuator' | 'dns-updater' | 'scheduler' | 'iam-broker' | 'metadata-proxy';
+    cloudProvider?: 'aws' | 'gcp' | 'azure' | 'linode' | 'byok';
+    cluster?: string;
+    principalLink?: string;
+    fingerprint?: string;
+    [x: string]: any;
+}
+export interface Event {
+    id?: string;
+    created?: Date;
+    kind?: string;
+    status: string;
+    pinned?: boolean;
+    context?: {
+        category?: string;
+        component?: 'actuator' | 'dns-updater' | 'scheduler' | 'iam-broker' | 'metadata-proxy';
+        cloudProvider?: 'aws' | 'gcp' | 'azure' | 'linode' | 'byok';
+        cluster?: string;
+        principalLink?: string;
+        fingerprint?: string;
+        [x: string]: any;
+    };
+}

package/build/src/interfaces/group.d.ts

@@ -0,0 +1,20 @@
+import { Name, Kind, Tags, Links } from './base';
+import { Query } from './query';
+export interface Group {
+    id?: string;
+    name?: Name;
+    kind?: Kind;
+    version?: number;
+    description?: string;
+    tags?: Tags;
+    created?: Date;
+    lastModified?: Date;
+    links?: Links;
+    memberLinks?: string[];
+    memberQuery?: Query;
+    identityMatcher?: {
+        expression: string;
+        language: 'jmespath' | 'javascript';
+    };
+    origin?: 'synthetic' | 'default' | 'builtin';
+}

package/build/src/interfaces/gvc.d.ts

@@ -0,0 +1,57 @@
+import { Query } from './query';
+import { Tracing } from './tracing';
+import { EnvoyFilters } from './envoy';
+import { EnvVar } from './env';
+import { Name, Kind, Tags, Links } from './base';
+export interface GvcStatus {
+    [x: string]: any;
+}
+export interface StaticPlacement {
+    locationLinks?: string[];
+    locationQuery?: Query;
+}
+export interface GvcSpec {
+    staticPlacement?: StaticPlacement;
+    pullSecretLinks?: string[];
+    domain?: string;
+    tracing?: Tracing;
+    sidecar?: {
+        envoy?: EnvoyFilters;
+    };
+    env?: EnvVar[];
+    loadBalancer?: {
+        dedicated?: boolean;
+        trustedProxies?: number;
+    };
+}
+export interface Gvc {
+    id?: string;
+    name?: Name;
+    kind?: Kind;
+    version?: number;
+    description?: string;
+    tags?: Tags;
+    created?: Date;
+    lastModified?: Date;
+    links?: Links;
+    alias?: string;
+    spec?: GvcSpec;
+    status?: GvcStatus;
+}
+export interface GvcConfig {
+    clusters?: {
+        [x: string]: {
+            clusterId?: string;
+            since?: Date;
+        };
+    };
+    preferredClusters?: {
+        [x: string]: {
+            clusterId?: string;
+        };
+    };
+    loadBalancer?: {
+        minScale?: number;
+    };
+    thinProvision?: number;
+}

