Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
Read-Only APIs to Retrieve Tenant Status
Base URLs:
Code samples
GET https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants HTTP/1.1
Host: api-gw-service-nmn.local
Accept: application/json
# You can also use wget
curl -X GET https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants', headers = headers)
print(r.json())
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
GET /v1alpha3/tenants
Get list of tenants’ spec/status
Example responses
200 Response
[
{
"spec": {
"childnamespaces": [
"vcluster-blue-slurm"
],
"state": "New,Deploying,Deployed,Deleting",
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"enablekms": true,
"keyname": "string",
"keytype": "string"
},
"tenantname": "vcluster-blue",
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"requiresVaultKeyUpdate": true
},
"status": {
"childnamespaces": [
"vcluster-blue-slurm"
],
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"keyname": "string",
"keytype": "string",
"publickey": "string",
"transitname": "string"
},
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"uuid": "550e8400-e29b-41d4-a716-446655440000"
}
}
]
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad Request | ResponseError |
| 404 | Not Found | Not Found | ResponseError |
| 500 | Internal Server Error | Internal Server Error | ResponseError |
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [Tenant] | false | none | [The primary schema/definition of a tenant] |
| » spec | TenantSpec | true | none | The desired state of Tenant |
| »» childnamespaces | [string] | false | none | none |
| »» state | string | false | none | +kubebuilder:validation:Optional |
| »» tenanthooks | [TenantHook] | false | none | +kubebuilder:validation:Optional |
| »»» blockingcall | boolean | false | none | +kubebuilder:default:=false +kubebuilder:validation:Optional |
| »»» eventtypes | [string] | false | none | none |
| »»» name | string | false | none | none |
| »»» url | string | false | none | none |
| »» tenantkms | TenantKmsResource | false | none | +kubebuilder:validation:Optional |
| »»» enablekms | boolean | false | none | +kubebuilder:default:=false +kubebuilder:validation:Optional Create a Vault transit engine for the tenant if this setting is true. |
| »»» keyname | string | false | none | +kubebuilder:default:=key1 +kubebuilder:validation:Optional Optional name for the transit engine key. |
| »»» keytype | string | false | none | +kubebuilder:default:=rsa-3072 +kubebuilder:validation:Optional Optional key type. See https://developer.hashicorp.com/vault/api-docs/secret/transit#type The default of 3072 is the minimal permitted under the Commercial National Security Algorithm (CNSA) 1.0 suite. |
| »» tenantname | string | true | none | none |
| »» tenantresources | [TenantResource] | true | none | The desired resources for the Tenant |
| »»» enforceexclusivehsmgroups | boolean | false | none | none |
| »»» hsmgrouplabel | string | false | none | none |
| »»» hsmpartitionname | string | false | none | none |
| »»» type | string | true | none | none |
| »»» xnames | [string] | true | none | none |
| »» requiresVaultKeyUpdate | boolean | false | none | none |
| » status | TenantStatus | false | none | The observed state of Tenant |
| »» childnamespaces | [string] | false | none | none |
| »» tenanthooks | [TenantHook] | false | none | [The webhook definition to call an API for tenant CRUD operations] |
| »» tenantkms | TenantKmsStatus | false | none | The Vault KMS transit engine status for the tenant |
| »»» keyname | string | false | none | The Vault transit key name. |
| »»» keytype | string | false | none | The Vault transit key type. |
| »»» publickey | string | false | none | The Vault public key. |
| »»» transitname | string | false | none | The generated Vault transit engine name. |
| »» tenantresources | [TenantResource] | false | none | The desired resources for the Tenant |
| »» uuid | string(uuid) | false | none | none |
To perform this operation, you must be authenticated by means of one of the following methods: bearerAuth
Code samples
POST https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants HTTP/1.1
Host: api-gw-service-nmn.local
Content-Type: application/json
Accept: application/json
# You can also use wget
curl -X POST https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.post('https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants', headers = headers)
print(r.json())
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
POST /v1alpha3/tenants
Get list of tenants’ spec/status with xname ownership
Body parameter
"[\"x1000c0s0b0n0\", \"x1000c0s0b1n0\"]"
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | string | true | Array of Xnames |
Example responses
200 Response
[
{
"spec": {
"childnamespaces": [
"vcluster-blue-slurm"
],
"state": "New,Deploying,Deployed,Deleting",
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"enablekms": true,
"keyname": "string",
"keytype": "string"
},
"tenantname": "vcluster-blue",
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"requiresVaultKeyUpdate": true
},
"status": {
"childnamespaces": [
"vcluster-blue-slurm"
],
