com.yahoo.athenz.msd.MSDSchema Maven / Gradle / Ivy
The newest version!
//
// This file generated by rdl 1.5.2. Do not modify!
//
package com.yahoo.athenz.msd;
import com.yahoo.rdl.*;
public class MSDSchema {
private final static Schema INSTANCE = build();
public static Schema instance() {
return INSTANCE;
}
private static Schema build() {
SchemaBuilder sb = new SchemaBuilder("MSD");
sb.version(1);
sb.namespace("com.yahoo.athenz.msd");
sb.comment("Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. The Micro Segmentation Defense (MSD) API");
sb.stringType("SimpleName")
.comment("Copyright The Athenz Authors Licensed under the terms of the Apache version 2.0 license. See LICENSE file for terms. Common name types used by several API definitions A simple identifier, an element of compound name.")
.pattern("[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("CompoundName")
.comment("A compound name. Most names in this API are compound names.")
.pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("DomainName")
.comment("A domain name is the general qualifier prefix, as its uniqueness is managed.")
.pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("EntityName")
.comment("An entity name is a short form of a resource name, including only the domain and entity.")
.pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("EntityList")
.comment("An Entity list is comma separated compound Names")
.pattern("(([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*,)*([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("ServiceName")
.comment("A service name will generally be a unique subdomain.")
.pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("ActionName")
.comment("An action (operation) name.")
.pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("ResourceName")
.comment("A resource name Note that the EntityName part is optional, that is, a domain name followed by a colon is valid resource name.")
.pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*(:([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*)?");
sb.stringType("YBase64")
.comment("The Y-specific URL-safe Base64 variant.")
.pattern("[a-zA-Z0-9\\._-]+");
sb.stringType("YEncoded")
.comment("YEncoded includes ybase64 chars, as well as = and %. This can represent a user cookie and URL-encoded values.")
.pattern("[a-zA-Z0-9\\._%=-]*");
sb.stringType("AuthorityName")
.comment("Used as the prefix in a signed assertion. This uniquely identifies a signing authority.")
.pattern("([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("PathElement")
.comment("A uri-safe path element")
.pattern("[a-zA-Z0-9-\\._~=+@$,:]*");
sb.stringType("TransportPolicySubjectDomainName")
.comment("DomainName in TransportPolicySubject should allow * to indicate ANY")
.pattern("\\*|([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("TransportPolicySubjectServiceName")
.comment("ServiceName in TransportPolicySubject should allow * to indicate ANY")
.pattern("\\*|([a-zA-Z0-9_][a-zA-Z0-9_-]*\\.)*[a-zA-Z0-9_][a-zA-Z0-9_-]*");
sb.stringType("StaticWorkloadComponent")
.pattern("[a-zA-Z0-9][a-zA-Z0-9-:._]*");
sb.stringType("StaticWorkloadFQDN")
.pattern("([a-zA-Z0-9][a-zA-Z0-9-:._]*\\.)*[a-zA-Z0-9][a-zA-Z0-9-:._]*");
sb.stringType("StaticWorkloadName")
.pattern("(([a-zA-Z0-9][a-zA-Z0-9-:._]*\\.)*[a-zA-Z0-9][a-zA-Z0-9-:._]*)(\\/[0-9]{1,3})?");
sb.stringType("TransportPolicySubjectExternal")
.pattern("(([a-zA-Z0-9][a-zA-Z0-9-:._]*\\.)*[a-zA-Z0-9][a-zA-Z0-9-:._]*)(\\/[0-9]{1,3})?");
sb.enumType("TransportPolicyEnforcementState")
.comment("Types of transport policy enforcement states")
.element("ENFORCE")
.element("REPORT");
sb.enumType("TransportPolicyProtocol")
.comment("Types of transport policy protocols")
.element("TCP")
.element("UDP");
sb.enumType("TransportPolicyValidationStatus")
.comment("Validation Status of transport policy vs network policy")
.element("VALID")
.element("INVALID")
.element("PARTIAL");
sb.enumType("TransportPolicyTrafficDirection")
.comment("Types of transport policy traffic direction")
.element("INGRESS")
.element("EGRESS");
sb.enumType("TransportPolicyScope")
.comment("Scope of transport policy")
.element("ALL")
.element("ONPREM")
.element("AWS")
.element("GCP");
sb.structType("TransportPolicySubject")
.comment("Subject for a transport policy")
.field("domainName", "TransportPolicySubjectDomainName", false, "Name of the domain")
.field("serviceName", "TransportPolicySubjectServiceName", false, "Name of the service")
.field("externalPeer", "TransportPolicySubjectExternal", true, "External peer ( not in Athenz )");
sb.structType("TransportPolicySubjectSelectorRequirement")
.comment("A subject selector requirement is a selector that contains value, a key, and an operator that relates the key and value.")
.field("key", "String", false, "key that the selector applies to")
.field("operator", "String", false, "Operator that is applied to the key and value")
.field("value", "String", false, "Value that the selector applies to");
sb.structType("TransportPolicyCondition")
.comment("Transport policy condition. Used to specify additional restrictions for the subject of a transport policy")
.field("enforcementState", "TransportPolicyEnforcementState", false, "State of transport policy enforcement ( ENFORCE / REPORT )")
.arrayField("instances", "String", true, "Acts as restrictions. If present, this transport policy should be restricted to only mentioned instances.")
