From 3c2e2de817ff2677313fb65b85a9f6d597cf4d75 Mon Sep 17 00:00:00 2001 From: prakhar katiyar Date: Tue, 30 Sep 2025 16:22:28 +0530 Subject: [PATCH] develop sync for specs --- specs/audit/deployment-history-api-spec.yaml | 6 + specs/audit/deployment-history.yaml | 6 + specs/deployment/pipeline.yaml | 356 +++++- specs/ent-only/panels_api-spec.yaml | 23 + specs/helm/app-store.yaml | 315 +++++- specs/kubernetes/apis.yaml | 49 +- specs/kubernetes/ephemeral-containers.yaml | 17 +- specs/security/security-dashboard-apis.yml | 586 ++++------ specs/security/security-policy.yml | 472 ++++---- specs/template/config-maps.yaml | 1056 ++++-------------- 10 files changed, 1446 insertions(+), 1440 deletions(-) diff --git a/specs/audit/deployment-history-api-spec.yaml b/specs/audit/deployment-history-api-spec.yaml index 2160b67951..1c2cb037f0 100644 --- a/specs/audit/deployment-history-api-spec.yaml +++ b/specs/audit/deployment-history-api-spec.yaml @@ -2,6 +2,12 @@ openapi: "3.0.3" info: version: 1.0.0 title: Helm App Deployment History + description: API for retrieving deployment history information for Helm applications + +servers: + - url: /orchestrator + description: Devtron Orchestrator API Server + paths: /orchestrator/application/deployment-history: get: diff --git a/specs/audit/deployment-history.yaml b/specs/audit/deployment-history.yaml index 7e68a116d3..926ca9be2a 100644 --- a/specs/audit/deployment-history.yaml +++ b/specs/audit/deployment-history.yaml @@ -2,6 +2,12 @@ openapi: "3.0.0" info: version: 1.0.0 title: Deployment History API + description: API for retrieving deployment history and component details + +servers: + - url: /orchestrator + description: Devtron Orchestrator API Server + paths: /orchestrator/app/history/deployed-component/detail/{appId}/{pipelineId}/{id}: get: diff --git a/specs/deployment/pipeline.yaml b/specs/deployment/pipeline.yaml index 7b6a8940bf..34134e35e8 100644 --- a/specs/deployment/pipeline.yaml +++ b/specs/deployment/pipeline.yaml @@ -56,29 +56,66 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' - /orchestrator/deployment/pipeline/trigger: + /orchestrator/app/cd-pipeline/trigger: post: - description: Trigger a deployment pipeline + description: Trigger a CD pipeline deployment with configuration override requestBody: - description: Pipeline trigger details + description: CD pipeline trigger details with deployment configuration required: true content: application/json: schema: - $ref: '#/components/schemas/PipelineTrigger' + $ref: '#/components/schemas/CdPipelineTrigger' + examples: + manual_trigger: + summary: Manual deployment trigger + value: + pipelineId: 789 + artifactId: 98765 + triggeredBy: 123 + deploymentType: "HELM" + deploymentStrategy: "ROLLING" + configOverrides: + replicas: 3 + environment: "production" + runtimeParameters: + CPU_LIMIT: "500m" + MEMORY_LIMIT: "512Mi" responses: '200': - description: Pipeline triggered successfully + description: CD pipeline triggered successfully content: application/json: schema: - $ref: '#/components/schemas/PipelineTriggerResponse' + $ref: '#/components/schemas/CdPipelineTriggerResponse' + examples: + successful_trigger: + summary: Successful trigger + value: + code: 200 + status: "OK" + result: + workflowId: 12345 + workflowRunnerId: 67890 + pipelineId: 789 + status: "Starting" + message: "CD pipeline triggered successfully" '400': - description: Bad Request + description: Bad Request - Invalid trigger parameters content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' + examples: + invalid_pipeline: + summary: Invalid pipeline ID + value: + code: 400 + status: "Bad Request" + errors: + - code: "000" + internalMessage: "invalid pipelineId: pipeline not found" + userMessage: "The specified pipeline does not exist" '401': description: Unauthorized content: @@ -86,11 +123,21 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' '403': - description: Forbidden + description: Forbidden - Insufficient permissions content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' + examples: + insufficient_permissions: + summary: Insufficient permissions + value: + code: 403 + status: "Forbidden" + errors: + - code: "000" + internalMessage: "unauthorized user" + userMessage: "Insufficient permissions to trigger this pipeline" '500': description: Internal Server Error content: @@ -140,29 +187,88 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' - /orchestrator/deployment/pipeline/history: - get: - description: Get deployment pipeline history - parameters: - - name: appId - in: query - required: true - schema: - type: integer - description: Application ID - - name: envId - in: query - required: true - schema: - type: integer - description: Environment ID + /orchestrator/app/update-release-status: + post: + description: Update release status for a deployment + requestBody: + description: Release status update details + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ReleaseStatusUpdate' + examples: + success_update: + summary: Mark release as successful + value: + workflowRunnerId: 67890 + status: "SUCCESS" + message: "Deployment completed successfully" + updatedBy: 123 + responses: + '200': + description: Release status updated successfully + content: + application/json: + schema: + $ref: '#/components/schemas/ReleaseStatusResponse' + '400': + description: Bad Request + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + '401': + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + '403': + description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + '500': + description: Internal Server Error + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + + /orchestrator/app/stop-start-app: + post: + description: Start or stop application pods + requestBody: + description: Application start/stop request + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/AppStartStopRequest' + examples: + stop_app: + summary: Stop application + value: + appId: 123 + environmentId: 456 + action: "STOP" + requestedBy: 789 + start_app: + summary: Start application + value: + appId: 123 + environmentId: 456 + action: "START" + requestedBy: 789 responses: '200': - description: Pipeline history retrieved successfully + description: Application start/stop operation initiated successfully content: application/json: schema: - $ref: '#/components/schemas/PipelineHistory' + $ref: '#/components/schemas/AppStartStopResponse' '400': description: Bad Request content: @@ -243,39 +349,223 @@ components: type: string description: Name of the pipeline - PipelineTrigger: + CdPipelineTrigger: type: object required: - pipelineId + - artifactId + - triggeredBy properties: pipelineId: type: integer - description: Pipeline ID + description: CD Pipeline ID + minimum: 1 + example: 789 artifactId: type: integer description: Artifact ID to deploy + minimum: 1 + example: 98765 triggeredBy: type: integer description: User ID who triggered the pipeline + minimum: 1 + example: 123 + deploymentType: + type: string + description: Type of deployment + enum: ["HELM", "ARGOCD", "MANIFEST"] + example: "HELM" + deploymentStrategy: + type: string + description: Deployment strategy + enum: ["ROLLING", "BLUE_GREEN", "RECREATE", "CANARY"] + example: "ROLLING" + configOverrides: + type: object + description: Configuration overrides for this deployment + additionalProperties: + oneOf: + - type: string + - type: number + - type: boolean + example: + replicas: 3 + environment: "production" + enableMetrics: true + runtimeParameters: + type: object + description: Runtime parameters for deployment + additionalProperties: + type: string + example: + CPU_LIMIT: "500m" + MEMORY_LIMIT: "512Mi" + LOG_LEVEL: "INFO" + preDeploymentScript: + type: string + description: Pre-deployment script to execute + example: "#!/bin/bash\necho 'Running pre-deployment checks...'" + postDeploymentScript: + type: string + description: Post-deployment script to execute + example: "#!