DirectTrustRelationship

edit

The trust relationship with entities trusted directly having their certificate bundled together with the trust settings.

Properties

edit
additional_node_names (array[string])
A list of node names trusted in addition to those deducible from trust_allowlist and scope id. Allows trusting nodes that don't have a scoped name at the cost of maintaining the list. Mandatory if scope id is not defined. Wildcards are not allowed.
certificates (array[TrustedCertificate], required)
The public ca certificate(s) to trust. Only one is required, but it is possible to specify multiple certificates in order to facilitate key rotation.
name (string, required)
a human readable name of the trust relationship
scope_id (string)

A lowercase alphanumerical string of max 32 characters. Usually an organization id or an environment id, but could really be any suitable suffix for clusters using the CA certificate of this trust. Required unless trust_all is false and trust_allowlist is empty.

Example: "abc123"

trust_all (boolean, required)
If true, scope_id is required and the trust_allowlist is ignored and all clusters matching the scope id will be trusted.
trust_allowlist (array[string])
The list of clusters with matching scope to trust. Only used when trust_all is false. Providing one or more clusters makes scope_id mandatory.
type (string; allowed values: [ECE, ESS, generic])
The type can either be ESS, ECE or generic. If none is specified, then generic is assumed.
uid (string)
Auto generated identifier for this trust, allows distinguishing between update vs remove and add.

Example

edit
{
   "additional_node_names" : [
      "string"
   ],
   "certificates" : [
      {
         "metadata" : {
            "also_trusted_by" : [
               "string"
            ],
            "fingerprint" : "string",
            "valid_from" : "2019-01-01T00:00:00Z",
            "valid_to" : "2019-01-01T00:00:00Z"
         },
         "pem" : "string"
      }
   ],
   "name" : "string",
   "scope_id" : "string",
   "trust_all" : true,
   "trust_allowlist" : [
      "string"
   ],
   "type" : "string",
   "uid" : "string"
}