diff --git a/shared/management/http/api/openapi.yml b/shared/management/http/api/openapi.yml index 635255645..a61281ab6 100644 --- a/shared/management/http/api/openapi.yml +++ b/shared/management/http/api/openapi.yml @@ -36,8 +36,8 @@ tags: x-cloud-only: true - name: Identity Providers description: Interact with and view information about identity providers. - - name: Services - description: Interact with and view information about exposed services. + - name: Reverse Proxy + description: Interact with and view information about reverse proxies. - name: Instance description: Instance setup and status endpoints for initial configuration. components: @@ -2431,145 +2431,154 @@ components: - issuer - client_id - client_secret - Service: + ReverseProxy: type: object properties: id: type: string - description: Service ID + description: Reverse proxy ID name: type: string - description: Service name - description: - type: string - description: Service description + description: Reverse proxy name domain: type: string - description: Domain for the service + description: Domain for the reverse proxy targets: type: array items: - $ref: '#/components/schemas/ServiceTarget' - description: List of target backends for this service - distribution_groups: - type: array - items: - type: string - description: List of group IDs that can access this service + $ref: '#/components/schemas/ReverseProxyTarget' + description: List of target backends for this reverse proxy enabled: type: boolean - description: Whether the service is enabled - exposed: - type: boolean - description: Whether the service is exposed + description: Whether the reverse proxy is enabled auth: - $ref: '#/components/schemas/ServiceAuthConfig' + $ref: '#/components/schemas/ReverseProxyAuthConfig' required: - id - name - domain - targets - - distribution_groups - enabled - - exposed - ServiceRequest: + - auth + ReverseProxyRequest: type: object properties: name: type: string - description: Service name - description: - type: string - description: Service description + description: Reverse proxy name domain: type: string - description: Domain for the service + description: Domain for the reverse proxy targets: type: array items: - $ref: '#/components/schemas/ServiceTarget' - description: List of target backends for this service - distribution_groups: - type: array - items: - type: string - description: List of group IDs that can access this service + $ref: '#/components/schemas/ReverseProxyTarget' + description: List of target backends for this reverse proxy enabled: type: boolean - description: Whether the service is enabled + description: Whether the reverse proxy is enabled default: true - exposed: - type: boolean - description: Whether the service is exposed - default: false auth: - $ref: '#/components/schemas/ServiceAuthConfig' + $ref: '#/components/schemas/ReverseProxyAuthConfig' required: - name - domain - targets - - distribution_groups - ServiceTarget: + - auth + - enabled + ReverseProxyTarget: type: object properties: + target_id: + type: string + description: Target ID + target_type: + type: string + description: Target type (e.g., "peer", "resource") + enum: [peer, resource] path: type: string description: URL path prefix for this target + protocol: + type: string + description: Protocol to use when connecting to the backend + enum: [http, https] host: type: string - description: Backend host:port for this target + description: Backend ip or domain for this target + port: + type: integer + description: Backend port for this target enabled: type: boolean description: Whether this target is enabled required: - - path + - target_id + - target_type + - protocol - host + - port - enabled - ServiceAuthConfig: + ReverseProxyAuthConfig: type: object properties: type: type: string - enum: [basic, pin, bearer] + enum: [password, pin, bearer, link] description: Authentication type - basic_auth: - $ref: '#/components/schemas/BasicAuthConfig' + password_auth: + $ref: '#/components/schemas/PasswordAuthConfig' pin_auth: $ref: '#/components/schemas/PINAuthConfig' bearer_auth: $ref: '#/components/schemas/BearerAuthConfig' + link_auth: + $ref: '#/components/schemas/LinkAuthConfig' required: - type - BasicAuthConfig: + PasswordAuthConfig: type: object properties: - username: - type: string - description: Basic auth username + enabled: + type: boolean + description: Whether password auth is enabled password: type: string - description: Basic auth password + description: Auth password required: - - username + - enabled - password PINAuthConfig: type: object properties: + enabled: + type: boolean + description: Whether PIN auth is enabled pin: type: string description: PIN value - header: - type: string - description: HTTP header name for PIN required: + - enabled - pin - - header BearerAuthConfig: type: object properties: enabled: type: boolean description: Whether bearer auth is enabled + distribution_groups: + type: array + items: + type: string + description: List of group IDs that can use bearer auth + required: + - enabled + LinkAuthConfig: + type: object + properties: + enabled: + type: boolean + description: Whether link auth is enabled required: - enabled InstanceStatus: @@ -5773,23 +5782,23 @@ paths: "$ref": "#/components/responses/forbidden" '500': "$ref": "#/components/responses/internal_error" - /api/services: + /api/reverse-proxy: get: - summary: List all Services - description: Returns a list of all exposed services - tags: [ Services ] + summary: List all Reverse Proxies + description: Returns a list of all reverse proxies + tags: [ Reverse Proxy ] security: - BearerAuth: [ ] - TokenAuth: [ ] responses: '200': - description: A JSON Array of Services + description: A JSON Array of reverse proxies content: application/json: schema: type: array items: - $ref: '#/components/schemas/Service' + $ref: '#/components/schemas/ReverseProxy' '401': "$ref": "#/components/responses/requires_authentication" '403': @@ -5797,25 +5806,25 @@ paths: '500': "$ref": "#/components/responses/internal_error" post: - summary: Create a Service - description: Creates a new exposed service - tags: [ Services ] + summary: Create a Reverse Proxy + description: Creates a new reverse proxy + tags: [ Reverse Proxy ] security: - BearerAuth: [ ] - TokenAuth: [ ] requestBody: - description: New service request + description: New reverse proxy request content: application/json: schema: - $ref: '#/components/schemas/ServiceRequest' + $ref: '#/components/schemas/ReverseProxyRequest' responses: '200': - description: Service created + description: Reverse proxy created content: application/json: schema: - $ref: '#/components/schemas/Service' + $ref: '#/components/schemas/ReverseProxy' '400': "$ref": "#/components/responses/bad_request" '401': @@ -5824,28 +5833,28 @@ paths: "$ref": "#/components/responses/forbidden" '500': "$ref": "#/components/responses/internal_error" - /api/services/{serviceId}: + /api/reverse-proxy/{proxyId}: get: - summary: Retrieve a Service - description: Get information about a specific service - tags: [ Services ] + summary: Retrieve a Reverse Proxy + description: Get information about a specific reverse proxy + tags: [ Reverse Proxy ] security: - BearerAuth: [ ] - TokenAuth: [ ] parameters: - in: path - name: serviceId + name: proxyId required: true schema: type: string - description: The unique identifier of a service + description: The unique identifier of a reverse proxy responses: '200': - description: A Service object + description: A reverse proxy object content: application/json: schema: - $ref: '#/components/schemas/Service' + $ref: '#/components/schemas/ReverseProxy' '400': "$ref": "#/components/responses/bad_request" '401': @@ -5857,32 +5866,32 @@ paths: '500': "$ref": "#/components/responses/internal_error" put: - summary: Update a Service - description: Update an existing service