/bin/bash\necho 'Running post-deployment validation...'" - PipelineTriggerResponse: + CdPipelineTriggerResponse: type: object properties: code: type: integer - description: Status code + description: HTTP status code + example: 200 status: type: string - description: Status message + description: Response status + example: "OK" result: type: object properties: + workflowId: + type: integer + description: Workflow ID + example: 12345 + workflowRunnerId: + type: integer + description: Workflow Runner ID + example: 67890 pipelineId: type: integer description: Pipeline ID - workflowId: + example: 789 + status: + type: string + description: Initial workflow status + enum: ["Starting", "Queued", "Failed"] + example: "Starting" + message: + type: string + description: Status message + example: "CD pipeline triggered successfully" + + ReleaseStatusUpdate: + type: object + required: + - workflowRunnerId + - status + - updatedBy + properties: + workflowRunnerId: + type: integer + description: Workflow Runner ID + minimum: 1 + example: 67890 + status: + type: string + description: Release status + enum: ["SUCCESS", "FAILED", "CANCELLED", "TIMEOUT"] + example: "SUCCESS" + message: + type: string + description: Status message or failure reason + example: "Deployment completed successfully" + updatedBy: + type: integer + description: User ID who updated the status + minimum: 1 + example: 123 + + ReleaseStatusResponse: + type: object + properties: + code: + type: integer + description: HTTP status code + example: 200 + status: + type: string + description: Response status + example: "OK" + result: + type: object + properties: + workflowRunnerId: type: integer - description: Workflow ID + description: Workflow Runner ID + example: 67890 + status: + type: string + description: Updated release status + example: "SUCCESS" + updatedAt: + type: string + format: date-time + description: Timestamp when status was updated + example: "2024-01-15T10:35:00Z" + + AppStartStopRequest: + type: object + required: + - appId + - environmentId + - action + - requestedBy + properties: + appId: + type: integer + description: Application ID + minimum: 1 + example: 123 + environmentId: + type: integer + description: Environment ID + minimum: 1 + example: 456 + action: + type: string + description: Action to perform + enum: ["START", "STOP"] + example: "STOP" + requestedBy: + type: integer + description: User ID who requested the action + minimum: 1 + example: 789 + + AppStartStopResponse: + type: object + properties: + code: + type: integer + description: HTTP status code + example: 200 + status: + type: string + description: Response status + example: "OK" + result: + type: object + properties: + appId: + type: integer + description: Application ID + example: 123 + environmentId: + type: integer + description: Environment ID + example: 456 + action: + type: string + description: Action performed + example: "STOP" + status: + type: string + description: Operation status + enum: ["INITIATED", "IN_PROGRESS", "COMPLETED", "FAILED"] + example: "INITIATED" + message: + type: string + description: Operation message + example: "Application stop operation initiated successfully" PipelineRollback: type: object diff --git a/specs/ent-only/panels_api-spec.yaml b/specs/ent-only/panels_api-spec.yaml index a10cd6e255..b3f66d5076 100644 --- a/specs/ent-only/panels_api-spec.yaml +++ b/specs/ent-only/panels_api-spec.yaml @@ -116,6 +116,29 @@ paths: '204': description: Panel deleted successfully + /orchestrator/clusters/{cluster_id}/panel: + post: + summary: Create a new panel for a specific cluster (plural clusters path) + parameters: + - in: path + name: cluster_id + required: true + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/Panel' + responses: + '201': + description: Panel created successfully + content: + application/json: + schema: + $ref: '#/components/schemas/Panel' + components: schemas: Panel: diff --git a/specs/helm/app-store.yaml b/specs/helm/app-store.yaml index a89f54f546..7c4bc1ab34 100644 --- a/specs/helm/app-store.yaml +++ b/specs/helm/app-store.yaml @@ -258,6 +258,180 @@ paths: schema: $ref: '#/components/schemas/ErrorResponse' + /orchestrator/app-store/deployment/application/version/{installedAppVersionId}: + get: + tags: + - App Store Deployment + summary: Get installed app version details + description: | + Retrieves detailed information about a specific installed app version. + This endpoint returns the complete configuration, values, and metadata + for a deployed app store application version. + + **Authentication & Authorization**: + - Requires valid user session + - User must have GET permission on the Helm app resource + - RBAC enforced based on cluster, namespace, and app name + + **Use Cases**: + - View current deployment configuration + - Retrieve values.yaml for an installed app + - Get chart version and metadata + - Access deployment history reference + operationId: getInstalledAppVersion + parameters: + - name: installedAppVersionId + in: path + required: true + description: | + The ID of the installed app version to retrieve. + This is the unique identifier for a specific version of a deployed app. + schema: + type: integer + minimum: 1 + example: 2 + responses: + '200': + description: Installed app version details retrieved successfully + content: + application/json: + schema: + type: object + properties: + code: + type: integer + description: HTTP status code + example: 200 + status: + type: string + description: Response status + example: "OK" + result: + $ref: '#/components/schemas/InstallAppVersionDTO' + examples: + successful_response: + summary: Successful retrieval of installed app version + value: + code: 200 + status: "OK" + result: + id: 2 + appId: 12 + appName: "my-app" + teamId: 1 + teamName: "devtron-demo" + environmentId: 1 + installedAppId: 5 + installedAppVersionId: 2 + appStoreVersion: 45 + valuesOverrideYaml: | + replicaCount: 2 + image: + tag: "v1.0.0" + readme: "# Application README\n\nThis is the application documentation." + referenceValueId: 1 + referenceValueKind: "DEFAULT" + appStoreId: 10 + appStoreName: "nginx" + deprecated: false + clusterId: 1 + namespace: "default" + appOfferingMode: "FULL" + gitOpsPath: "my-app-default" + deploymentAppType: "HELM" + helmPackageName: "nginx-1.0.0" + '400': + description: Bad Request - Invalid installedAppVersionId parameter + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + examples: + invalid_parameter: + summary: Invalid installedAppVersionId + value: + code: 400 + status: "Bad Request" + errors: + - code: "11001" + userMessage: "Invalid path parameter 'installedAppVersionId': must be a valid positive integer" + internalMessage: "strconv.Atoi: parsing \"abc\": invalid syntax" + outdated_values: + summary: Outdated values error + value: + code: 400 + status: "Bad Request" + errors: + - code: "400" + userMessage: "values are outdated. please fetch the latest version and try again" + internalMessage: "sql: no rows in result set" + '401': + description: Unauthorized - Missing or invalid authentication + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + examples: + unauthorized: + summary: User not authenticated + value: + code: 401 + status: "Unauthorized" + errors: + - code: "11010" + userMessage: "Authentication required. Please log in to continue." + internalMessage: "unauthorized" + '403': + description: Forbidden - Insufficient permissions + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + examples: + forbidden: + summary: User lacks permissions + value: + code: 403 + status: "Forbidden" + errors: + - code: "11008" + userMessage: "Access denied. You do not have permission to view this installed app version." + internalMessage: "unauthorized user" + '404': + description: Not Found - Installed app version does not exist + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + examples: + not_found: + summary: Installed app version not found + value: + code: 404 + status: "Not Found" + errors: + - code: "11006" + userMessage: "Installed app version with ID '2' not found" + internalMessage: "sql: no rows in result set" + '500': + description: Internal Server Error + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + examples: + internal_error: + summary: Unexpected server error + value: + code: 500 + status: "Internal Server Error" + errors: + - code: "11009" + userMessage: "An unexpected error occurred while retrieving the installed app version" + internalMessage: "database connection failed" + security: + - bearerAuth: [] + components: schemas: AppStoreApplication: @@ -401,6 +575,136 @@ components: $ref: '#/components/schemas/AppStoreApplication' description: List of app store applications + InstallAppVersionDTO: + type: object + description: | + Complete details of an installed app version including configuration, + values, and deployment metadata. + properties: + id: + type: integer + description: Installed app version ID (same as