.arrayField("scope", "TransportPolicyScope", true, "Scope of transport policy")
.arrayField("additionalConditions", "TransportPolicySubjectSelectorRequirement", true, "List of any additional conditions");
sb.structType("PolicyPort")
.comment("generic policy port. Will be used by TransportPolicyPort and NetworkPolicyPort structs")
.field("port", "Int32", false, "Start port of the port range. port and endPort will have same values for a single port definition.")
.field("endPort", "Int32", false, "End port of the port range. port and endPort will have same values for a single port definition.");
sb.structType("TransportPolicyPort", "PolicyPort")
.comment("Transport policy port")
.field("protocol", "TransportPolicyProtocol", false, "Protocol for this transport policy");
sb.structType("TransportPolicyMatch")
.comment("Selector for the subject of a transport policy")
.field("athenzService", "TransportPolicySubject", false, "Subject where this transport policy applies")
.arrayField("conditions", "TransportPolicyCondition", false, "List of additional requirements for restrictions. Requirements are ANDed.");
sb.structType("TransportPolicyPeer")
.comment("Source or destination for a transport policy")
.arrayField("athenzServices", "TransportPolicySubject", false, "List of transport policy subjects")
.arrayField("ports", "TransportPolicyPort", false, "List of network traffic port part of this transport policy");
sb.structType("TransportPolicyEntitySelector")
.comment("Entity to which a transport policy applies. Describes the subject and port(s) for a transport policy.")
.field("match", "TransportPolicyMatch", false, "Requirements for selecting the subject for this transport policy.")
.arrayField("ports", "TransportPolicyPort", false, "List of network traffic port of the subject eligible for the transport policy");
sb.structType("TransportPolicyIngressRule")
.comment("Transport policy ingress rule")
.field("id", "Int64", false, "Assertion id associated with this transport policy")
.field("identifier", "EntityName", true, "Policy Identifier")
.field("lastModified", "Timestamp", false, "Last modification timestamp of this transport policy")
.field("entitySelector", "TransportPolicyEntitySelector", false, "Entity to which this transport policy applies")
.field("from", "TransportPolicyPeer", true, "Source of network traffic");
sb.structType("TransportPolicyEgressRule")
.comment("Transport policy egress rule")
.field("id", "Int64", false, "Assertion id associated with this transport policy")
.field("identifier", "EntityName", true, "Policy Identifier")
.field("lastModified", "Timestamp", false, "Last modification timestamp of this transport policy")
.field("entitySelector", "TransportPolicyEntitySelector", false, "Entity to which this transport policy applies")
.field("to", "TransportPolicyPeer", true, "Destination of network traffic");
sb.structType("TransportPolicyRules")
.comment("Transport policy containing ingress and egress rules")
.arrayField("ingress", "TransportPolicyIngressRule", false, "List of ingress rules")
.arrayField("egress", "TransportPolicyEgressRule", false, "List of egress rules");
sb.structType("TransportPolicyValidationRequest")
.comment("Transport policy request object to be validated")
.field("entitySelector", "TransportPolicyEntitySelector", false, "Describes the entity to which this transport policy applies")
.field("peer", "TransportPolicyPeer", false, "source or destination of the network traffic depending on direction")
.field("id", "Int64", true, "If present, assertion id associated with this transport policy")
.field("trafficDirection", "TransportPolicyTrafficDirection", false, "");
sb.structType("TransportPolicyValidationResponse")
.comment("Response object of transport policy rule validation")
.field("status", "TransportPolicyValidationStatus", false, "")
.arrayField("errors", "String", true, "")
.field("updateTime", "Timestamp", true, "most recent update timestamp in the backend")
.field("id", "Int64", true, "If present, assertion id associated with the transport policy");
sb.structType("TransportPolicyValidationResponseList")
.comment("List of TransportPolicyValidationResponse")
.arrayField("responseList", "TransportPolicyValidationResponse", false, "list of transport policy validation response");
sb.structType("TransportPolicyRequest")
.comment("Input to create a transport policy")
.field("direction", "TransportPolicyTrafficDirection", false, "Direction of network traffic")
.field("identifier", "EntityName", false, "Policy Identifier")
.field("subject", "TransportPolicySubject", false, "Subject for the policy")
.arrayField("conditions", "TransportPolicyCondition", true, "List of transport policy conditions")
.arrayField("sourcePorts", "TransportPolicyPort", false, "List of source network traffic ports")
.arrayField("destinationPorts", "TransportPolicyPort", false, "List of destination network traffic ports")
.arrayField("peers", "TransportPolicySubject", true, "Source or destination of the policy depending on direction");
sb.enumType("StaticWorkloadType")
.comment("Enum representing defined types of static workloads.")