package/build/src/interfaces/identity.d.ts

@@ -0,0 +1,102 @@
+import { Name, Kind, Tags, Links } from './base';
+export type AwsRoleName = string;
+export type PolicyRef = string;
+export type GcpRoleName = string;
+export interface AwsPolicyDocument {
+    Version?: string;
+    Statement?: {
+        [x: string]: any;
+    }[];
+}
+export interface AwsIdentity {
+    cloudAccountLink: string;
+    policyRefs?: PolicyRef[];
+    trustPolicy?: AwsPolicyDocument;
+    roleName?: AwsRoleName;
+}
+export interface GcpIdentity {
+    cloudAccountLink: string;
+    scopes?: string[];
+    serviceAccount?: string;
+    bindings?: {
+        resource?: string;
+        roles?: GcpRoleName[];
+    }[];
+}
+export interface NgsIdentity {
+    cloudAccountLink: string;
+    pub?: {
+        allow?: string[];
+        deny?: string[];
+    };
+    sub?: {
+        allow?: string[];
+        deny?: string[];
+    };
+    resp?: {
+        max?: number;
+        ttl?: string;
+    };
+    subs?: number;
+    data?: number;
+    payload?: number;
+}
+export interface AzureRoleAssignment {
+    scope?: string;
+    roles?: string[];
+}
+export interface AzureIdentity {
+    cloudAccountLink: string;
+    roleAssignments?: AzureRoleAssignment[];
+}
+export interface Status {
+    objectName?: string;
+}
+export interface NetworkResource {
+    name: Name | string;
+    agentLink?: string;
+    IPs?: string[];
+    FQDN?: string;
+    resolverIP?: string;
+    ports: number[];
+}
+export interface NativeNetworkResource {
+    name: Name | string;
+    FQDN?: string;
+    ports: number[];
+    awsPrivateLink?: {
+        endpointServiceName: string;
+    };
+    gcpServiceConnect?: {
+        targetService: string;
+    };
+}
+export interface SpicedbAccess {
+    clusterLink: string;
+    role: 'checkPermission' | 'read' | 'write';
+}
+export interface MemcacheAccess {
+    clusterLink: string;
+    role: 'readWrite';
+}
+export interface Identity {
+    id?: string;
+    name?: Name;
+    kind?: Kind;
+    version?: number;
+    description?: string;
+    tags?: Tags;
+    created?: Date;
+    lastModified?: Date;
+    links?: Links;
+    aws?: AwsIdentity;
+    gcp?: GcpIdentity;
+    azure?: AzureIdentity;
+    ngs?: NgsIdentity;
+    networkResources?: NetworkResource[];
+    nativeNetworkResources?: NativeNetworkResource[];
+    memcacheAccess?: MemcacheAccess[];
+    spicedbAccess?: SpicedbAccess[];
+    status?: Status;
+    gvc?: any;
+}

package/build/src/interfaces/image.d.ts

@@ -0,0 +1,25 @@
+import { Kind, Tags, Links } from './base';
+export interface Image {
+    id?: string;
+    name?: string;
+    kind?: Kind;
+    version?: number;
+    created?: Date;
+    lastModified?: Date;
+    tags?: Tags;
+    links?: Links;
+    repository?: string;
+    tag?: string;
+    manifest?: {
+        [x: string]: any;
+    };
+    digest?: string;
+}
+export interface ImageSummary {
+    kind?: Kind;
+    links?: Links;
+    repositories?: {
+        name?: string;
+        tagsCount?: number;
+    }[];
+}

package/build/src/interfaces/location.d.ts

@@ -0,0 +1,31 @@
+import { Name, Kind, Tags, Links } from './base';
+export interface LocationSpec {
+    enabled?: boolean;
+}
+export interface LocationStatus {
+    geo?: {
+        lat?: number;
+        lon?: number;
+        country?: string;
+        state?: string;
+        city?: string;
+        continent?: string;
+    };
+    ipRanges?: string[];
+}
+export interface Location {
+    id?: string;
+    name?: Name;
+    kind?: Kind;
+    version?: number;
+    description?: string;
+    tags?: Tags;
+    created?: Date;
+    lastModified?: Date;
+    links?: Links;
+    origin?: 'builtin' | 'default' | 'custom';
+    provider?: 'aws' | 'gcp' | 'azure' | 'byok' | 'linode' | 'vultr' | 'equinix';
+    region?: string;
+    spec?: LocationSpec;
+    status?: LocationStatus;
+}

package/build/src/interfaces/memcache.d.ts

@@ -0,0 +1,46 @@
+import { Name, Kind, Tags, Links } from './base';
+export interface MemcacheOptions {
+    evictionsDisabled?: boolean;
+    idleTimeoutSeconds?: number;
+    maxItemSizeKiB?: number;
+    maxConnections?: number;
+}
+export interface ClusterSpec {
+    nodeCount: number;
+    nodeSizeGiB: number;
+    version?: '1.6.17' | '1.5.22';
+    options?: {
+        evictionsDisabled?: boolean;
+        idleTimeoutSeconds?: number;
+        maxItemSizeKiB?: number;
+        maxConnections?: number;
+    };
+    locations?: string[];
+}
+export interface ClusterStatus {
+    [x: string]: any;
+}
+export interface MemcacheCluster {
+    id?: string;
+    name?: Name;
+    kind?: Kind;
+    version?: number;
+    description?: string;
+    tags?: Tags;
+    created?: Date;
+    lastModified?: Date;
+    links?: Links;
+    spec: {
+        nodeCount: number;
+        nodeSizeGiB: number;
+        version?: '1.6.17' | '1.5.22';
+        options?: {
+            evictionsDisabled?: boolean;
+            idleTimeoutSeconds?: number;
+            maxItemSizeKiB?: number;
+            maxConnections?: number;
+        };
+        locations?: string[];
+    };
+    status?: ClusterStatus;
+}