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"keyname": "string",
"keytype": "string",
"publickey": "string",
"transitname": "string"
},
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"uuid": "550e8400-e29b-41d4-a716-446655440000"
}
}
]
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 400 | Bad Request | Bad Request | ResponseError |
| 404 | Not Found | Not Found | ResponseError |
| 500 | Internal Server Error | Internal Server Error | ResponseError |
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [Tenant] | false | none | [The primary schema/definition of a tenant] |
| » spec | TenantSpec | true | none | The desired state of Tenant |
| »» childnamespaces | [string] | false | none | none |
| »» state | string | false | none | +kubebuilder:validation:Optional |
| »» tenanthooks | [TenantHook] | false | none | +kubebuilder:validation:Optional |
| »»» blockingcall | boolean | false | none | +kubebuilder:default:=false +kubebuilder:validation:Optional |
| »»» eventtypes | [string] | false | none | none |
| »»» name | string | false | none | none |
| »»» url | string | false | none | none |
| »» tenantkms | TenantKmsResource | false | none | +kubebuilder:validation:Optional |
| »»» enablekms | boolean | false | none | +kubebuilder:default:=false +kubebuilder:validation:Optional Create a Vault transit engine for the tenant if this setting is true. |
| »»» keyname | string | false | none | +kubebuilder:default:=key1 +kubebuilder:validation:Optional Optional name for the transit engine key. |
| »»» keytype | string | false | none | +kubebuilder:default:=rsa-3072 +kubebuilder:validation:Optional Optional key type. See https://developer.hashicorp.com/vault/api-docs/secret/transit#type The default of 3072 is the minimal permitted under the Commercial National Security Algorithm (CNSA) 1.0 suite. |
| »» tenantname | string | true | none | none |
| »» tenantresources | [TenantResource] | true | none | The desired resources for the Tenant |
| »»» enforceexclusivehsmgroups | boolean | false | none | none |
| »»» hsmgrouplabel | string | false | none | none |
| »»» hsmpartitionname | string | false | none | none |
| »»» type | string | true | none | none |
| »»» xnames | [string] | true | none | none |
| »» requiresVaultKeyUpdate | boolean | false | none | none |
| » status | TenantStatus | false | none | The observed state of Tenant |
| »» childnamespaces | [string] | false | none | none |
| »» tenanthooks | [TenantHook] | false | none | [The webhook definition to call an API for tenant CRUD operations] |
| »» tenantkms | TenantKmsStatus | false | none | The Vault KMS transit engine status for the tenant |
| »»» keyname | string | false | none | The Vault transit key name. |
| »»» keytype | string | false | none | The Vault transit key type. |
| »»» publickey | string | false | none | The Vault public key. |
| »»» transitname | string | false | none | The generated Vault transit engine name. |
| »» tenantresources | [TenantResource] | false | none | The desired resources for the Tenant |
| »» uuid | string(uuid) | false | none | none |
To perform this operation, you must be authenticated by means of one of the following methods: bearerAuth
Code samples
GET https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants/{id} HTTP/1.1
Host: api-gw-service-nmn.local
Accept: application/json
# You can also use wget
curl -X GET https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants/{id} \
-H 'Accept: application/json' \
-H 'Authorization: Bearer {access-token}'
import requests
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer {access-token}'
}
r = requests.get('https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants/{id}', headers = headers)
print(r.json())
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
"Authorization": []string{"Bearer {access-token}"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api-gw-service-nmn.local/apis/tapms/v1alpha3/tenants/{id}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
GET /v1alpha3/tenants/{id}
Get a tenant’s spec/status
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | path | string | true | Either the Name or UUID of the Tenant |
Example responses
200 Response
{
"spec": {
"childnamespaces": [
"vcluster-blue-slurm"
],
"state": "New,Deploying,Deployed,Deleting",
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"enablekms": true,
"keyname": "string",
"keytype": "string"
},
"tenantname": "vcluster-blue",
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"requiresVaultKeyUpdate": true
},
"status": {
"childnamespaces": [
"vcluster-blue-slurm"
],
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"keyname": "string",
"keytype": "string",
"publickey": "string",
"transitname": "string"
},
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"uuid": "550e8400-e29b-41d4-a716-446655440000"
}
}
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Tenant |
| 400 | Bad Request | Bad Request | ResponseError |
| 404 | Not Found | Not Found | ResponseError |
| 500 | Internal Server Error | Internal Server Error | ResponseError |
To perform this operation, you must be authenticated by means of one of the following methods: bearerAuth
{
"message": "Error Message..."