.element("VIP")
.element("ENTERPRISE_APPLIANCE")
.element("CLOUD_LB")
.element("CLOUD_NAT")
.element("EXTERNAL_APPLIANCE")
.element("VIP_LB")
.element("CLOUD_MANAGED")
.element("SERVICE_SUBNET");
sb.structType("DynamicWorkload")
.comment("workload type describing workload bootstrapped with an identity")
.field("domainName", "DomainName", false, "name of the domain")
.field("serviceName", "EntityName", false, "name of the service")
.field("uuid", "String", false, "unique identifier for the workload, usually defined by provider")
.arrayField("ipAddresses", "String", false, "list of IP addresses associated with the workload, optional for getWorkloadsByIP API call")
.field("hostname", "String", false, "hostname associated with the workload")
.field("provider", "String", false, "infrastructure provider e.g. Kubernetes, AWS, Azure, openstack etc.")
.field("updateTime", "Timestamp", false, "most recent update timestamp in the backend")
.field("certExpiryTime", "Timestamp", false, "certificate expiry time (ex: getNotAfter)")
.field("certIssueTime", "Timestamp", true, "certificate issue time (ex: getNotBefore)");
sb.structType("Workload", "DynamicWorkload")
.comment("kept for backward compatibility sake. Will be eventually deprecated in favor of DynamicWorkload");
sb.structType("StaticWorkload")
.comment("workload type describing workload indirectly associated with an identity ( without bootstrap )")
.field("domainName", "DomainName", false, "name of the domain")
.field("serviceName", "EntityName", false, "name of the service")
.field("type", "StaticWorkloadType", false, "value representing one of the StaticWorkloadType enum")
.arrayField("ipAddresses", "String", true, "list of IP addresses associated with the workload, optional for getWorkloadsByIP API call")
.field("name", "StaticWorkloadName", true, "name associated with the workload. In most cases will be a FQDN")
.field("updateTime", "Timestamp", true, "most recent update timestamp in the backend");
sb.structType("WorkloadOptions")
.field("ipChanged", "Bool", false, "boolean flag to signal a change in IP state");
sb.structType("Workloads")
.comment("list of workloads")
.arrayField("workloadList", "Workload", false, "list of workloads")
.arrayField("dynamicWorkloadList", "DynamicWorkload", true, "list of dynamic workloads")
.arrayField("staticWorkloadList", "StaticWorkload", true, "list of static workloads");
sb.structType("StaticWorkloadService")
.comment("static workload service")
.field("type", "StaticWorkloadType", false, "value representing one of the StaticWorkloadType enum")
.field("serviceName", "EntityName", false, "name of the service")
.field("instance", "EntityName", false, "service instance");
sb.structType("StaticWorkloadServices")
.comment("list of services")
.arrayField("staticWorkloadServices", "StaticWorkloadService", false, "");
sb.structType("DomainServices")
.comment("request type to search all workloads for a domain and selected list of its services")
.field("domainName", "DomainName", false, "name of the domain")
.arrayField("serviceNames", "EntityName", false, "list of service names");
sb.structType("BulkWorkloadRequest")
.comment("request type to search all workloads for a list of services grouped by domains")
.arrayField("domainServices", "DomainServices", false, "list of services, grouped by domain")
.field("fetchStaticTypeWorkloads", "Bool", true, "whether to fetch static type workloads", true)
.field("fetchDynamicTypeWorkloads", "Bool", true, "whether to fetch dynamic type workloads", true)
.arrayField("applicableStaticTypes", "StaticWorkloadType", true, "list of applicable static workload types, if not set then that means all. Applicable only if fetchStaticTypeWorkloads is enabled")
.field("resolveStaticWorkloads", "Bool", true, "resolve static workloads to IPs, if applicable", false);
sb.structType("BulkWorkloadResponse")
.comment("response of a bulk workload search request")
.arrayField("unmodifiedServices", "DomainServices", false, "list of services grouped by domain, those are not changed since time stamp in matchingTag")
.field("workloads", "Workloads", false, "matching workloads");
sb.structType("CompositeInstance")
.comment("generic instance")
.field("domainName", "DomainName", false, "name of the domain")
.field("serviceName", "EntityName", false, "name of the service")
.field("instance", "SimpleName", false, "instance name/id")
.field("instanceType", "String", true, "instance type")
.field("provider", "String", true, "name of the instance provider, for example aws/gcp")
.field("certExpiryTime", "Timestamp", true, "certificate expiry time (ex: getNotAfter), if applicable")
.field("certIssueTime", "Timestamp", true, "certificate issue time (ex: getNotBefore), if applicable");
sb.enumType("NetworkPolicyChangeEffect")
.comment("IMPACT indicates that a change in network policy will interfere with workings of one or more transport policies NO_IMPACT indicates that a change in network policy will not interfere with workings of any transport policy")
.element("IMPACT")
.element("NO_IMPACT");
sb.structType("IPBlock")
.comment("Struct representing ip blocks used by network policy in CIDR (Classless inter-domain routing) format")
.field("cidr", "String", false, "cidr notation. can be used for ipv4 or ipv6");
sb.structType("NetworkPolicyPort", "PolicyPort")
.comment("network policy port.")