configuration - tags: [ Services ] + summary: Update a Reverse Proxy + description: Update an existing reverse proxy + tags: [ Reverse Proxy ] security: - BearerAuth: [ ] - TokenAuth: [ ] parameters: - in: path - name: serviceId + name: proxyId required: true schema: type: string - description: The unique identifier of a service + description: The unique identifier of a reverse proxy requestBody: - description: Service update request + description: Reverse proxy update request content: application/json: schema: - $ref: '#/components/schemas/ServiceRequest' + $ref: '#/components/schemas/ReverseProxyRequest' responses: '200': - description: Service updated + description: Reverse proxy updated content: application/json: schema: - $ref: '#/components/schemas/Service' + $ref: '#/components/schemas/ReverseProxy' '400': "$ref": "#/components/responses/bad_request" '401': @@ -5894,22 +5903,22 @@ paths: '500': "$ref": "#/components/responses/internal_error" delete: - summary: Delete a Service - description: Delete an existing service - tags: [ Services ] + summary: Delete a Reverse Proxy + description: Delete an existing reverse proxy + tags: [ Reverse Proxy ] security: - BearerAuth: [ ] - TokenAuth: [ ] parameters: - in: path - name: serviceId + name: proxyId required: true schema: type: string - description: The unique identifier of a service + description: The unique identifier of a reverse proxy responses: '200': - description: Service deleted + description: Reverse proxy deleted '400': "$ref": "#/components/responses/bad_request" '401': diff --git a/shared/management/http/api/types.gen.go b/shared/management/http/api/types.gen.go index e8162d874..6d95a8720 100644 --- a/shared/management/http/api/types.gen.go +++ b/shared/management/http/api/types.gen.go @@ -49,6 +49,9 @@ const ( EventActivityCodeRuleAdd EventActivityCode = "rule.add" EventActivityCodeRuleDelete EventActivityCode = "rule.delete" EventActivityCodeRuleUpdate EventActivityCode = "rule.update" + EventActivityCodeServiceCreate EventActivityCode = "service.create" + EventActivityCodeServiceDelete EventActivityCode = "service.delete" + EventActivityCodeServiceUpdate EventActivityCode = "service.update" EventActivityCodeServiceUserCreate EventActivityCode = "service.user.create" EventActivityCodeServiceUserDelete EventActivityCode = "service.user.delete" EventActivityCodeSetupkeyAdd EventActivityCode = "setupkey.add" @@ -193,11 +196,24 @@ const ( ResourceTypeSubnet ResourceType = "subnet" ) -// Defines values for ServiceAuthConfigType. +// Defines values for ReverseProxyAuthConfigType. const ( - ServiceAuthConfigTypeBasic ServiceAuthConfigType = "basic" - ServiceAuthConfigTypeBearer ServiceAuthConfigType = "bearer" - ServiceAuthConfigTypePin ServiceAuthConfigType = "pin" + ReverseProxyAuthConfigTypeBearer ReverseProxyAuthConfigType = "bearer" + ReverseProxyAuthConfigTypeLink ReverseProxyAuthConfigType = "link" + ReverseProxyAuthConfigTypePassword ReverseProxyAuthConfigType = "password" + ReverseProxyAuthConfigTypePin ReverseProxyAuthConfigType = "pin" +) + +// Defines values for ReverseProxyTargetProtocol. +const ( + ReverseProxyTargetProtocolHttp ReverseProxyTargetProtocol = "http" + ReverseProxyTargetProtocolHttps ReverseProxyTargetProtocol = "https" +) + +// Defines values for ReverseProxyTargetTargetType. +const ( + ReverseProxyTargetTargetTypePeer ReverseProxyTargetTargetType = "peer" + ReverseProxyTargetTargetTypeResource ReverseProxyTargetTargetType = "resource" ) // Defines values for UserStatus. @@ -375,17 +391,11 @@ type AvailablePorts struct { Udp int `json:"udp"` } -// BasicAuthConfig defines model for BasicAuthConfig. -type BasicAuthConfig struct { - // Password Basic auth password - Password string `json:"password"` - - // Username Basic auth username - Username string `json:"username"` -} - // BearerAuthConfig defines model for BearerAuthConfig. type BearerAuthConfig struct { + // DistributionGroups