}
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| message | string | false | none | none |
{
"spec": {
"childnamespaces": [
"vcluster-blue-slurm"
],
"state": "New,Deploying,Deployed,Deleting",
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"enablekms": true,
"keyname": "string",
"keytype": "string"
},
"tenantname": "vcluster-blue",
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"requiresVaultKeyUpdate": true
},
"status": {
"childnamespaces": [
"vcluster-blue-slurm"
],
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"keyname": "string",
"keytype": "string",
"publickey": "string",
"transitname": "string"
},
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"uuid": "550e8400-e29b-41d4-a716-446655440000"
}
}
The primary schema/definition of a tenant
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| spec | TenantSpec | true | none | The desired state of Tenant |
| status | TenantStatus | false | none | The observed state of Tenant |
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
The webhook definition to call an API for tenant CRUD operations
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| blockingcall | boolean | false | none | +kubebuilder:default:=false +kubebuilder:validation:Optional |
| eventtypes | [string] | false | none | none |
| name | string | false | none | none |
| url | string | false | none | none |
{
"enablekms": true,
"keyname": "string",
"keytype": "string"
}
The Vault KMS transit engine specification for the tenant
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| enablekms | boolean | false | none | +kubebuilder:default:=false +kubebuilder:validation:Optional Create a Vault transit engine for the tenant if this setting is true. |
| keyname | string | false | none | +kubebuilder:default:=key1 +kubebuilder:validation:Optional Optional name for the transit engine key. |
| keytype | string | false | none | +kubebuilder:default:=rsa-3072 +kubebuilder:validation:Optional Optional key type. See https://developer.hashicorp.com/vault/api-docs/secret/transit#type The default of 3072 is the minimal permitted under the Commercial National Security Algorithm (CNSA) 1.0 suite. |
{
"keyname": "string",
"keytype": "string",
"publickey": "string",
"transitname": "string"
}
The Vault KMS transit engine status for the tenant
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| keyname | string | false | none | The Vault transit key name. |
| keytype | string | false | none | The Vault transit key type. |
| publickey | string | false | none | The Vault public key. |
| transitname | string | false | none | The generated Vault transit engine name. |
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
The desired resources for the Tenant
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| enforceexclusivehsmgroups | boolean | false | none | none |
| hsmgrouplabel | string | false | none | none |
| hsmpartitionname | string | false | none | none |
| type | string | true | none | none |
| xnames | [string] | true | none | none |
{
"childnamespaces": [
"vcluster-blue-slurm"
],
"state": "New,Deploying,Deployed,Deleting",
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"enablekms": true,
"keyname": "string",
"keytype": "string"
},
"tenantname": "vcluster-blue",
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"requiresVaultKeyUpdate": true
}
The desired state of Tenant
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| childnamespaces | [string] | false | none | none |
| state | string | false | none | +kubebuilder:validation:Optional |
| tenanthooks | [TenantHook] | false | none | +kubebuilder:validation:Optional |
| tenantkms | TenantKmsResource | false | none | +kubebuilder:validation:Optional |
| tenantname | string | true | none | none |
| tenantresources | [TenantResource] | true | none | The desired resources for the Tenant |
| requiresVaultKeyUpdate | boolean | false | none | none |
{
"childnamespaces": [
"vcluster-blue-slurm"
],
"tenanthooks": [
{
"blockingcall": true,
"eventtypes": [
"CREATE",
" UPDATE",
" DELETE"
],
"name": "string",
"url": "http://<url>:<port>"
}
],
"tenantkms": {
"keyname": "string",
"keytype": "string",
"publickey": "string",
"transitname": "string"
},
"tenantresources": [
{
"enforceexclusivehsmgroups": true,
"hsmgrouplabel": "green",
"hsmpartitionname": "blue",
"type": "compute",
"xnames": [
"x0c3s5b0n0",
"x0c3s6b0n0"
]
}
],
"uuid": "550e8400-e29b-41d4-a716-446655440000"
}
The observed state of Tenant
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| childnamespaces | [string] | false | none | none |
| tenanthooks | [TenantHook] | false | none | [The webhook definition to call an API for tenant CRUD operations] |
| tenantkms | TenantKmsStatus | false | none | The Vault KMS transit engine status for the tenant |
| tenantresources | [TenantResource] | false | none | The desired resources for the Tenant |
| uuid | string(uuid) | false | none | none |