.field("protocol", "TransportPolicyProtocol", false, "protocol used by the network policy");
sb.structType("NetworkPolicyPorts")
.comment("allows creating a unique tuple of source and destination ports")
.arrayField("sourcePorts", "NetworkPolicyPort", false, "list of source ports")
.arrayField("destinationPorts", "NetworkPolicyPort", false, "list of destination ports");
sb.structType("NetworkPolicyChangeImpactRequest")
.comment("struct representing input details for evaluating network policies change impact on transport policies")
.arrayField("from", "IPBlock", false, "from ip address range list in cidr format")
.arrayField("to", "IPBlock", false, "to ip address range list in cidr format")
.arrayField("ports", "NetworkPolicyPorts", false, "list of ports. Facilitates multiple transports for the same source and destinations.");
sb.structType("NetworkPolicyChangeImpactDetail")
.field("domain", "DomainName", false, "Name of the domain of the corresponding transport policy")
.field("policy", "EntityName", false, "Name of the Athenz policy corresponding to transport policy")
.field("transportPolicyId", "Int64", false, "Unique id of the transport policy");
sb.structType("NetworkPolicyChangeImpactResponse")
.comment("struct representing response of evaluating network policies change impact on transport policies")
.field("effect", "NetworkPolicyChangeEffect", false, "enum indicating effect of network policy change on one or more transport policies")
.arrayField("details", "NetworkPolicyChangeImpactDetail", true, "if the above enum value is IMPACT then this optional object contains more details about the impacted transport policies");
sb.structType("KubernetesLabelSelectorRequirement")
.comment("A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.")
.field("key", "String", false, "Label key that the selector applies to")
.field("operator", "String", false, "Operator that is applied to the key. Valid operators are In, NotIn, Exists and DoesNotExist.")
.arrayField("values", "String", true, "Array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.");
sb.structType("KubernetesLabelSelector")
.comment("A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.")
.arrayField("matchExpressions", "KubernetesLabelSelectorRequirement", false, "Array of label selector requirements. The requirements are ANDed.")
.mapField("matchLabels", "String", "String", false, "Map of label key/value pairs");
sb.structType("KubernetesNetworkPolicyPort", "PolicyPort")
.comment("Kubernetes network policy port range")
.field("protocol", "TransportPolicyProtocol", false, "Network policy protocol. Allowed values: TCP, UDP.");
sb.structType("KubernetesIPBlock")
.comment("Kubernetes network policy IP block source/target")
.field("cidr", "String", false, "CIDR block representing IP range for source/target")
.arrayField("except", "String", true, "Exception for CIDR blocks, if needed");
sb.structType("KubernetesNetworkPolicyPeer")
.comment("Kubernetes network policy peer (source/target)")
.field("podSelector", "KubernetesLabelSelector", true, "Kubernetes pod selector for the network policy source/target")
.field("namespaceSelector", "KubernetesLabelSelector", true, "Kubernetes namespace selector for the network policy source/target")
.field("ipBlock", "KubernetesIPBlock", true, "IP block for the network policy source/target");
sb.structType("KubernetesNetworkPolicyIngressRule")
.comment("Kubernetes network policy ingress rule")
.arrayField("from", "KubernetesNetworkPolicyPeer", true, "Network policy source, when empty all sources are allowed")
.arrayField("ports", "KubernetesNetworkPolicyPort", true, "Ingress port(s), when empty all ports are allowed");
sb.structType("KubernetesNetworkPolicyEgressRule")
.comment("Kubernetes network policy egress rule")
.arrayField("to", "KubernetesNetworkPolicyPeer", true, "Network policy target, when empty all sources are allowed")
.arrayField("ports", "KubernetesNetworkPolicyPort", true, "Egress port(s), when empty all ports are allowed");
sb.structType("KubernetesNetworkPolicySpec")
.comment("Kubernetes network policy spec")
.field("podSelector", "KubernetesLabelSelector", false, "Kubernetes pod selector for the network policy target")
.arrayField("policyTypes", "String", false, "Network policy types - Ingress, Egress")
.arrayField("ingress", "KubernetesNetworkPolicyIngressRule", true, "Ingress network policy rules, if empty then all ingress traffic is blocked")
.arrayField("egress", "KubernetesNetworkPolicyEgressRule", true, "Egress network policy rules, if empty then all egress traffic is blocked");
sb.structType("KubernetesNetworkPolicyRequest")
.comment("Request object containing Kubernetes network policy inputs")
.field("athenzDomainLabel", "String", true, "Label key name used on pods to identify Athenz domain")
.field("athenzServiceLabel", "String", false, "Label key name used on pods to identify Athenz service")
.field("networkPolicyType", "String", true, "Network policy type, default is vanilla Kubernetes")
.field("requestedApiVersion", "String", true, "Requested network policy apiVersion")
.field("networkPolicyNamespace", "String", true, "Kubernetes namespace for the network policy object")
.field("domainLabelAsNamespaceSelector", "Bool", true, "Use athenzDomainLabel as namespace selector", false)
.field("domainInServiceLabel", "Bool", true, "Use Athenz domain name in service label", false);
sb.structType("KubernetesNetworkPolicyResponse")
.comment("Response object containing Kubernetes network policy")
.field("apiVersion", "String", false, "Kubernetes network policy apiVersion")
.field("kind", "String", false, "Kubernetes network policy kind")
.mapField("metadata", "String", "String", false, "Kubernetes network policy metadata")
.field("spec", "KubernetesNetworkPolicySpec", false, "Kubernetes network policy spec");
sb.stringType("rdl.Identifier")
.comment("All names need to be of this restricted string type")
.pattern("[a-zA-Z_]+[a-zA-Z_0-9]*");
sb.stringType("rdl.NamespacedIdentifier")
.comment("A Namespace is a dotted compound name, using reverse domain name order (i.e. \"com.yahoo.auth\")")
.pattern("([a-zA-Z_]+[a-zA-Z_0-9]*)(\\.[a-zA-Z_]+[a-zA-Z_0-9])*");
sb.enumType("rdl.BaseType")
.element("Bool")
.element("Int8")
.element("Int16")
.element("Int32")
.element("Int64")
.element("Float32")
.element("Float64")
.element("Bytes")
.element("String")
.element("Timestamp")
.element("Symbol")
.element("UUID")
.element("Array")
.element("Map")
.element("Struct")
.element("Enum")
.element("Union")
.element("Any");
sb.stringType("rdl.ExtendedAnnotation")
.comment("ExtendedAnnotation - parsed and preserved, but has no defined meaning in RDL. Such annotations must begin with \"x_\", and may have an associated string literal value (the value will be \"\" if the annotation is just a flag).")