List of group IDs that can use bearer auth + DistributionGroups *[]string `json:"distribution_groups,omitempty"` + // Enabled Whether bearer auth is enabled Enabled bool `json:"enabled"` } @@ -777,6 +787,12 @@ type InstanceStatus struct { SetupRequired bool `json:"setup_required"` } +// LinkAuthConfig defines model for LinkAuthConfig. +type LinkAuthConfig struct { + // Enabled Whether link auth is enabled + Enabled bool `json:"enabled"` +} + // Location Describe geographical location information type Location struct { // CityName Commonly used English name of the city @@ -1149,13 +1165,22 @@ type OSVersionCheck struct { // PINAuthConfig defines model for PINAuthConfig. type PINAuthConfig struct { - // Header HTTP header name for PIN - Header string `json:"header"` + // Enabled Whether PIN auth is enabled + Enabled bool `json:"enabled"` // Pin PIN value Pin string `json:"pin"` } +// PasswordAuthConfig defines model for PasswordAuthConfig. +type PasswordAuthConfig struct { + // Enabled Whether password auth is enabled + Enabled bool `json:"enabled"` + + // Password Auth password + Password string `json:"password"` +} + // Peer defines model for Peer. type Peer struct { // ApprovalRequired (Cloud only) Indicates whether peer needs approval @@ -1717,6 +1742,87 @@ type Resource struct { // ResourceType defines model for ResourceType. type ResourceType string +// ReverseProxy defines model for ReverseProxy. +type ReverseProxy struct { + Auth ReverseProxyAuthConfig `json:"auth"` + + // Domain Domain for the reverse proxy + Domain string `json:"domain"` + + // Enabled Whether the reverse proxy is enabled + Enabled bool `json:"enabled"` + + // Id Reverse proxy ID + Id string `json:"id"` + + // Name Reverse proxy name + Name string `json:"name"` + + // Targets List of target backends for this reverse proxy + Targets []ReverseProxyTarget `json:"targets"` +} + +// ReverseProxyAuthConfig defines model for ReverseProxyAuthConfig. +type ReverseProxyAuthConfig struct { + BearerAuth *BearerAuthConfig `json:"bearer_auth,omitempty"` + LinkAuth *LinkAuthConfig `json:"link_auth,omitempty"` + PasswordAuth *PasswordAuthConfig `json:"password_auth,omitempty"` + PinAuth *PINAuthConfig `json:"pin_auth,omitempty"` + + // Type Authentication type + Type ReverseProxyAuthConfigType `json:"type"` +} + +// ReverseProxyAuthConfigType Authentication type +type ReverseProxyAuthConfigType string + +// ReverseProxyRequest defines model for ReverseProxyRequest. +type ReverseProxyRequest struct { + Auth ReverseProxyAuthConfig `json:"auth"` + + // Domain Domain for the reverse proxy + Domain string `json:"domain"` + + // Enabled Whether the reverse proxy is enabled + Enabled bool `json:"enabled"` + + // Name Reverse proxy name + Name string `json:"name"` + + // Targets List of target backends for this reverse proxy + Targets []ReverseProxyTarget `json:"targets"` +} + +// ReverseProxyTarget defines model for ReverseProxyTarget. +type ReverseProxyTarget struct { + // Enabled Whether this target is enabled + Enabled bool `json:"enabled"` + + // Host Backend ip or domain for this target + Host string `json:"host"` + + // Path URL path prefix for this target + Path *string `json:"path,omitempty"` + + // Port Backend port for this target + Port int `json:"port"` + + // Protocol Protocol to use when connecting to the backend + Protocol ReverseProxyTargetProtocol `json:"protocol"` + + // TargetId Target ID + TargetId string `json:"target_id"` + + // TargetType Target type (e.g., "peer", "resource") + TargetType ReverseProxyTargetTargetType `json:"target_type"` +} + +// ReverseProxyTargetProtocol Protocol to use when connecting to the backend +type ReverseProxyTargetProtocol string + +// ReverseProxyTargetTargetType Target type (e.g., "peer", "resource") +type ReverseProxyTargetTargetType string + // Route defines model for Route. type Route struct { // AccessControlGroups Access control group identifier associated