From d57cf9a5e37dcc4c2b70781ffd18c7ae7eb55ff7 Mon Sep 17 00:00:00 2001 From: Max McAdam Date: Mon, 23 Oct 2023 10:54:59 -0700 Subject: [PATCH] Issue 3721 - NodeSecret: documentation Signed-off-by: Max McAdam --- agreementbot/secrets/secrets.go | 2 + agreementbot/secure_api.go | 375 +++++++++++++++++- docs/agbot_secure_api.json | 670 +++++++++++++++++++++++++++----- 3 files changed, 942 insertions(+), 105 deletions(-) diff --git a/agreementbot/secrets/secrets.go b/agreementbot/secrets/secrets.go index 9acf6d621..be2fc431a 100644 --- a/agreementbot/secrets/secrets.go +++ b/agreementbot/secrets/secrets.go @@ -51,6 +51,8 @@ type AgbotSecrets interface { GetSecretMetadata(secretOrg, secretUser, secretNode, secretName string) (SecretMetadata, error) } +// SecretDetails The key value pair of one secret +// swagger:model type SecretDetails struct { Key string `json:"key"` Value string `json:"value"` diff --git a/agreementbot/secure_api.go b/agreementbot/secure_api.go index 3c6c49052..d682fc7d9 100644 --- a/agreementbot/secure_api.go +++ b/agreementbot/secure_api.go @@ -1086,9 +1086,7 @@ type SecretRequestInfo struct { // type: string // required: false // description: "The secret key (name)." -// // responses: -// // '400': // description: "Secret org or name does not meet constraints." // schema: @@ -1097,6 +1095,7 @@ type SecretRequestInfo struct { // description: "Secret provider not ready or not configured." // schema: // type: string + func (a *SecureAPI) secretsSetup(w http.ResponseWriter, r *http.Request) *SecretRequestInfo { // Process in the inputs and verify that they are consistent with the logged in user. @@ -1325,6 +1324,35 @@ func (a *SecureAPI) orgSecret(w http.ResponseWriter, r *http.Request) { // handle API options switch r.Method { + // swagger:operation GET /org/{org}/secrets/{secret} orgSecret + // + // List given secret belonging to the org. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // '200': + // description: "Success." + // type: secrets.SecretDetails + // "$ref": "#/definitions/SecretDetails" + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "GET": // pull details for an org-level secret secretDetails, err := a.secretProvider.GetSecretDetails(info.ec.GetExchangeId(), info.ec.GetExchangeToken(), info.org, "", "", info.vaultSecretName) @@ -1343,6 +1371,42 @@ func (a *SecureAPI) orgSecret(w http.ResponseWriter, r *http.Request) { } case "PUT": fallthrough + // swagger:operation POST /org/{org}/secrets/{secret} orgSecret + // + // Delete a given secret belonging to the org. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // parameters: + // - name: secretDetails + // in: query + // type: secrets.SecretDetails + // required: true + // description: "The secret key and value." + // schema: + // "$ref": "#/definitions/SecretDetails" + // responses: + // '200': + // description: "Success." + // type: string + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "POST": // create an org-level secret @@ -1359,6 +1423,34 @@ func (a *SecureAPI) orgSecret(w http.ResponseWriter, r *http.Request) { } else { writeResponse(w, errMsg, serr.ResponseCode) } + // swagger:operation DELETE /org/{org}/secrets/{secret} orgSecret + // + // Delete a given secret belonging to the org. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // '200': + // description: "Success." + // type: string + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "DELETE": // delete an org-level secret err := a.secretProvider.DeleteOrgSecret(info.ec.GetExchangeId(), info.ec.GetExchangeToken(), info.org, info.vaultSecretName) @@ -1460,6 +1552,35 @@ func (a *SecureAPI) userSecret(w http.ResponseWriter, r *http.Request) { // handle API options userPath := "user/" + info.user + cliutils.AddSlash(info.vaultSecretName) switch r.Method { + // swagger:operation GET /org/{org}/secrets/user/{user}/{secret} userSecret + // + // List given secret belonging to the user. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // '200': + // description: "Success." + // type: secrets.SecretDetails + // "$ref": "#/definitions/SecretDetails" + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "GET": // pull details for a user-level secret secretDetails, err := a.secretProvider.GetSecretDetails(info.ec.GetExchangeId(), info.ec.GetExchangeToken(), info.org, info.user, "", info.vaultSecretName) @@ -1478,6 +1599,42 @@ func (a *SecureAPI) userSecret(w http.ResponseWriter, r *http.Request) { } case "PUT": fallthrough + // swagger:operation POST /org/{org}/secrets/user/{user}/{secret} userSecret + // + // Delete a given secret belonging to the user. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // parameters: + // - name: secretDetails + // in: query + // type: secrets.SecretDetails + // required: true + // description: "The secret key and value." + // schema: + // "$ref": "#/definitions/SecretDetails" + // responses: + // '200': + // description: "Success." + // type: string + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "POST": // create a user-level secret @@ -1494,6 +1651,34 @@ func (a *SecureAPI) userSecret(w http.ResponseWriter, r *http.Request) { } else { writeResponse(w, errMsg, serr.ResponseCode) } + // swagger:operation DELETE /org/{org}/secrets/user/{user}/{secret} userSecret + // + // Delete a given secret belonging to the user. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // '200': + // description: "Success." + // type: string + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "DELETE": err := a.secretProvider.DeleteOrgUserSecret(info.ec.GetExchangeId(), info.ec.GetExchangeToken(), info.org, userPath) if serr, errMsg := a.errCheck(err, "remove", info); serr == nil { @@ -1519,6 +1704,35 @@ func (a *SecureAPI) nodeSecret(w http.ResponseWriter, r *http.Request) { // handle API options nodePath := "node/" + info.node + cliutils.AddSlash(info.vaultSecretName) switch r.Method { + // swagger:operation GET /org/{org}/secrets/node/{node}/{secret} nodeOrgSecret + // + // List given secret belonging to the org for a node. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // '200': + // description: "Success." + // type: secrets.SecretDetails + // "$ref": "#/definitions/SecretDetails" + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "GET": // pull details for a node org-level secret secretDetails, err := a.secretProvider.GetSecretDetails(info.ec.GetExchangeId(), info.ec.GetExchangeToken(), info.org, "", info.node, info.vaultSecretName) @@ -1537,6 +1751,42 @@ func (a *SecureAPI) nodeSecret(w http.ResponseWriter, r *http.Request) { } case "PUT": fallthrough + // swagger:operation POST /org/{org}/secrets/node/{node}/{secret} nodeOrgSecret + // + // Delete a given secret belonging to the org for a node. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // parameters: + // - name: secretDetails + // in: query + // type: secrets.SecretDetails + // required: true + // description: "The secret key and value." + // schema: + // "$ref": "#/definitions/SecretDetails" + // responses: + // '200': + // description: "Success." + // type: string + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "POST": // create a node org-level secret @@ -1553,6 +1803,34 @@ func (a *SecureAPI) nodeSecret(w http.ResponseWriter, r *http.Request) { } else { writeResponse(w, errMsg, serr.ResponseCode) } + // swagger:operation DELETE /org/{org}/secrets/node/{node}/{secret} nodeOrgSecret + // + // Delete a given secret belonging to the org for a node. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // '200': + // description: "Success." + // type: string + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "DELETE": err := a.secretProvider.DeleteOrgNodeSecret(info.ec.GetExchangeId(), info.ec.GetExchangeToken(), info.org, nodePath) if serr, errMsg := a.errCheck(err, "remove", info); serr == nil { @@ -1578,6 +1856,35 @@ func (a *SecureAPI) nodeUserSecret(w http.ResponseWriter, r *http.Request) { // handle API options nodeUserPath := "user/" + info.user + "/node/" + info.node + cliutils.AddSlash(info.vaultSecretName) switch r.Method { + // swagger:operation GET /org/{org}/secrets/user/{user}/node/{node}/{secret} nodeUserSecret + // + // List given secret belonging to the user for a node. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // '200': + // description: "Success." + // type: secrets.SecretDetails + // "$ref": "#/definitions/SecretDetails" + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "GET": // pull details for a user-level secret secretDetails, err := a.secretProvider.GetSecretDetails(info.ec.GetExchangeId(), info.ec.GetExchangeToken(), info.org, info.user, info.node, info.vaultSecretName) @@ -1596,6 +1903,42 @@ func (a *SecureAPI) nodeUserSecret(w http.ResponseWriter, r *http.Request) { } case "PUT": fallthrough + // swagger:operation POST /org/{org}/secrets/user/{user}/node/{node}/{secret} userSecret + // + // Delete a given secret belonging to the user for a node. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // parameters: + // - name: secretDetails + // in: query + // type: secrets.SecretDetails + // required: true + // description: "The secret key and value." + // schema: + // "$ref": "#/definitions/SecretDetails" + // responses: + // '200': + // description: "Success." + // type: string + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "POST": // create a user-level secret @@ -1612,6 +1955,34 @@ func (a *SecureAPI) nodeUserSecret(w http.ResponseWriter, r *http.Request) { } else { writeResponse(w, errMsg, serr.ResponseCode) } + // swagger:operation DELETE /org/{org}/secrets/user/{user}/{secret} nodeUserSecret + // + // Delete a given secret belonging to the user for a node. + // + // --- + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // '200': + // description: "Success." + // type: string + // '401': + // description: "Unauthenticated user." + // type: string + // '403': + // description: "Secrets permission denied to user." + // type: string + // '404': + // description: "Secret does not exist." + // type: string + // '503': + // description: "Secret provider unavailable" + // type: string + // '500': + // description: "Invalid vault response" + // type: string case "DELETE": err := a.secretProvider.DeleteUserNodeSecret(info.ec.GetExchangeId(), info.ec.GetExchangeToken(), info.org, nodeUserPath) if serr, errMsg := a.errCheck(err, "remove", info); serr == nil { diff --git a/docs/agbot_secure_api.json b/docs/agbot_secure_api.json index c0d2bb5af..12291ca7b 100644 --- a/docs/agbot_secure_api.json +++ b/docs/agbot_secure_api.json @@ -54,8 +54,14 @@ }, { "type": "string", - "description": "The organization of the node.", - "name": "node_org", + "description": "The type of the node. It can be device or cluster. The default is device. It can be omitted if node_id is specified.", + "name": "node_type", + "in": "body" + }, + { + "type": "string", + "description": "The kubernetes namespace for the node with cluster type. The default namespace is openhorizon-agent. It can be omitted if node_id is specified or the node_type is device.", + "name": "node_cluster_namespace", "in": "body" }, { @@ -184,6 +190,18 @@ "name": "node_arch", "in": "body" }, + { + "type": "string", + "description": "The type of the node. It can be device or cluster. The default is device. It can be omitted if node_id is specified.", + "name": "node_type", + "in": "body" + }, + { + "type": "string", + "description": "The kubernetes namespace for the node with cluster type. The default namespace is openhorizon-agent. It can be omitted if node_id is specified or the node_type is device.", + "name": "node_cluster_namespace", + "in": "body" + }, { "description": "The node policy that will be put in the exchange. Mutually exclusive with node_id.", "name": "node_policy", @@ -388,6 +406,18 @@ "name": "node_arch", "in": "body" }, + { + "type": "string", + "description": "The type of the node. It can be device or cluster. The default is device. It can be omitted if node_id is specified.", + "name": "node_type", + "in": "body" + }, + { + "type": "string", + "description": "The kubernetes namespace for the node with cluster type. The default namespace is openhorizon-agent. It can be omitted if node_id is specified.", + "name": "node_cluster_namespace", + "in": "body" + }, { "description": "The user input that will be put in the exchange for the services. Mutually exclusive with node_id.", "name": "node_user_input", @@ -485,25 +515,399 @@ "name": "user", "in": "query" }, + { + "type": "string", + "description": "The node the secret is for.", + "name": "node", + "in": "query" + }, { "type": "string", "description": "The secret key (name).", "name": "secret", "in": "query" } + ] + } + }, + "/org/{org}/secrets/node/{node}/{secret}": { + "get": { + "consumes": [ + "application/json" ], + "produces": [ + "application/json" + ], + "summary": "List given secret belonging to the org for a node.", + "operationId": "nodeOrgSecret", "responses": { - "400": { - "description": "Secret org or name does not meet constraints.", - "schema": { - "type": "string" - } + "200": { + "description": "Success.", + "$ref": "#/definitions/SecretDetails" + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" }, "503": { - "description": "Secret provider not ready or not configured.", - "schema": { - "type": "string" - } + "description": "Secret