.pattern("x_[a-zA-Z_0-9]*");
sb.structType("rdl.TypeDef")
.comment("TypeDef is the basic type definition.")
.field("type", "rdl.TypeRef", false, "The type this type is derived from. For base types, it is the same as the name")
.field("name", "rdl.TypeName", false, "The name of the type")
.field("comment", "String", true, "The comment for the type")
.mapField("annotations", "rdl.ExtendedAnnotation", "String", true, "additional annotations starting with \"x_\"");
sb.structType("rdl.AliasTypeDef", "rdl.TypeDef")
.comment("AliasTypeDef is used for type definitions that add no additional attributes, and thus just create an alias");
sb.structType("rdl.BytesTypeDef", "rdl.TypeDef")
.comment("Bytes allow the restriction by fixed size, or min/max size.")
.field("size", "Int32", true, "Fixed size")
.field("minSize", "Int32", true, "Min size")
.field("maxSize", "Int32", true, "Max size");
sb.structType("rdl.StringTypeDef", "rdl.TypeDef")
.comment("Strings allow the restriction by regular expression pattern or by an explicit set of values. An optional maximum size may be asserted")
.field("pattern", "String", true, "A regular expression that must be matched. Mutually exclusive with values")
.arrayField("values", "String", true, "A set of allowable values")
.field("minSize", "Int32", true, "Min size")
.field("maxSize", "Int32", true, "Max size");
sb.unionType("rdl.Number")
.comment("A numeric is any of the primitive numeric types")
.variant("Int8")
.variant("Int16")
.variant("Int32")
.variant("Int64")
.variant("Float32")
.variant("Float64");
sb.structType("rdl.NumberTypeDef", "rdl.TypeDef")
.comment("A number type definition allows the restriction of numeric values.")
.field("min", "rdl.Number", true, "Min value")
.field("max", "rdl.Number", true, "Max value");
sb.structType("rdl.ArrayTypeDef", "rdl.TypeDef")
.comment("Array types can be restricted by item type and size")
.field("items", "rdl.TypeRef", false, "The type of the items, default to any type", null)
.field("size", "Int32", true, "If present, indicate the fixed size.")
.field("minSize", "Int32", true, "If present, indicate the min size")
.field("maxSize", "Int32", true, "If present, indicate the max size");
sb.structType("rdl.MapTypeDef", "rdl.TypeDef")
.comment("Map types can be restricted by key type, item type and size")
.field("keys", "rdl.TypeRef", false, "The type of the keys, default to String.", null)
.field("items", "rdl.TypeRef", false, "The type of the items, default to Any type", null)
.field("size", "Int32", true, "If present, indicates the fixed size.")
.field("minSize", "Int32", true, "If present, indicate the min size")
.field("maxSize", "Int32", true, "If present, indicate the max size");
sb.structType("rdl.StructFieldDef")
.comment("Each field in a struct_field_spec is defined by this type")
.field("name", "rdl.Identifier", false, "The name of the field")
.field("type", "rdl.TypeRef", false, "The type of the field")
.field("optional", "Bool", false, "The field may be omitted even if specified", false)
.field("default", "Any", true, "If field is absent, what default value should be assumed.")
