2.Merge remote-tracking branch 'upstream/main' into feature/remote-debug

2026-04-18 00:06:38 +00:00 · 2025-10-06 15:32:25 +03:00
parent ba7793ae7b e7b5537dcc
commit fcdd7fac51
118 changed files with 4511 additions and 587 deletions
--- a/shared/management/http/api/openapi.yml
+++ b/shared/management/http/api/openapi.yml
@@ -617,6 +617,48 @@ components:
            - serial_number
            - extra_dns_labels
            - ephemeral
+    PeerTemporaryAccessRequest:
+      type: object
+      properties:
+        name:
+          description: Peer's hostname
+          type: string
+          example: temp-host-1
+        wg_pub_key:
+          description: Peer's WireGuard public key
+          type: string
+          example: "n0r3pL4c3h0ld3rK3y=="
+        rules:
+          description: List of temporary access rules
+          type: array
+          items:
+            type: string
+            example: "tcp/80"
+      required:
+        - name
+        - wg_pub_key
+        - rules
+    PeerTemporaryAccessResponse:
+      type: object
+      properties:
+        name:
+          description: Peer's hostname
+          type: string
+          example: temp-host-1
+        id:
+          description: Peer ID
+          type: string
+          example: chacbco6lnnbn6cg5s90
+        rules:
+          description: List of temporary access rules
+          type: array
+          items:
+            type: string
+            example: "tcp/80"
+      required:
+        - name
+        - id
+        - rules
    AccessiblePeer:
      allOf:
        - $ref: '#/components/schemas/PeerMinimum'
@@ -1510,7 +1552,8 @@ components:
      allOf:
        - $ref: '#/components/schemas/NetworkResourceType'
        - type: string
-          example: host
+          enum: ["peer"]
+          example: peer
    NetworkRequest:
      type: object
      properties:
@@ -2946,6 +2989,42 @@ paths:
          "$ref": "#/components/responses/forbidden"
        '500':
          "$ref": "#/components/responses/internal_error"
+  /api/peers/{peerId}/temporary-access:
+    post:
+      summary: Create a Temporary Access Peer
+      description: Creates a temporary access peer that can be used to access this peer and this peer only. The temporary access peer and its access policies will be automatically deleted after it disconnects.
+      tags: [ Peers ]
+      security:
+        - BearerAuth: [ ]
+        - TokenAuth: [ ]
+      parameters:
+        - in: path
+          name: peerId
+          required: true
+          schema:
+            type: string
+          description: The unique identifier of a peer
+      requestBody:
+        description: Temporary Access Peer create request
+        content:
+          'application/json':
+            schema:
+              $ref: '#/components/schemas/PeerTemporaryAccessRequest'
+      responses:
+        '200':
+          description: Temporary Access Peer response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/PeerTemporaryAccessResponse'
+        '400':
+          "$ref": "#/components/responses/bad_request"
+        '401':
+          "$ref": "#/components/responses/requires_authentication"
+        '403':
+          "$ref": "#/components/responses/forbidden"
+        '500':
+          "$ref": "#/components/responses/internal_error"
  /api/peers/{peerId}/ingress/ports:
    get:
      x-cloud-only: true
--- a/shared/management/http/api/types.gen.go
+++ b/shared/management/http/api/types.gen.go
@@ -179,6 +179,7 @@ const (
 const (
 	ResourceTypeDomain ResourceType = "domain"
 	ResourceTypeHost   ResourceType = "host"
+	ResourceTypePeer   ResourceType = "peer"
 	ResourceTypeSubnet ResourceType = "subnet"
 )

@@ -1294,6 +1295,30 @@ type PeerRequest struct {
 	SshEnabled             bool    `json:"ssh_enabled"`
 }

+// PeerTemporaryAccessRequest defines model for PeerTemporaryAccessRequest.
+type PeerTemporaryAccessRequest struct {
+	// Name Peer's hostname
+	Name string `json:"name"`
+
+	// Rules List of temporary access rules
+	Rules []string `json:"rules"`
+
+	// WgPubKey Peer's WireGuard public key
+	WgPubKey string `json:"wg_pub_key"`
+}
+
+// PeerTemporaryAccessResponse defines model for PeerTemporaryAccessResponse.
+type PeerTemporaryAccessResponse struct {
+	// Id Peer ID
+	Id string `json:"id"`
+
+	// Name Peer's hostname
+	Name string `json:"name"`
+
+	// Rules List of temporary access rules
+	Rules []string `json:"rules"`
+}
+
 // PersonalAccessToken defines model for PersonalAccessToken.
 type PersonalAccessToken struct {
 	// CreatedAt Date the token was created
@@ -2030,6 +2055,9 @@ type PutApiPeersPeerIdIngressPortsAllocationIdJSONRequestBody = IngressPortAlloc
 // PostApiPeersPeerIdJobsJSONRequestBody defines body for PostApiPeersPeerIdJobs for application/json ContentType.
 type PostApiPeersPeerIdJobsJSONRequestBody = JobRequest

+// PostApiPeersPeerIdTemporaryAccessJSONRequestBody defines body for PostApiPeersPeerIdTemporaryAccess for application/json ContentType.
+type PostApiPeersPeerIdTemporaryAccessJSONRequestBody = PeerTemporaryAccessRequest
+
 // PostApiPoliciesJSONRequestBody defines body for PostApiPolicies for application/json ContentType.
 type PostApiPoliciesJSONRequestBody = PolicyUpdate