installedAppVersionId) + example: 2 + appId: + type: integer + description: Application ID + example: 12 + appName: + type: string + description: Application name (can be display name for external apps) + example: "my-app" + teamId: + type: integer + description: Team/Project ID + example: 1 + teamName: + type: string + description: Team/Project name + example: "devtron-demo" + environmentId: + type: integer + description: Environment ID where the app is deployed + example: 1 + installedAppId: + type: integer + description: Installed app ID + example: 5 + installedAppVersionId: + type: integer + description: Installed app version ID + example: 2 + installedAppVersionHistoryId: + type: integer + description: Installed app version history ID (for rollback reference) + example: 10 + appStoreVersion: + type: integer + description: App store application version ID (chart version reference) + example: 45 + valuesOverrideYaml: + type: string + description: YAML string containing custom values that override chart defaults + example: | + replicaCount: 2 + image: + tag: "v1.0.0" + service: + type: ClusterIP + readme: + type: string + description: README documentation for the chart + example: "# Application README\n\nThis is the application documentation." + referenceValueId: + type: integer + description: Reference value ID (points to template or deployed values) + example: 1 + referenceValueKind: + type: string + description: Kind of reference value + enum: ["DEFAULT", "TEMPLATE", "DEPLOYED", "EXISTING"] + example: "DEFAULT" + appStoreId: + type: integer + description: App store application ID + example: 10 + appStoreName: + type: string + description: App store application name (chart name) + example: "nginx" + deprecated: + type: boolean + description: Whether this chart version is deprecated + example: false + clusterId: + type: integer + description: Cluster ID where the app is deployed + example: 1 + namespace: + type: string + description: Kubernetes namespace where the app is deployed + example: "default" + appOfferingMode: + type: string + description: App offering mode (FULL, EA_ONLY, etc.) + example: "FULL" + gitOpsPath: + type: string + description: GitOps repository path for this deployment + example: "my-app-default" + gitHash: + type: string + description: Git commit hash of the deployed version + example: "abc123def456" + deploymentAppType: + type: string + description: Deployment application type (HELM, GITOPS, etc.) + example: "HELM" + acdPartialDelete: + type: boolean + description: Whether ArgoCD partial delete is enabled + example: false + updatedOn: + type: string + format: date-time + description: Last update timestamp + example: "2024-01-15T10:30:00Z" + isVirtualEnvironment: + type: boolean + description: Whether this is a virtual environment + example: false + helmPackageName: + type: string + description: Helm package name + example: "nginx-1.0.0" + gitRepoURL: + type: string + description: GitOps repository URL + example: "https://github.com/org/gitops-repo" + appStoreApplicationVersionId: + type: integer + description: App store application version ID + example: 45 + ErrorResponse: required: - code @@ -433,4 +737,13 @@ components: description: Error internal message userMessage: type: string - description: Error user message \ No newline at end of file + description: Error user message + + securitySchemes: + bearerAuth: + type: http + scheme: bearer + bearerFormat: JWT + description: | + JWT token-based authentication. Include the token in the Authorization header + as: `Authorization: Bearer ` \ No newline at end of file diff --git a/specs/kubernetes/apis.yaml b/specs/kubernetes/apis.yaml index c2cd6a652e..642b097111 100644 --- a/specs/kubernetes/apis.yaml +++ b/specs/kubernetes/apis.yaml @@ -44,12 +44,24 @@ components: K8sRequestDto: type: object + required: + - resourceIdentifier properties: resourceIdentifier: $ref: '#/components/schemas/ResourceIdentifier' patch: type: string - description: patch data for update operations + description: | + JSON patch data for update operations. Contains the complete Kubernetes manifest + for the resource being updated/edited. + example: '{"apiVersion":"v1","kind":"Pod","metadata":{"name":"my-pod","namespace":"default"},"spec":{"containers":[{"name":"nginx","image":"nginx:1.25"}]}}' + forceDelete: + type: boolean + nullable: true + description: | + Force delete the resource. When true, the resource will be deleted immediately + without waiting for graceful termination. Only applicable for delete operations. + example: false ResourceIdentifier: type: object @@ -64,25 +76,28 @@ components: $ref: '#/components/schemas/GroupVersionKind' required: - name - - namespace - - groupVersionKind + - namespace + - groupVersionKind GroupVersionKind: type: object + required: + - Group + - Version + - Kind properties: - group: + Group: type: string - description: API group - version: + description: API group (capitalized field name as per Kubernetes API) + example: "" + Version: type: string - description: API version - kind: + description: API version (capitalized field name as per Kubernetes API) + example: "v1" + Kind: type: string - description: resource kind - required: - - group - - version - - kind + description: Resource kind (capitalized field name as per Kubernetes API) + example: "Pod" ManifestResponse: type: object @@ -373,14 +388,14 @@ paths: description: Internal server error put: summary: Update Kubernetes resource - description: Updates an existing Kubernetes resource manifest + description: Updates an existing Kubernetes resource manifest using patch data operationId: UpdateResource requestBody: required: true content: application/json: schema: - $ref: '#/components/schemas/ResourceRequestObject' + $ref: '#/components/schemas/ResourceRequestBean' responses: "200": description: Updated resource manifest @@ -454,11 +469,11 @@ paths: description: Fetches events for Kubernetes resources operationId: ListEvents requestBody: - required: false + required: true content: application/json: schema: - $ref: '#/components/schemas/ResourceRequestObject' + $ref: '#/components/schemas/ResourceRequestBean' responses: "200": description: Resource events diff --git a/specs/kubernetes/ephemeral-containers.yaml b/specs/kubernetes/ephemeral-containers.yaml index c8b6a5a341..4556165ea6 100644 --- a/specs/kubernetes/ephemeral-containers.yaml +++ b/specs/kubernetes/ephemeral-containers.yaml @@ -106,6 +106,9 @@ components: schemas: EphemeralContainerRequest: type: object + description: | + Request to create an ephemeral container. Either basicData or advancedData is required. + If both are provided, advancedData takes priority over basicData. properties: basicData: $ref: "#/components/schemas/EphemeralContainerBasicData" @@ -121,9 +124,6 @@ components: podName: type: string description: Name of the pod - userId: - type: integer - description: User ID externalArgoApplicationName: type: string description: Name of the external Argo application (if applicable) @@ -131,6 +131,9 @@ components: - namespace - clusterId - podName + anyOf: + - required: ["basicData"] + - required: ["advancedData"] EphemeralContainerBasicData: type: object properties: @@ -149,10 +152,16 @@ components: - image EphemeralContainerAdvancedData: type: object + description: | + Advanced configuration for ephemeral container using Kubernetes EphemeralContainer specification. + For complete field reference, see: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#ephemeralcontainer-v1-core properties: manifest: type: string - description: Kubernetes manifest for the ephemeral container + description: | + Kubernetes manifest for the ephemeral container in JSON format. + Should conform to the EphemeralContainer v1 core specification. + Reference: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.34/#ephemeralcontainer-v1-core PodContainerList: type: object properties: diff --git a/specs/security/security-dashboard-apis.yml b/specs/security/security-dashboard-apis.yml index a4552a714f..9517ddc487 100644 --- a/specs/security/security-dashboard-apis.yml +++ b/specs/security/security-dashboard-apis.yml @@ -1,15 +1,129 @@ -openapi: '3.0.2' +openapi: "3.0.3" info: - title: Security Scan API - version: '2.0' - description: API for managing security scans and vulnerability assessments + title: Devtron Security Scan API + description: API specifications for security scanning and vulnerability management in Devtron + version: "1.0.0" + contact: + name: Devtron Support + email: support@devtron.ai + license: + name: Apache 2.0 + url: https://www.apache.org/licenses/LICENSE-2.0.html + servers: - - url: https://api.server.test/v1 + - url: /orchestrator + description: Devtron Orchestrator API Server + +security: + - bearerAuth: [] + +components: + securitySchemes: + bearerAuth: + type: http + scheme: bearer + bearerFormat: JWT + + schemas: + ApiResponse: + type: object + properties: + code: + type: integer + status: + type: string + result: + type: object + + ErrorResponse: + type: object + properties: + code: + type: integer + status: + type: string + errors: + type: array + items: + type: string + + ImageScanRequest: + type: object + properties: + imageScanDeployInfoId: + type: integer + example: 123 + image: + type: string + example: "nginx:latest" + artifactId: + type: integer + example: 456 + appId: + type: integer + example: 789 + envId: + type: integer + example: 101 + size: + type: integer + example: 20 + offset: + type: integer + example: 0 + + ImageScanHistoryResponse: + type: object + properties: + imageScanDeployInfoId: + type: integer + image: + type: string + tag: + type: string + appId: + type: integer + envId: + type: integer + executedOn: + type: string + format: date-time + executionHistory: + type: array + items: + type: object + + ImageScanHistoryListingResponse: + type: object + properties: + imageScanHistoryResponse: + type: array + items: + $ref: '#/components/schemas/ImageScanHistoryResponse' + + VulnerabilityExposureRequest: + type: object + properties: + cveId: + type: string + example: "CVE-2025-1234" + appId: + type: integer + example: 123 + +tags: + - name: Security Scans + description: Security scanning operations + - name: Vulnerability Management + description: Vulnerability exposure and policy management + paths: - /orchestrator/security/scan/list: + /security/scan/list: post: - summary: Get list of scan executions - description: Fetch scan execution history with filtering options + tags: + - Security Scans + summary: Get scan execution list + description: Retrieves a list of security scan executions based on the provided criteria operationId: scanExecutionList requestBody: required: true @@ -17,456 +131,246 @@ paths: application/json: schema: $ref: '#/components/schemas/ImageScanRequest' + example: + imageScanDeployInfoId: 123 + image: "nginx:latest" + artifactId: 456 + appId: 789 + envId: 101 + size: 20 + offset: 0 responses: '200': - description: List of scan executions + description: Scan execution list retrieved successfully content: application/json: schema: - $ref: '#/components/schemas/ImageScanHistoryListingResponse' + allOf: + - $ref: '#/components/schemas/ApiResponse' + - type: object + properties: + result: + $ref: '#/components/schemas/ImageScanHistoryListingResponse' '400': - description: Bad request + description: Invalid request parameters content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' - /orchestrator/security/scan/executionDetail: + /security/scan/executionDetail: get: - summary: Fetch image scan execution result - description: Get detailed scan results by multiple ways for different use cases. At least one parameter is required. + tags: + - Security Scans + summary: Get scan execution detail + description: Retrieves detailed information about a specific scan execution operationId: fetchExecutionDetail parameters: - name: imageScanDeployInfoId in: query - description: Image scan deploy info ID for fetching scan result required: false schema: type: integer + example: 123 + - name: image + in: query + required: false + schema: + type: string + example: "nginx:latest" - name: artifactId in: query - description: CI artifact ID to fetch scan result for image required: false schema: type: integer + example: 456 - name: appId in: query - description: Application ID for fetching scan result required: false schema: type: integer + example: 789 - name: envId in: query - description: Environment ID for fetching scan result required: false schema: type: integer - - name: image + example: 101 + - name: executionId in: query - description: Image name to fetch scan result for required: false schema: - type: string + type: integer + example: 999 responses: '200': - description: Scan execution details + description: Scan execution detail retrieved successfully content: application/json: schema: - $ref: '#/components/schemas/ImageScanExecutionDetail' + $ref: '#/components/schemas/ApiResponse' '400': - description: Bad request + description: Invalid request parameters content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + '404': + description: Scan execution not found + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' - /orchestrator/security/scan/executionDetail/min: + /security/scan/executionDetail/min: get: - summary: Fetch minimal scan result by app and environment ID - description: Get minimal scan result information for a specific app and environment - operationId: fetchMinScanResult + tags: + - Security Scans + summary: Get minimal scan execution detail + description: Retrieves minimal scan result information by application and environment + operationId: fetchMinScanResultByAppIdAndEnvId parameters: - name: appId in: query - description: Application ID required: true schema: type: integer + example: 789 - name: envId in: query - description: Environment ID required: true schema: type: integer + example: 101 responses: '200': - description: Minimal scan execution details + description: Minimal scan result retrieved successfully content: application/json: schema: - $ref: '#/components/schemas/ImageScanExecutionDetail' + $ref: '#/components/schemas/ApiResponse' '400': - description: Bad request + description: Invalid request parameters content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + '404': + description: Scan result not found + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' - /orchestrator/security/scan/cve/exposure: + /security/scan/cve/exposure: post: - summary: Get vulnerability exposure information - description: Fetch vulnerability exposure data across applications and environments + tags: + - Vulnerability Management + summary: Get CVE vulnerability exposure + description: Retrieves vulnerability exposure information for a specific CVE operationId: vulnerabilityExposure requestBody: required: true content: application/json: schema: - $ref: '#/components/schemas/VulnerabilityRequest' + $ref: '#/components/schemas/VulnerabilityExposureRequest' + example: + cveId: "CVE-2025-1234" + appId: 123 responses: '200': - description: Vulnerability exposure data + description: CVE exposure information retrieved successfully content: application/json: schema: - $ref: '#/components/schemas/VulnerabilityExposureListingResponse' + allOf: + - $ref: '#/components/schemas/ApiResponse' + - type: object + properties: + result: + $ref: '#/components/schemas/ImageScanHistoryListingResponse' '400': - description: Bad request + description: Invalid request parameters content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' + '404': + description: CVE not found + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: - $ref: '#/components/schemas/Error' -components: - schemas: - Error: - description: Error object - type: object - required: - - code - - message - properties: - code: - type: integer - format: int32 - description: Error code - message: - type: string - description: Error message - - ImageScanRequest: - description: Request object for image scan operations - type: object - properties: - scanExecutionId: - type: integer - description: Scan execution ID - imageScanDeployInfoId: - type: integer - description: Image scan deploy info ID - appId: - type: integer - description: Application ID - envId: - type: integer - description: Environment ID - objectId: - type: integer - description: Object ID - artifactId: - type: integer - description: Artifact ID - image: - type: string - description: Image name - offset: - type: integer - description: Pagination offset - size: - type: integer - description: Page size - - ImageScanHistoryListingResponse: - description: Response containing list of scan history - type: object - properties: - offset: - type: integer - description: Pagination offset - size: - type: integer - description: Page size - total: - type: integer - description: Total number of records - scanList: - type: array - items: - $ref: '#/components/schemas/ImageScanHistoryResponse' - - ImageScanHistoryResponse: - description: Individual scan history item - type: object - properties: - imageScanDeployInfoId: - type: integer - description: Image scan deploy info ID - appId: - type: integer - description: Application ID - envId: - type: integer - description: Environment ID - name: - type: string - description: Name of the scanned resource - type: - type: string - description: Type of the scanned resource - environment: - type: string - description: Environment name - lastChecked: - type: string - format: date-time - description: Last scan timestamp - image: - type: string - description: Image name - severityCount: - $ref: '#/components/schemas/SeverityCount' - - ImageScanExecutionDetail: - description: Detailed scan execution result - type: object - properties: - imageScanDeployInfoId: - type: integer - description: Image scan deploy info ID - appId: - type: integer - description: Application ID - envId: - type: integer - description: Environment ID - appName: - type: string - description: Application name - envName: - type: string - description: Environment name - pod: - type: string - description: Pod name - replicaSet: - type: string - description: ReplicaSet name - image: - type: string - description: Image name - vulnerabilities: - type: array - items: - $ref: '#/components/schemas/Vulnerability' - severityCount: - $ref: '#/components/schemas/SeverityCount' - executionTime: - type: string - format: date-time - description: Scan execution time - scanEnabled: - type: boolean - description: Whether scanning is enabled - scanned: - type: boolean - description: Whether the image has been scanned - objectType: - type: string - description: Type of the scanned object - scanToolId: - type: integer - description: ID of the scan tool used - scanToolName: - type: string - description: Name of the scan tool - scanToolUrl: - type: string - description: URL of the scan tool - status: - type: string - description: Scan execution status - enum: - - RUNNING - - COMPLETED - - FAILED - - CANCELLED - - SeverityCount: - description: Count of vulnerabilities by severity - type: object - properties: - critical: - type: integer - description: Number of critical vulnerabilities - high: - type: integer - description: Number of high severity vulnerabilities - medium: - type: integer - description: Number of medium severity vulnerabilities - low: - type: integer - description: Number of low severity vulnerabilities - unknown: - type: integer - description: Number of unknown severity vulnerabilities - - Vulnerability: - description: Individual vulnerability details - type: object - properties: - cveName: - type: string - description: CVE identifier - severity: - type: string - description: Vulnerability severity - enum: - - CRITICAL - - HIGH - - MEDIUM - - LOW - - UNKNOWN - package: - type: string - description: Affected package name - currentVersion: - type: string - description: Current version of the package - fixedVersion: - type: string - description: Version where the vulnerability is fixed - permission: - type: string - description: Permission level - target: - type: string - description: Target of the vulnerability - class: - type: string - description: Vulnerability class - type: - type: string - description: Vulnerability type - - VulnerabilityRequest: - description: Request for vulnerability exposure data - type: object - properties: - appName: - type: string - description: Application name filter - cveName: - type: string - description: CVE name filter - envIds: - type: array - items: - type: integer - description: Environment IDs to filter by - clusterIds: - type: array - items: - type: integer - description: Cluster IDs to filter by - offset: - type: integer - description: Pagination offset - size: - type: integer - description: Page size - - VulnerabilityExposureListingResponse: - description: Response containing vulnerability exposure data - type: object - properties: - offset: - type: integer - description: Pagination offset - size: - type: integer - description: Page size - total: - type: integer - description: Total number of records - list: - type: array - items: - $ref: '#/components/schemas/VulnerabilityExposure' - - VulnerabilityExposure: - description: Vulnerability exposure information - type: object - properties: - appName: - type: string - description: Application name - envName: - type: string - description: Environment name - appId: - type: integer - description: Application ID - envId: - type: integer - description: Environment ID - appType: - type: string - description: Application type - enum: - - DEVTRON_APP - - HELM_APP - - EXTERNAL_HELM_APP - blocked: - type: boolean - description: Whether the vulnerability is blocked \ No newline at end of file + $ref: '#/components/schemas/ErrorResponse' diff --git a/specs/security/security-policy.yml b/specs/security/security-policy.yml index 89290e8b19..8609d4f1ce 100644 --- a/specs/security/security-policy.yml +++ b/specs/security/security-policy.yml @@ -1,16 +1,253 @@ -openapi: '3.0.2' +openapi: 3.0.3 info: - title: Security Policy Management - version: '2.0' - description: API for managing security policies and vulnerability controls + version: 1.0.0 + title: Devtron Security Policy Management API + description: | + API for managing security policies and vulnerability controls in Devtron. + Provides endpoints for creating, updating, and managing security policies + at global, cluster, environment, and application levels. + termsOfService: https://devtron.ai/terms/ + contact: + name: Devtron Support + email: support@devtron.ai + url: https://devtron.ai/support + license: + name: Apache 2.0 + url: https://www.apache.org/licenses/LICENSE-2.0.html + servers: - - url: https://api.server.test/v1 + - url: /orchestrator + description: Devtron Orchestrator API Server + +components: + securitySchemes: + bearerAuth: + type: http + scheme: bearer + bearerFormat: JWT + description: JWT token for authentication + schemas: + Error: + description: Error object + type: object + required: + - code + - message + properties: + code: + type: integer + format: int32 + description: Error code + message: + type: string + description: Error message + + CreateVulnerabilityPolicyRequest: + description: Request object for creating vulnerability policy. For global policy don't set clusterId, envId and appId. For cluster set clusterId, for environment set envId, for app set appId and envId. Only one of severity or cveId should be set. + type: object + properties: + action: + $ref: '#/components/schemas/VulnerabilityAction' + appId: + type: integer + description: Application ID (required for app-level policies) + clusterId: + type: integer + description: Cluster ID (required for cluster-level policies) + cveId: + type: string + description: CVE ID for specific CVE policies + envId: + type: integer + description: Environment ID (required for environment and app-level policies) + severity: + type: string + description: Severity level for severity-based policies + enum: + - critical + - high + - medium + - low + + UpdatePolicyParams: + description: Parameters for updating a policy + type: object + required: + - id + - action + properties: + id: + type: integer + description: Policy ID to update + action: + type: string + description: New action for the policy + enum: + - block + - allow + + IdVulnerabilityPolicyResult: + description: Result containing policy ID + type: object + required: + - id + properties: + id: + type: integer + description: Policy ID + + ResourceLevel: + description: Resource Level can be one of Global, Cluster, Environment, Application + type: string + enum: + - Global + - Cluster + - Environment + - Application + + VulnerabilityAction: + description: Actions which can be taken on vulnerabilities + type: string + enum: + - block + - allow + + VulnerabilityPermission: + description: Whether vulnerability is allowed or blocked and is it inherited or is it overridden + type: object + required: + - action + properties: + action: + $ref: '#/components/schemas/VulnerabilityAction' + inherited: + type: boolean + description: Whether the policy is inherited from a higher level + isOverriden: + type: boolean + description: Whether the policy overrides a higher level policy + + SeverityPolicy: + description: Severity related policy information + type: object + required: + - severity + - policyOrigin + - policy + - id + properties: + id: + type: integer + description: Policy ID + severity: + type: string + description: Vulnerability severity level + enum: + - critical + - high + - medium + - low + policyOrigin: + type: string + description: Origin of the policy + policy: + $ref: '#/components/schemas/VulnerabilityPermission' + CvePolicy: + description: CVE related policy information + allOf: + - $ref: '#/components/schemas/SeverityPolicy' + - type: object + properties: + name: + description: In case of CVE policy this is same as CVE name else it is blank + type: string + + VulnerabilityPolicy: + description: Vulnerability policy for a specific scope (global, cluster, environment, or application) + type: object + required: + - severities + - cves + properties: + name: + type: string + description: Name of cluster, environment, or application/environment + envId: + type: integer + description: Environment ID in case of application-level policy + appId: + type: integer + description: Application ID (internal use) + clusterId: + type: integer + description: Cluster ID (internal use) + severities: + type: array + description: Severity-based policies + items: + $ref: '#/components/schemas/SeverityPolicy' + cves: + type: array + description: CVE-specific policies + items: + $ref: '#/components/schemas/CvePolicy' + + GetVulnerabilityPolicyResult: + description: Result containing vulnerability policies + type: object + required: + - level + - policies + properties: + level: + $ref: '#/components/schemas/ResourceLevel' + policies: + type: array + items: + $ref: '#/components/schemas/VulnerabilityPolicy' + + VerifyImageRequest: + description: Request for image verification against security policies + type: object + properties: + image: + type: string + description: Image name to verify + appId: + type: integer + description: Application ID + envId: + type: integer + description: Environment ID + clusterId: + type: integer + description: Cluster ID + + VerifyImageResponse: + description: Response containing image verification results + type: object + properties: + allowed: + type: boolean + description: Whether the image is allowed + blockedCves: + type: array + description: List of blocked CVEs found in the image + items: + type: string + message: + type: string + description: Verification message paths: /orchestrator/security/policy/save: post: + tags: + - Security Policy summary: Create a new security policy description: Create a new vulnerability policy for global, cluster, environment, or application level operationId: savePolicy + security: + - bearerAuth: [] requestBody: required: true content: @@ -43,9 +280,13 @@ paths: /orchestrator/security/policy/update: post: + tags: + - Security Policy summary: Update an existing security policy description: Update an existing vulnerability policy action operationId: updatePolicy + security: + - bearerAuth: [] requestBody: required: true content: @@ -78,9 +319,13 @@ paths: /orchestrator/security/policy/list: get: + tags: + - Security Policy summary: Get security policies description: Fetch current security policy for global, cluster, environment and application level operationId: getPolicy + security: + - bearerAuth: [] parameters: - name: level in: query @@ -120,9 +365,13 @@ paths: /orchestrator/security/policy/verify/webhook: post: + tags: + - Security Policy summary: Verify image against security policies description: Webhook endpoint to verify if an image passes security policy checks operationId: verifyImage + security: + - bearerAuth: [] requestBody: required: true content: @@ -152,216 +401,3 @@ paths: application/json: schema: $ref: '#/components/schemas/Error' -components: - schemas: - Error: - description: Error object - type: object - required: - - code - - message - properties: - code: - type: integer - format: int32 - description: Error code - message: - type: string - description: Error message - - CreateVulnerabilityPolicyRequest: - description: Request object for creating vulnerability policy. For global policy don't set clusterId, envId and appId. For cluster set clusterId, for environment set envId, for app set appId and envId. Only one of severity or cveId should be set. - type: object - properties: - action: - $ref: '#/components/schemas/VulnerabilityAction' - appId: - type: integer - description: Application ID (required for app-level policies) - clusterId: - type: integer - description: Cluster ID (required for cluster-level policies) - cveId: - type: string - description: CVE ID for specific CVE policies - envId: - type: integer - description: Environment ID (required for environment and app-level policies) - severity: - type: string - description: Severity level for severity-based policies - enum: - - critical - - high - - medium - - low - - UpdatePolicyParams: - description: Parameters for updating a policy - type: object - required: - - id - - action - properties: - id: - type: integer - description: Policy ID to update - action: - type: string - description: New action for the policy - enum: - - block - - allow - - IdVulnerabilityPolicyResult: - description: Result containing policy ID - type: object - required: - - id - properties: - id: - type: integer - description: Policy ID - - ResourceLevel: - description: Resource Level can be one of Global, Cluster, Environment, Application - type: string - enum: - - Global - - Cluster - - Environment - - Application - - VulnerabilityAction: - description: Actions which can be taken on vulnerabilities - type: string - enum: - - block - - allow - - VulnerabilityPermission: - description: Whether vulnerability is allowed or blocked and is it inherited or is it overridden - type: object - required: - - action - properties: - action: - $ref: '#/components/schemas/VulnerabilityAction' - inherited: - type: boolean - description: Whether the policy is inherited from a higher level - isOverriden: - type: boolean - description: Whether the policy overrides a higher level policy - - SeverityPolicy: - description: Severity related policy information - type: object - required: - - severity - - policyOrigin - - policy - - id - properties: - id: - type: integer - description: Policy ID - severity: - type: string - description: Vulnerability severity level - enum: - - critical - - high - - medium - - low - policyOrigin: - type: string - description: Origin of the policy - policy: - $ref: '#/components/schemas/VulnerabilityPermission' - CvePolicy: - description: CVE related policy information - allOf: - - $ref: '#/components/schemas/SeverityPolicy' - - type: object - properties: - name: - description: In case of CVE policy this is same as CVE name else it is blank - type: string - - VulnerabilityPolicy: - description: Vulnerability policy for a specific scope (global, cluster, environment, or application) - type: object - required: - - severities - - cves - properties: - name: - type: string - description: Name of cluster, environment, or application/environment - envId: - type: integer - description: Environment ID in case of application-level policy - appId: - type: integer - description: Application ID (internal use) - clusterId: - type: integer - description: Cluster ID (internal use) - severities: - type: array - description: Severity-based policies - items: - $ref: '#/components/schemas/SeverityPolicy' - cves: - type: array - description: CVE-specific policies - items: - $ref: '#/components/schemas/CvePolicy' - - GetVulnerabilityPolicyResult: - description: Result containing vulnerability policies - type: object - required: - - level - - policies - properties: - level: - $ref: '#/components/schemas/ResourceLevel' - policies: - type: array - items: - $ref: '#/components/schemas/VulnerabilityPolicy' - - VerifyImageRequest: - description: Request for image verification against security policies - type: object - properties: - image: - type: string - description: Image name to verify - appId: - type: integer - description: Application ID - envId: - type: integer - description: Environment ID - clusterId: - type: integer - description: Cluster ID - - VerifyImageResponse: - description: Response containing image verification results - type: object - properties: - allowed: - type: boolean - description: Whether the image is allowed - blockedCves: - type: array - description: List of blocked CVEs found in the image - items: - type: string - message: - type: string - description: Verification message diff --git