.field("comment", "String", true, "The comment for the field")
.field("items", "rdl.TypeRef", true, "For map or array fields, the type of the items")
.field("keys", "rdl.TypeRef", true, "For map type fields, the type of the keys")
.mapField("annotations", "rdl.ExtendedAnnotation", "String", true, "additional annotations starting with \"x_\"");
sb.structType("rdl.StructTypeDef", "rdl.TypeDef")
.comment("A struct can restrict specific named fields to specific types. By default, any field not specified is allowed, and can be of any type. Specifying closed means only those fields explicitly")
.arrayField("fields", "rdl.StructFieldDef", false, "The fields in this struct. By default, open Structs can have any fields in addition to these")
.field("closed", "Bool", false, "indicates that only the specified fields are acceptable. Default is open (any fields)", false);
sb.structType("rdl.EnumElementDef")
.comment("EnumElementDef defines one of the elements of an Enum")
.field("symbol", "rdl.Identifier", false, "The identifier representing the value")
.field("comment", "String", true, "the comment for the element")
.mapField("annotations", "rdl.ExtendedAnnotation", "String", true, "additional annotations starting with \"x_\"");
sb.structType("rdl.EnumTypeDef", "rdl.TypeDef")
.comment("Define an enumerated type. Each value of the type is represented by a symbolic identifier.")
.arrayField("elements", "rdl.EnumElementDef", false, "The enumeration of the possible elements");
sb.structType("rdl.UnionTypeDef", "rdl.TypeDef")
.comment("Define a type as one of any other specified type.")
.arrayField("variants", "rdl.TypeRef", false, "The type names of constituent types. Union types get expanded, this is a flat list");
sb.unionType("rdl.Type")
.comment("A Type can be specified by any of the above specialized Types, determined by the value of the the 'type' field")
.variant("rdl.BaseType")
.variant("rdl.StructTypeDef")
.variant("rdl.MapTypeDef")
.variant("rdl.ArrayTypeDef")
.variant("rdl.EnumTypeDef")
.variant("rdl.UnionTypeDef")
.variant("rdl.StringTypeDef")
.variant("rdl.BytesTypeDef")
.variant("rdl.NumberTypeDef")
.variant("rdl.AliasTypeDef");
sb.structType("rdl.ResourceInput")
.comment("ResourceOutput defines input characteristics of a Resource")
.field("name", "rdl.Identifier", false, "the formal name of the input")
.field("type", "rdl.TypeRef", false, "The type of the input")
.field("comment", "String", true, "The optional comment")
.field("pathParam", "Bool", false, "true of this input is a path parameter", false)
.field("queryParam", "String", true, "if present, the name of the query param name")
.field("header", "String", true, "If present, the name of the header the input is associated with")
.field("pattern", "String", true, "If present, the pattern associated with the pathParam (i.e. wildcard path matches)")
.field("default", "Any", true, "If present, the default value for optional params")
.field("optional", "Bool", false, "If present, indicates that the input is optional", false)
.field("flag", "Bool", false, "If present, indicates the queryparam is of flag style (no value)", false)
.field("context", "String", true, "If present, indicates the parameter comes form the implementation context")
.mapField("annotations", "rdl.ExtendedAnnotation", "String", true, "additional annotations starting with \"x_\"");
sb.structType("rdl.ResourceOutput")
.comment("ResourceOutput defines output characteristics of a Resource")
.field("name", "rdl.Identifier", false, "the formal name of the output")
.field("type", "rdl.TypeRef", false, "The type of the output")
.field("header", "String", false, "the name of the header associated with this output")
.field("comment", "String", true, "The optional comment for the output")
.field("optional", "Bool", false, "If present, indicates that the output is optional (the server decides)", false)
.mapField("annotations", "rdl.ExtendedAnnotation", "String", true, "additional annotations starting with \"x_\"");
sb.structType("rdl.ResourceAuth")
.comment("ResourceAuth defines authentication and authorization attributes of a resource. Presence of action, resource, or domain implies authentication; the authentication flag alone is required only when no authorization is done.")
.field("authenticate", "Bool", false, "if present and true, then the requester must be authenticated", false)
.field("action", "String", true, "the action to authorize access to. This forces authentication")
.field("resource", "String", true, "the resource identity to authorize access to")
.field("domain", "String", true, "if present, the alternate domain to check access to. This is rare.");
sb.structType("rdl.ExceptionDef")
.comment("ExceptionDef describes the exception a symbolic response code maps to.")
.field("type", "String", false, "The type of the exception")
.field("comment", "String", true, "the optional comment for the exception");
sb.structType("rdl.Resource")
.comment("A Resource of a REST service")
.field("type", "rdl.TypeRef", false, "The type of the resource")
.field("method", "String", false, "The method for the action (typically GET, POST, etc for HTTP access)")
.field("path", "String", false, "The resource path template")
.field("comment", "String", true, "The optional comment")
.arrayField("inputs", "rdl.ResourceInput", true, "An Array named inputs")
.arrayField("outputs", "rdl.ResourceOutput", true, "An Array of named outputs")
.field("auth", "rdl.ResourceAuth", true, "The optional authentication or authorization directive")
.field("expected", "String", false, "The expected symbolic response code", "OK")
.arrayField("alternatives", "String", true, "The set of alternative but non-error response codes")
.mapField("exceptions", "String", "rdl.ExceptionDef", true, "A map of symbolic response code to Exception definitions")
.field("async", "Bool", true, "A hint to server implementations that this resource would be better implemented with async I/O")
.mapField("annotations", "rdl.ExtendedAnnotation", "String", true, "additional annotations starting with \"x_\"")
.arrayField("consumes", "String", true, "Optional hint for resource acceptable input types")
.arrayField("produces", "String", true, "Optional hint for resource output content types")
.field("name", "rdl.Identifier", true, "The optional name of the resource");
sb.structType("rdl.Schema")
.comment("A Schema is a container for types and resources. It is self-contained (no external references). and is the output of the RDL parser.")