with route. @@ -1816,86 +1922,6 @@ type RulePortRange struct { Start int `json:"start"` } -// Service defines model for Service. -type Service struct { - Auth *ServiceAuthConfig `json:"auth,omitempty"` - - // Description Service description - Description *string `json:"description,omitempty"` - - // DistributionGroups List of group IDs that can access this service - DistributionGroups []string `json:"distribution_groups"` - - // Domain Domain for the service - Domain string `json:"domain"` - - // Enabled Whether the service is enabled - Enabled bool `json:"enabled"` - - // Exposed Whether the service is exposed - Exposed bool `json:"exposed"` - - // Id Service ID - Id string `json:"id"` - - // Name Service name - Name string `json:"name"` - - // Targets List of target backends for this service - Targets []ServiceTarget `json:"targets"` -} - -// ServiceAuthConfig defines model for ServiceAuthConfig. -type ServiceAuthConfig struct { - BasicAuth *BasicAuthConfig `json:"basic_auth,omitempty"` - BearerAuth *BearerAuthConfig `json:"bearer_auth,omitempty"` - PinAuth *PINAuthConfig `json:"pin_auth,omitempty"` - - // Type Authentication type - Type ServiceAuthConfigType `json:"type"` -} - -// ServiceAuthConfigType Authentication type -type ServiceAuthConfigType string - -// ServiceRequest defines model for ServiceRequest. -type ServiceRequest struct { - Auth *ServiceAuthConfig `json:"auth,omitempty"` - - // Description Service description - Description *string `json:"description,omitempty"` - - // DistributionGroups List of group IDs that can access this service - DistributionGroups []string `json:"distribution_groups"` - - // Domain Domain for the service - Domain string `json:"domain"` - - // Enabled Whether the service is enabled - Enabled *bool `json:"enabled,omitempty"` - - // Exposed Whether the service is exposed - Exposed *bool `json:"exposed,omitempty"` - - // Name Service name - Name string `json:"name"` - - // Targets List of target backends for this service - Targets []ServiceTarget `json:"targets"` -} - -// ServiceTarget defines model for ServiceTarget. -type ServiceTarget struct { - // Enabled Whether this target is enabled - Enabled bool `json:"enabled"` - - // Host Backend host:port for this target - Host string `json:"host"` - - // Path URL path prefix for this target - Path string `json:"path"` -} - // SetupKey defines model for SetupKey. type SetupKey struct { // AllowExtraDnsLabels Allow extra DNS labels to be added to the peer @@ -2351,18 +2377,18 @@ type PostApiPostureChecksJSONRequestBody = PostureCheckUpdate // PutApiPostureChecksPostureCheckIdJSONRequestBody defines body for PutApiPostureChecksPostureCheckId for application/json ContentType. type PutApiPostureChecksPostureCheckIdJSONRequestBody = PostureCheckUpdate +// PostApiReverseProxyJSONRequestBody defines body for PostApiReverseProxy for application/json ContentType. +type PostApiReverseProxyJSONRequestBody = ReverseProxyRequest + +// PutApiReverseProxyProxyIdJSONRequestBody defines body for PutApiReverseProxyProxyId for application/json ContentType. +type PutApiReverseProxyProxyIdJSONRequestBody = ReverseProxyRequest + // PostApiRoutesJSONRequestBody defines body for PostApiRoutes for application/json ContentType. type PostApiRoutesJSONRequestBody = RouteRequest // PutApiRoutesRouteIdJSONRequestBody defines body for PutApiRoutesRouteId for application/json ContentType. type PutApiRoutesRouteIdJSONRequestBody = RouteRequest -// PostApiServicesJSONRequestBody defines body for PostApiServices for application/json ContentType. -type PostApiServicesJSONRequestBody = ServiceRequest - -// PutApiServicesServiceIdJSONRequestBody defines body for PutApiServicesServiceId for application/json ContentType. -type PutApiServicesServiceIdJSONRequestBody = ServiceRequest - // PostApiSetupJSONRequestBody defines body for PostApiSetup for application/json ContentType. type PostApiSetupJSONRequestBody = SetupRequest