provider unavailable" + } + } + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Delete a given secret belonging to the org for a node.", + "operationId": "nodeOrgSecret", + "parameters": [ + { + "$ref": "#/definitions/SecretDetails", + "type": "secrets.SecretDetails", + "description": "The secret key and value.", + "name": "secretDetails", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "Success." + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + }, + "delete": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Delete a given secret belonging to the org for a node.", + "operationId": "nodeOrgSecret", + "responses": { + "200": { + "description": "Success." + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + } + }, + "/org/{org}/secrets/user/{user}/node/{node}/{secret}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "List given secret belonging to the user for a node.", + "operationId": "nodeUserSecret", + "responses": { + "200": { + "description": "Success.", + "$ref": "#/definitions/SecretDetails" + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Delete a given secret belonging to the user for a node.", + "operationId": "userSecret", + "parameters": [ + { + "$ref": "#/definitions/SecretDetails", + "type": "secrets.SecretDetails", + "description": "The secret key and value.", + "name": "secretDetails", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "Success." + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + } + }, + "/org/{org}/secrets/user/{user}/{secret}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "List given secret belonging to the user.", + "operationId": "userSecret", + "responses": { + "200": { + "description": "Success.", + "$ref": "#/definitions/SecretDetails" + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Delete a given secret belonging to the user.", + "operationId": "userSecret", + "parameters": [ + { + "$ref": "#/definitions/SecretDetails", + "type": "secrets.SecretDetails", + "description": "The secret key and value.", + "name": "secretDetails", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "Success." + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + }, + "delete": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Delete a given secret belonging to the user for a node.", + "operationId": "nodeUserSecret", + "responses": { + "200": { + "description": "Success." + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + } + }, + "/org/{org}/secrets/{secret}": { + "get": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "List given secret belonging to the org.", + "operationId": "orgSecret", + "responses": { + "200": { + "description": "Success.", + "$ref": "#/definitions/SecretDetails" + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + }, + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Delete a given secret belonging to the org.", + "operationId": "orgSecret", + "parameters": [ + { + "$ref": "#/definitions/SecretDetails", + "type": "secrets.SecretDetails", + "description": "The secret key and value.", + "name": "secretDetails", + "in": "query", + "required": true + } + ], + "responses": { + "200": { + "description": "Success." + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" + } + } + }, + "delete": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "summary": "Delete a given secret belonging to the org.", + "operationId": "orgSecret", + "responses": { + "200": { + "description": "Success." + }, + "401": { + "description": "Unauthenticated user." + }, + "403": { + "description": "Secrets permission denied to user." + }, + "404": { + "description": "Secret does not exist." + }, + "500": { + "description": "Invalid vault response" + }, + "503": { + "description": "Secret provider unavailable" } } } @@ -513,6 +917,9 @@ "AbstractPatternFile": { "type": "object", "properties": { + "GetClusterNamespace": { + "type": "string" + }, "GetOrg": { "type": "string" }, @@ -546,12 +953,8 @@ "GetArch": { "type": "string" }, - "GetClusterDeployment": { - "type": "object" - }, - "GetDeployment": { - "type": "object" - }, + "GetClusterDeployment": {}, + "GetDeployment": {}, "GetOrg": { "type": "string" }, @@ -694,6 +1097,13 @@ }, "x-go-package": "github.com/open-horizon/anax/businesspolicy" }, + "ChangeType": { + "description": "Can be one of:\n\n`0`: Modified (\"C\")\n`1`: Added (\"A\")\n`2`: Deleted (\"D\")", + "type": "integer", + "format": "uint8", + "title": "ChangeType Kind of