.field("namespace", "rdl.NamespacedIdentifier", true, "The namespace for the schema")
.field("name", "rdl.Identifier", true, "The name of the schema")
.field("version", "Int32", true, "The version of the schema")
.field("comment", "String", true, "The comment for the entire schema")
.arrayField("types", "rdl.Type", true, "The types this schema defines.")
.arrayField("resources", "rdl.Resource", true, "The resources for a service this schema defines")
.field("base", "String", true, "the base path for resources in the schema.")
.mapField("annotations", "rdl.ExtendedAnnotation", "String", true, "additional annotations starting with \"x_\"");
sb.resource("TransportPolicyRules", "GET", "/transportpolicies")
.comment("API endpoint to get the transport policy rules defined in Athenz")
.headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any policies modified since this time")
.output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("TransportPolicyValidationRequest", "POST", "/transportpolicy/validate")
.comment("API to validate micro-segmentation policies against network policies")
.name("validateTransportPolicy")
.input("transportPolicy", "TransportPolicyValidationRequest", "Struct representing micro-segmentation policy entered by the user")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("TransportPolicyValidationResponseList", "GET", "/domain/{domainName}/transportpolicy/validationstatus")
.comment("API to get transport policy validation response for transport policies of a domain")
.name("getTransportPolicyValidationStatus")
.pathParam("domainName", "DomainName", "name of the domain")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("TransportPolicyRules", "GET", "/domain/{domainName}/transportpolicies")
.comment("API endpoint to get the transport policy rules defined in Athenz for a given domain")
.name("getTransportPolicyRulesByDomain")
.pathParam("domainName", "DomainName", "name of the domain")
.headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any policies modified since this time")
.output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
.auth("msd.GetNetworkPolicy", "{domainName}:domain")
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("TransportPolicyRequest", "PUT", "/domain/{domainName}/service/{serviceName}/transportpolicy")
.comment("This API endpoint facilitates the creation or update of a transport policy for a specified domain and service. It is designed exclusively for the purpose of creating or updating transport policies, and does not support mixed-case scenarios. Once a transport policy is established, the destination service, protocol, and both source and destination ports become non-editable. To modify any of these fields, it is necessary to create a new policy and delete the old one.")
.name("putTransportPolicy")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "Name of the service")
.headerParam("Y-Audit-Ref", "auditRef", "String", null, "Audit param required(not empty) if domain auditEnabled is true.")
.headerParam("Athenz-Resource-Owner", "resourceOwner", "String", null, "Resource owner for the request")
.input("payload", "TransportPolicyRequest", "Struct representing input transport policy")
.auth("msd.UpdateNetworkPolicy", "{domainName}:service.{serviceName}")
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("TransportPolicyRules", "GET", "/domain/{domainName}/service/{serviceName}/transportpolicies")
.comment("API endpoint to get the transport policy rules defined in Athenz for a given domain and service")
.name("getTransportPolicyRulesByService")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "Name of the service")
.headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any policies modified since this time")
.output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
.auth("msd.GetNetworkPolicy", "{domainName}:service.{serviceName}")
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("TransportPolicyRules", "DELETE", "/domain/{domainName}/service/{serviceName}/transportpolicy/{id}")
.comment("API endpoint to delete the transport policy Upon successful completion of this delete request, the server will return NO_CONTENT status code without any data (no object will be returned).")
.name("deleteTransportPolicy")
.pathParam("domainName", "DomainName", "Name of the domain")
.pathParam("serviceName", "EntityName", "Name of the service")
.pathParam("id", "Int64", "Id of the assertion representing the transport policy")
.headerParam("Y-Audit-Ref", "auditRef", "String", null, "Audit param required(not empty) if domain auditEnabled is true.")