a/specs/template/config-maps.yaml b/specs/template/config-maps.yaml index f8a03227b6..5e44e49c11 100644 --- a/specs/template/config-maps.yaml +++ b/specs/template/config-maps.yaml @@ -1,13 +1,136 @@ -openapi: "3.0.0" +openapi: "3.0.3" info: - title: Global ConfigMap and Secret Management - description: API for managing global ConfigMaps and Secrets - version: "1.0" + title: Devtron ConfigMap and Secret Management API + description: API specifications for ConfigMap and Secret management in Devtron orchestrator + version: "1.0.0" + contact: + name: Devtron Support + email: support@devtron.ai + license: + name: Apache 2.0 + url: https://www.apache.org/licenses/LICENSE-2.0.html + +servers: + - url: /orchestrator + description: Devtron Orchestrator API Server + +security: + - bearerAuth: [] + +components: + securitySchemes: + bearerAuth: + type: http + scheme: bearer + bearerFormat: JWT + + schemas: + ApiResponse: + type: object + properties: + code: + type: integer + status: + type: string + result: + type: object + + ErrorResponse: + type: object + properties: + code: + type: integer + status: + type: string + errors: + type: array + items: + type: string + + ConfigDataRequest: + type: object + required: + - appId + - configData + properties: + id: + type: integer + example: 0 + appId: + type: integer + example: 123 + environmentId: + type: integer + example: 456 + configData: + type: array + items: + $ref: '#/components/schemas/ConfigData' + isDeletable: + type: boolean + default: true + + ConfigData: + type: object + required: + - name + - type + properties: + name: + type: string + example: "global-configmap" + type: + type: string + enum: ["CONFIGMAP", "SECRET"] + example: "CONFIGMAP" + external: + type: boolean + default: false + mountPath: + type: string + example: "/etc/config" + data: + type: object + additionalProperties: + type: string + example: + key1: "value1" + key2: "value2" + global: + type: boolean + default: true + subPath: + type: boolean + default: false + filePermission: + type: string + example: "0644" + + ConfigsList: + type: object + properties: + maps: + type: array + items: + $ref: '#/components/schemas/ConfigData' + +tags: + - name: Global ConfigMaps + description: Global ConfigMap management + - name: Global Secrets + description: Global Secret management + - name: Environment ConfigMaps + description: Environment-specific ConfigMap operations + - name: Environment Secrets + description: Environment-specific Secret operations paths: - /orchestrator/config/global/cm: + /config/global/cm: post: - description: Create or update a global ConfigMap + tags: + - Global ConfigMaps + summary: Create or update global ConfigMap + description: Creates a new global ConfigMap or updates an existing one operationId: CMGlobalAddUpdate requestBody: required: true @@ -15,83 +138,119 @@ paths: application/json: schema: $ref: '#/components/schemas/ConfigDataRequest' + example: + id: 0 + appId: 123 + configData: + - name: "global-configmap" + type: "CONFIGMAP" + external: false + mountPath: "/etc/config" + data: + key1: "value1" + key2: "value2" + global: true + subPath: false + filePermission: "0644" + isDeletable: true responses: '200': - description: Successfully created/updated ConfigMap + description: ConfigMap created/updated successfully content: application/json: schema: - $ref: '#/components/schemas/ConfigDataRequest' + $ref: '#/components/schemas/ApiResponse' '400': - description: Bad request + description: Invalid request parameters content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '401': - description: Unauthorized user + description: Unauthorized content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '403': - description: Forbidden, user is not authorized + description: Forbidden content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' - /orchestrator/config/environment/cm: + /config/global/cs: post: - description: Create or update an environment-specific ConfigMap - operationId: CMEnvironmentAddUpdate + tags: + - Global Secrets + summary: Create or update global Secret + description: Creates a new global Secret or updates an existing one + operationId: CSGlobalAddUpdate requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConfigDataRequest' + example: + id: 0 + appId: 123 + configData: + - name: "global-secret" + type: "SECRET" + external: false + mountPath: "/etc/secrets" + data: + username: "admin" + password: "s3cr3t" + global: true + subPath: false + filePermission: "0600" + isDeletable: true responses: '200': - description: Successfully created/updated ConfigMap + description: Secret created/updated successfully content: application/json: schema: - $ref: '#/components/schemas/ConfigDataRequest' + $ref: '#/components/schemas/ApiResponse' '400': - description: Bad request + description: Invalid request parameters content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '401': - description: Unauthorized user + description: Unauthorized content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '403': - description: Forbidden, user is not authorized + description: Forbidden content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' - /orchestrator/config/global/cm/{appId}: + /config/global/cm/{appId}: get: - description: Get all global ConfigMaps for an application + tags: + - Global ConfigMaps + summary: Get global ConfigMaps for application + description: Retrieves all global ConfigMaps for the specified application operationId: CMGlobalFetch parameters: - name: appId @@ -99,858 +258,103 @@ paths: required: true schema: type: integer + example: 123 responses: '200': - description: Successfully retrieved ConfigMaps - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/environment/cm/{appId}/{envId}: - get: - description: Get all environment-specific ConfigMaps for an application - operationId: CMEnvironmentFetch - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: envId - in: path - required: true - schema: - type: integer - responses: - '200': - description: Successfully retrieved ConfigMaps + description: Global ConfigMaps retrieved successfully content: application/json: schema: - $ref: '#/components/schemas/ConfigDataRequest' + allOf: + - $ref: '#/components/schemas/ApiResponse' + - type: object + properties: + result: + $ref: '#/components/schemas/ConfigsList' '400': - description: Bad request + description: Invalid application ID content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '401': - description: Unauthorized user + description: Unauthorized content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/global/cm/edit/{appId}/{id}: - get: - description: Get a global ConfigMap for editing - operationId: CMGlobalFetchForEdit - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: id - in: path - required: true - schema: - type: integer - - name: name - in: query - required: true - schema: - type: string - responses: - '200': - description: Successfully retrieved ConfigMap - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user + description: Forbidden content: application/json: schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized + $ref: '#/components/schemas/ErrorResponse' + '404': + description: Application not found content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' - /orchestrator/config/environment/cm/edit/{appId}/{envId}/{id}: + /config/global/cs/{appId}: get: - description: Get an environment-specific ConfigMap for editing - operationId: CMEnvironmentFetchForEdit - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: envId - in: path - required: true - schema: - type: integer - - name: id - in: path - required: true - schema: - type: integer - - name: name - in: query - required: true - schema: - type: string - responses: - '200': - description: Successfully retrieved ConfigMap - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/global/cm/{appId}/{id}: - delete: - description: Delete a global ConfigMap - operationId: CMGlobalDelete - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: id - in: path - required: true - schema: - type: integer - - name: name - in: query - required: true - schema: - type: string - responses: - '200': - description: Successfully deleted ConfigMap - content: - application/json: - schema: - type: boolean - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/environment/cm/{appId}/{envId}/{id}: - delete: - description: Delete an environment-specific ConfigMap - operationId: CMEnvironmentDelete + tags: + - Global Secrets + summary: Get global Secrets for application + description: Retrieves all global Secrets for the specified application + operationId: CSGlobalFetch parameters: - name: appId in: path required: true schema: type: integer - - name: envId - in: path - required: true - schema: - type: integer - - name: id - in: path - required: true - schema: - type: integer - - name: name - in: query - required: true - schema: - type: string + example: 123 responses: '200': - description: Successfully deleted ConfigMap + description: Global Secrets retrieved successfully content: application/json: schema: - type: boolean + allOf: + - $ref: '#/components/schemas/ApiResponse' + - type: object + properties: + result: + $ref: '#/components/schemas/ConfigsList' '400': - description: Bad request + description: Invalid application ID content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '401': - description: Unauthorized user + description: Unauthorized content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/global/cs: - post: - description: Create or update a global Secret - operationId: CSGlobalAddUpdate - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - responses: - '200': - description: Successfully created/updated Secret - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user + description: Forbidden content: application/json: schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized + $ref: '#/components/schemas/ErrorResponse' + '404': + description: Application not found content: application/json: schema: - $ref: '#/components/schemas/Error' + $ref: '#/components/schemas/ErrorResponse' '500': description: Internal server error content: application/json: schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/environment/cs: - post: - description: Create or update an environment-specific Secret - operationId: CSEnvironmentAddUpdate - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - responses: - '200': - description: Successfully created/updated Secret - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/global/cs/{appId}: - get: - description: Get all global Secrets for an application - operationId: CSGlobalFetch - parameters: - - name: appId - in: path - required: true - schema: - type: integer - responses: - '200': - description: Successfully retrieved Secrets - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/environment/cs/{appId}/{envId}: - get: - description: Get all environment-specific Secrets for an application - operationId: CSEnvironmentFetch - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: envId - in: path - required: true - schema: - type: integer - responses: - '200': - description: Successfully retrieved Secrets - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/global/cs/edit/{appId}/{id}: - get: - description: Get a global Secret for editing - operationId: CSGlobalFetchForEdit - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: id - in: path - required: true - schema: - type: integer - - name: name - in: query - required: true - schema: - type: string - responses: - '200': - description: Successfully retrieved Secret - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/environment/cs/edit/{appId}/{envId}/{id}: - get: - description: Get an environment-specific Secret for editing - operationId: CSEnvironmentFetchForEdit - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: envId - in: path - required: true - schema: - type: integer - - name: id - in: path - required: true - schema: - type: integer - - name: name - in: query - required: true - schema: - type: string - responses: - '200': - description: Successfully retrieved Secret - content: - application/json: - schema: - $ref: '#/components/schemas/ConfigDataRequest' - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/global/cs/{appId}/{id}: - delete: - description: Delete a global Secret - operationId: CSGlobalDelete - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: id - in: path - required: true - schema: - type: integer - - name: name - in: query - required: true - schema: - type: string - responses: - '200': - description: Successfully deleted Secret - content: - application/json: - schema: - type: boolean - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/environment/cs/{appId}/{envId}/{id}: - delete: - description: Delete an environment-specific Secret - operationId: CSEnvironmentDelete - parameters: - - name: appId - in: path - required: true - schema: - type: integer - - name: envId - in: path - required: true - schema: - type: integer - - name: id - in: path - required: true - schema: - type: integer - - name: name - in: query - required: true - schema: - type: string - responses: - '200': - description: Successfully deleted Secret - content: - application/json: - schema: - type: boolean - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - - /orchestrator/config/bulk/patch: - post: - description: Bulk patch ConfigMaps and Secrets - operationId: ConfigSecretBulkPatch - requestBody: - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/BulkPatchRequest' - responses: - '200': - description: Successfully patched ConfigMaps and Secrets - content: - application/json: - schema: - type: boolean - '400': - description: Bad request - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '401': - description: Unauthorized user - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '403': - description: Forbidden, user is not authorized - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - '500': - description: Internal server error - content: - application/json: - schema: - $ref: '#/components/schemas/Error' - -components: - schemas: - ConfigDataRequest: - type: object - required: - - appId - - userId - - configData - properties: - id: - type: integer - description: ID of the ConfigMap/Secret - appId: - type: integer - description: ID of the application - userId: - type: integer - description: ID of the user making the request - environmentId: - type: integer - description: ID of the environment (for environment-specific ConfigMaps/Secrets) - configData: - type: array - items: - $ref: '#/components/schemas/ConfigData' - - ConfigData: - type: object - required: - - name - - type - properties: - id: - type: integer - description: ID of the ConfigMap/Secret - name: - type: string - description: Name of the ConfigMap/Secret - type: - type: string - enum: [CONFIGMAP, SECRET] - description: Type of the configuration (ConfigMap or Secret) - external: - type: boolean - description: Whether this is an external ConfigMap/Secret - data: - type: object - additionalProperties: - type: string - description: Key-value pairs for the ConfigMap/Secret - mountPath: - type: string - description: Path where the ConfigMap/Secret should be mounted - subPath: - type: string - description: Subpath within the mount path - filePermission: - type: string - description: File permissions for the mounted ConfigMap/Secret - externalSecretType: - type: string - description: Type of external secret (for Secrets only) - roleARN: - type: string - description: ARN of the role to use for external secrets (for Secrets only) - externalSecret: - type: array - items: - $ref: '#/components/schemas/ExternalSecret' - description: External secret configuration (for Secrets only) - - ExternalSecret: - type: object - required: - - name - - key - properties: - name: - type: string - description: Name of the external secret - key: - type: string - description: Key in the external secret store - property: - type: string - description: Property to extract from the external secret - isBinary: - type: boolean - description: Whether the secret value is binary - - BulkPatchRequest: - type: object - required: - - userId - - global - properties: - userId: - type: integer - description: ID of the user making the request - global: - type: boolean - description: Whether to patch global or environment-specific ConfigMaps/Secrets - appId: - type: integer - description: ID of the application - environmentId: - type: integer - description: ID of the environment (for environment-specific patches) - configData: - type: array - items: - $ref: '#/components/schemas/ConfigData' - - Error: - type: object - required: - - code - - message - properties: - code: - type: integer - description: Error code - message: - type: string - description: Error message + $ref: '#/components/schemas/ErrorResponse'