change", + "x-go-package": "github.com/docker/docker/api/types/container" + }, "CompCheckOutput": { "description": "CompCheckOutput The output format for the compatibility check", "type": "object", @@ -752,10 +1162,18 @@ "type": "string", "x-go-name": "NodeArch" }, + "node_cluster_namespace": { + "type": "string", + "x-go-name": "NodeClusterNS" + }, "node_id": { "type": "string", "x-go-name": "NodeId" }, + "node_namespace_scoped": { + "type": "boolean", + "x-go-name": "NodeNamespaceScoped" + }, "node_org": { "type": "string", "x-go-name": "NodeOrg" @@ -806,49 +1224,6 @@ }, "x-go-package": "github.com/open-horizon/anax/externalpolicy" }, - "ContainerChangeResponseItem": { - "description": "ContainerChangeResponseItem change item in response to ContainerChanges operation", - "type": "object", - "required": [ - "Kind", - "Path" - ], - "properties": { - "Kind": { - "description": "Kind of change", - "type": "integer", - "format": "uint8" - }, - "Path": { - "description": "Path to file that has changed", - "type": "string" - } - }, - "x-go-package": "github.com/docker/docker/api/types/container" - }, - "ContainerCreateCreatedBody": { - "description": "ContainerCreateCreatedBody OK response to ContainerCreate operation", - "type": "object", - "required": [ - "Id", - "Warnings" - ], - "properties": { - "Id": { - "description": "The ID of the created container", - "type": "string", - "x-go-name": "ID" - }, - "Warnings": { - "description": "Warnings encountered when creating the container", - "type": "array", - "items": { - "type": "string" - } - } - }, - "x-go-package": "github.com/docker/docker/api/types/container" - }, "ContainerTopOKBody": { "description": "ContainerTopOKBody OK response to ContainerTop operation", "type": "object", @@ -894,32 +1269,26 @@ }, "x-go-package": "github.com/docker/docker/api/types/container" }, - "ContainerWaitOKBody": { - "description": "ContainerWaitOKBody OK response to ContainerWait operation", + "CreateResponse": { + "description": "OK response to ContainerCreate operation", "type": "object", + "title": "CreateResponse ContainerCreateResponse", "required": [ - "Error", - "StatusCode" + "Id", + "Warnings" ], "properties": { - "Error": { - "$ref": "#/definitions/ContainerWaitOKBodyError" + "Id": { + "description": "The ID of the created container", + "type": "string", + "x-go-name": "ID" }, - "StatusCode": { - "description": "Exit code of the container", - "type": "integer", - "format": "int64" - } - }, - "x-go-package": "github.com/docker/docker/api/types/container" - }, - "ContainerWaitOKBodyError": { - "description": "ContainerWaitOKBodyError container waiting error, if any", - "type": "object", - "properties": { - "Message": { - "description": "Details of an error", - "type": "string" + "Warnings": { + "description": "Warnings encountered when creating the container", + "type": "array", + "items": { + "type": "string" + } } }, "x-go-package": "github.com/docker/docker/api/types/container" @@ -971,14 +1340,43 @@ }, "x-go-package": "github.com/open-horizon/anax/externalpolicy" }, + "FilesystemChange": { + "type": "object", + "title": "FilesystemChange Change in the container's filesystem.", + "required": [ + "Kind", + "Path" + ], + "properties": { + "Kind": { + "$ref": "#/definitions/ChangeType" + }, + "Path": { + "description": "Path to file or directory that has changed.", + "type": "string" + } + }, + "x-go-package": "github.com/docker/docker/api/types/container" + }, "HardwareRequirement": { "type": "object", "title": "This type is used to abstract the various edge node hardware requirements. The schema is left wide open.", - "additionalProperties": { - "type": "object" - }, + "additionalProperties": {}, "x-go-package": "github.com/open-horizon/anax/exchange" }, + "Input": { + "type": "object", + "properties": { + "name": { + "type": "string", + "x-go-name": "Name" + }, + "value": { + "x-go-name": "Value" + } + }, + "x-go-package": "github.com/open-horizon/anax/policy" + }, "Meter": { "type": "object", "properties": { @@ -1013,7 +1411,7 @@ "x-go-name": "MissingHBInterval" } }, - "x-go-package": "github.com/open-horizon/anax/businesspolicy" + "x-go-package": "github.com/open-horizon/anax/exchange" }, "NodePolicy": { "description": "NodePolicy the node policy\nThe properties and constraints defined in the top-level are common\nproperties and constraints that are used by both Deployment and Management.