.headerParam("Athenz-Resource-Owner", "resourceOwner", "String", null, "Resource owner for the request")
.auth("msd.DeleteNetworkPolicy", "{domainName}:service.{serviceName}")
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("CONFLICT", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("Workloads", "GET", "/domain/{domainName}/service/{serviceName}/workloads")
.name("getWorkloadsByService")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "name of the service")
.headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any workloads modified since this time")
.output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("Workloads", "GET", "/workloads/{ip}")
.name("getWorkloadsByIP")
.pathParam("ip", "String", "ip address to query")
.headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any workloads modified since this time")
.output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("WorkloadOptions", "PUT", "/domain/{domainName}/service/{serviceName}/workload/dynamic")
.comment("Api to perform a dynamic workload PUT operation for a domain and service Workload details are obtained from the service certificate")
.name("putDynamicWorkload")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "name of the service")
.input("options", "WorkloadOptions", "metadata about the dynamic workload")
.headerParam("Athenz-Resource-Owner", "resourceOwner", "String", null, "Resource owner for the request")
.auth("", "", true)
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("WorkloadOptions", "DELETE", "/domain/{domainName}/service/{serviceName}/instanceId/{instanceId}/workload/dynamic")
.comment("Api to perform a dynamic workload DELETE operation for a domain, service, and instance")
.name("deleteDynamicWorkload")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "name of the service")
.pathParam("instanceId", "PathElement", "unique instance id within provider's namespace")
.headerParam("Athenz-Resource-Owner", "resourceOwner", "String", null, "Resource owner for the request")
.auth("update", "{domainName}:service.{serviceName}")
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("StaticWorkload", "PUT", "/domain/{domainName}/service/{serviceName}/workload/static")
.comment("Api to perform a static workload PUT operation for a domain and service")
.name("putStaticWorkload")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "name of the service")
.input("staticWorkload", "StaticWorkload", "Struct representing static workload entered by the user")
.headerParam("Athenz-Resource-Owner", "resourceOwner", "String", null, "Resource owner for the request")
.auth("update", "{domainName}:service.{serviceName}")
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("StaticWorkload", "DELETE", "/domain/{domainName}/service/{serviceName}/name/{name}/workload/static")
.comment("Api to perform a static workload DELETE operation for a domain, service, and instance")
.name("deleteStaticWorkload")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "name of the service")
.pathParam("name", "StaticWorkloadName", "name associated with the workload. In most cases will be a FQDN")
.headerParam("Athenz-Resource-Owner", "resourceOwner", "String", null, "Resource owner for the request")
.auth("update", "{domainName}:service.{serviceName}")
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("StaticWorkloadServices", "GET", "/services/{serviceType}")
.comment("Api to retrieve static workload services by its type. type=StaticWorkloadType in String representation")
.name("getStaticWorkloadServicesByType")
.pathParam("serviceType", "EntityName", "type of the service")
.queryParam("value", "serviceValue", "EntityName", null, "specific service value")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("Workloads", "GET", "/domain/{domainName}/workloads")
.name("getWorkloadsByDomain")
.pathParam("domainName", "DomainName", "name of the domain")
.headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any workloads modified since this time")
.output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("BulkWorkloadRequest", "POST", "/workloads")
.comment("Read only endpoint to fetch workloads for a list of services grouped by domains")
.name("getWorkloadsByDomainAndService")
.input("request", "BulkWorkloadRequest", "workload search request")
.headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any workloads modified since this time")
.output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("CompositeInstance", "PUT", "/domain/{domainName}/service/{serviceName}/workload/discover/instance")
.comment("Api to discover an additional instance which can have static or dynamic or both IPs")
.name("putCompositeInstance")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "name of the service")
.input("instance", "CompositeInstance", "Generic instance")
.headerParam("Athenz-Resource-Owner", "resourceOwner", "String", null, "Resource owner for the request")
.auth("update", "{domainName}:service.{serviceName}")
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("Workloads", "DELETE", "/domain/{domainName}/service/{serviceName}/workload/discover/instance/{instance}")
.comment("Api to delete an additional instance which can have static or dynamic or both IPs")
.name("deleteCompositeInstance")
.pathParam("domainName", "DomainName", "name of the domain")
.pathParam("serviceName", "EntityName", "name of the service")
.pathParam("instance", "SimpleName", "instance name/id/key")
.headerParam("Athenz-Resource-Owner", "resourceOwner", "String", null, "Resource owner for the request")
.auth("update", "{domainName}:service.{serviceName}")
.expected("NO_CONTENT")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("NetworkPolicyChangeImpactRequest", "POST", "/transportpolicy/evaluatenetworkpolicychange")
.comment("API to evaluate network policies change impact on transport policies")
.name("evaluateNetworkPolicyChange")
.input("detail", "NetworkPolicyChangeImpactRequest", "Struct representing a network policy present in the system")
.auth("", "", true)
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("KubernetesNetworkPolicyRequest", "POST", "/domain/{domainName}/service/{serviceName}/kubernetesnetworkpolicy")
.comment("API endpoint to get the Kubernetes network policy converted from the corresponding MSD policy")
.pathParam("domainName", "DomainName", "Name of the domain")
.pathParam("serviceName", "EntityName", "Name of the service")
.input("request", "KubernetesNetworkPolicyRequest", "Struct representing input options based on the cluster context")
.headerParam("If-None-Match", "matchingTag", "String", null, "Retrieved from the previous request, this timestamp specifies to the server to return any policies modified since this time")
.output("ETag", "tag", "String", "The current latest modification timestamp is returned in this header")
.auth("msd.GetNetworkPolicy", "{domainName}:service.{serviceName}")
.expected("OK")
.exception("BAD_REQUEST", "ResourceError", "")
.exception("FORBIDDEN", "ResourceError", "")
.exception("NOT_FOUND", "ResourceError", "")
.exception("TOO_MANY_REQUESTS", "ResourceError", "")
.exception("UNAUTHORIZED", "ResourceError", "")
;
sb.resource("rdl.Schema", "GET", "/schema")
.comment("Get RDL Schema")
.auth("", "", true)
.expected("OK");
return sb.build();
}
}