\nIf the same property name is defined in the second level (Deployment or Management),\nthe perperty value of the second level takes the precedence.\nIf there are constraints defined in the second level, all the constraints defined in\nthe top level will be ignored.", @@ -1054,6 +1452,10 @@ }, "x-go-name": "AgreementProtocols" }, + "clusterNamespace": { + "type": "string", + "x-go-name": "ClusterNamespace" + }, "description": { "type": "string", "x-go-name": "Description" @@ -1110,7 +1512,6 @@ "x-go-name": "Type" }, "value": { - "type": "object", "x-go-name": "Value" } }, @@ -1128,6 +1529,10 @@ "description": "The secret binding that maps service secret names to secret manager secret names", "type": "object", "properties": { + "enableNodeLevelSecrets": { + "type": "boolean", + "x-go-name": "EnableNodeLevelSecrets" + }, "secrets": { "type": "array", "items": { @@ -1154,11 +1559,25 @@ }, "x-go-package": "github.com/open-horizon/anax/exchangecommon" }, + "SecretDetails": { + "description": "SecretDetails The key value pair of one secret", + "type": "object", + "properties": { + "key": { + "type": "string", + "x-go-name": "Key" + }, + "value": { + "type": "string", + "x-go-name": "Value" + } + }, + "x-go-package": "github.com/open-horizon/anax/agreementbot/secrets" + }, "ServiceChoiceFile": { "type": "object", "properties": { "deployment_overrides": { - "type": "object", "x-go-name": "DeploymentOverrides" }, "deployment_overrides_signature": { @@ -1295,7 +1714,6 @@ "x-go-name": "Arch" }, "clusterDeployment": { - "type": "object", "x-go-name": "ClusterDeployment" }, "clusterDeploymentSignature": { @@ -1303,7 +1721,6 @@ "x-go-name": "ClusterDeploymentSignature" }, "deployment": { - "type": "object", "x-go-name": "Deployment" }, "deploymentSignature": { @@ -1324,9 +1741,7 @@ }, "matchHardware": { "type": "object", - "additionalProperties": { - "type": "object" - }, + "additionalProperties": {}, "x-go-name": "MatchHardware" }, "org": { @@ -1373,6 +1788,10 @@ "type": "string", "x-go-name": "Arch" }, + "clusterNamespace": { + "type": "string", + "x-go-name": "ClusterNamespace" + }, "name": { "type": "string", "x-go-name": "Name" @@ -1476,34 +1895,79 @@ "x-go-name": "Time" } }, - "x-go-package": "github.com/open-horizon/anax/businesspolicy" + "x-go-package": "github.com/open-horizon/anax/exchange" }, "UserInput": { "type": "object", "title": "UserInput This type is used to describe a configuration variable that the node owner/user has to set before the service is able to execute on the edge node.", "properties": { - "defaultValue": { + "inputs": { + "type": "array", + "items": { + "$ref": "#/definitions/Input" + }, + "x-go-name": "Inputs" + }, + "serviceArch": { "type": "string", - "x-go-name": "DefaultValue" + "x-go-name": "ServiceArch" }, - "label": { + "serviceOrgid": { "type": "string", - "x-go-name": "Label" + "x-go-name": "ServiceOrgid" }, - "name": { + "serviceUrl": { "type": "string", - "x-go-name": "Name" + "x-go-name": "ServiceUrl" }, - "type": { + "serviceVersionRange": { "type": "string", - "x-go-name": "Type" + "x-go-name": "ServiceVersionRange" } }, - "x-go-package": "github.com/open-horizon/anax/exchangecommon" + "x-go-package": "github.com/open-horizon/anax/policy" + }, + "WaitExitError": { + "description": "WaitExitError container waiting error, if any", + "type": "object", + "properties": { + "Message": { + "description": "Details of an error", + "type": "string" + } + }, + "x-go-package": "github.com/docker/docker/api/types/container" + }, + "WaitResponse": { + "description": "OK response to ContainerWait operation", + "type": "object", + "title": "WaitResponse ContainerWaitResponse", + "required": [ + "StatusCode" + ], + "properties": { + "Error": { + "$ref": "#/definitions/WaitExitError" + }, + "StatusCode": { + "description": "Exit code of the container", + "type": "integer", + "format": "int64" + } + }, + "x-go-package": "github.com/docker/docker/api/types/container" }, "WorkloadChoice": { "type": "object", "properties": { + "deployment_overrides": { + "type": "string", + "x-go-name": "DeploymentOverrides" + }, + "deployment_overrides_signature": { + "type": "string", + "x-go-name": "DeploymentOverridesSignature" + }, "priority": { "$ref": "#/definitions/WorkloadPriority" }, @@ -1515,7 +1979,7 @@ "x-go-name": "Version" } }, - "x-go-package": "github.com/open-horizon/anax/businesspolicy" + "x-go-package": "github.com/open-horizon/anax/exchange" }, "WorkloadPriority": { "type": "object",