diff --git a/cloud-controlplane/cloud-controlplane.yaml b/cloud-controlplane/cloud-controlplane.yaml index ecc9c92..a3b07da 100644 --- a/cloud-controlplane/cloud-controlplane.yaml +++ b/cloud-controlplane/cloud-controlplane.yaml @@ -24,7 +24,8 @@ components: properties: allowed_principals: description: The ARN of the principals that can access the Redpanda AWS PrivateLink Endpoint Service. To grant permissions to all principals, use an asterisk (*). - example: arn:aws:iam::account-number-without-hyphens:user/username or arn:aws:iam::account-number-without-hyphens:root + example: + - arn:aws:iam::account-number-without-hyphens:user/username or arn:aws:iam::account-number-without-hyphens:root items: type: string type: array @@ -100,7 +101,8 @@ components: properties: allowed_principals: description: The ARN of the principals that can access Redpanda AWS PrivateLink Endpoint Service. To grant permissions to all principals, use an asterisk (*). - example: arn:aws:iam::account-number-without-hyphens:user/username or arn:aws:iam::account-number-without-hyphens:root + example: + - arn:aws:iam::account-number-without-hyphens:user/username or arn:aws:iam::account-number-without-hyphens:root items: type: string type: array @@ -133,7 +135,8 @@ components: properties: allowed_subscriptions: description: The subscriptions that can access the Redpanda Azure PrivateLink Endpoint Service. To grant permissions to all principals, use an asterisk (*). - example: 4a73b02e-90c1-4d76-af36-5c935dd41e7c + example: + - 4a73b02e-90c1-4d76-af36-5c935dd41e7c items: type: string type: array @@ -212,7 +215,8 @@ components: properties: allowed_subscriptions: description: The subscriptions that can access the Redpanda Azure PrivateLink Endpoint Service. - example: 4a73b02e-90c1-4d76-af36-5c935dd41e7c + example: + - 4a73b02e-90c1-4d76-af36-5c935dd41e7c items: type: string type: array @@ -311,6 +315,12 @@ components: id: description: ID of the cluster. ID is an output from the Create Cluster endpoint and cannot be set by the caller. type: string + internet_gateways: + description: InternetGateway information of the cluster. + items: + type: string + readOnly: true + type: array kafka_api: $ref: '#/components/schemas/Cluster.KafkaAPI' kafka_connect: @@ -379,6 +389,8 @@ components: $ref: '#/components/schemas/Cluster.CloudStorage.Azure' gcp: $ref: '#/components/schemas/Cluster.CloudStorage.GCP' + skip_destroy: + type: boolean type: object Cluster.CloudStorage.AWS: properties: @@ -393,6 +405,7 @@ components: - Only IPv4 addresses are allowed. - Private IP address ranges as defined in RFC 1918 are not allowed. + - Private IP address ranges as defined in RFC 6598 are not allowed. - Small address ranges using "/31" or "/32" prefix sizes are not supported. These ranges should be configured using individual IP address rules without prefix specified. @@ -589,6 +602,8 @@ components: $ref: '#/components/schemas/ClusterCreate.CloudStorage.Azure' gcp: $ref: '#/components/schemas/ClusterCreate.CloudStorage.GCP' + skip_destroy: + type: boolean type: object ClusterCreate.CloudStorage.AWS: type: object @@ -600,6 +615,7 @@ components: - Only IPv4 addresses are allowed. - Private IP address ranges as defined in RFC 1918 are not allowed. + - Private IP address ranges as defined in RFC 6598 are not allowed. - Small address ranges using "/31" or "/32" prefix sizes are not supported. These ranges should be configured using individual IP address rules without prefix specified. @@ -694,6 +710,8 @@ components: $ref: '#/components/schemas/ClusterUpdate.CloudStorage.Azure' gcp: $ref: '#/components/schemas/ClusterUpdate.CloudStorage.GCP' + skip_destroy: + type: boolean type: object ClusterUpdate.CloudStorage.AWS: type: object @@ -705,6 +723,7 @@ components: - Only IPv4 addresses are allowed. - Private IP address ranges as defined in RFC 1918 are not allowed. + - Private IP address ranges as defined in RFC 6598 are not allowed. - Small address ranges using "/31" or "/32" prefix sizes are not supported. These ranges should be configured using individual IP address rules without prefix specified. @@ -1144,11 +1163,12 @@ components: description: |- Additional structured details about this error. - Keys should match /[a-zA-Z0-9-_]/ and be limited to 64 characters in + Keys must match a regular expression of `[a-z][a-zA-Z0-9-_]+` but should + ideally be lowerCamelCase. Also, they must be limited to 64 characters in length. When identifying the current value of an exceeded limit, the units should be contained in the key, not the value. For example, rather than - {"instanceLimit": "100/request"}, should be returned as, - {"instanceLimitPerRequest": "100"}, if the client exceeds the number of + `{"instanceLimit": "100/request"}`, should be returned as, + `{"instanceLimitPerRequest": "100"}`, if the client exceeds the number of instances that can be created in a single (batch) request. type: object reason: @@ -1207,6 +1227,17 @@ components: * `emailAddresses[3].type[2]` for a violation in the second `type` value in the third `emailAddresses` message. type: string + localized_message: + $ref: '#/components/schemas/LocalizedMessage' + reason: + description: |- + The reason of the field-level error. This is a constant value that + identifies the proximate cause of the field-level error. It should + uniquely identify the type of the FieldViolation within the scope of the + google.rpc.ErrorInfo.domain. This should be at most 63 + characters and match a regular expression of `[A-Z][A-Z0-9_]+[A-Z0-9]`, + which represents UPPER_SNAKE_CASE. + type: string type: object GCP.Subnet: description: GCP subnet properties. See the official [GCP API reference](https://cloud.google.com/compute/docs/reference/rest/v1/subnetworks). @@ -1679,6 +1710,12 @@ components: maxItems: 100 type: array type: object + ListServerlessRegionsRequest.Filter: + properties: + placement_enabled_only: + description: Only select regions with placement enabled. + type: boolean + type: object ListServerlessRegionsResponse: description: ListServerlessRegionsResponse is the response of ListServerlessRegions. properties: @@ -1736,15 +1773,31 @@ components: maxItems: 100 type: array type: object + LocalizedMessage: + description: |- + Provides a localized error message that is safe to return to the user + which can be attached to an RPC error. + properties: + locale: + title: |- + The locale used following the specification defined at + https://www.rfc-editor.org/rfc/bcp/bcp47.txt. + Examples are: "en-US", "fr-CH", "es-MX" + type: string + message: + description: The localized error message in the above locale. + type: string + type: object MTLSSpec: description: mTLS configuration. properties: ca_certificates_pem: description: CA certificate in PEM format. - example: |- - -----BEGIN CERTIFICATE----- - MII........ - -----END CERTIFICATE----- + example: + - |- + -----BEGIN CERTIFICATE----- + MII........ + -----END CERTIFICATE----- items: type: string type: array @@ -1957,7 +2010,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.CreateNetworkMetadata type: string - - $ref: '#/components/schemas/v1.CreateNetworkMetadata' + - $ref: '#/components/schemas/CreateNetworkMetadata' - allOf: - properties: '@type': @@ -1965,7 +2018,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.DeleteNetworkMetadata type: string - - $ref: '#/components/schemas/v1.DeleteNetworkMetadata' + - $ref: '#/components/schemas/DeleteNetworkMetadata' - allOf: - properties: '@type': @@ -1973,7 +2026,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.CreateClusterMetadata type: string - - $ref: '#/components/schemas/v1.CreateClusterMetadata' + - $ref: '#/components/schemas/CreateClusterMetadata' - allOf: - properties: '@type': @@ -1981,7 +2034,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.UpdateClusterMetadata type: string - - $ref: '#/components/schemas/v1.UpdateClusterMetadata' + - $ref: '#/components/schemas/UpdateClusterMetadata' - allOf: - properties: '@type': @@ -1989,7 +2042,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.DeleteClusterMetadata type: string - - $ref: '#/components/schemas/v1.DeleteClusterMetadata' + - $ref: '#/components/schemas/DeleteClusterMetadata' OperationResponse: description: Response of the long-running Operation. oneOf: @@ -2000,7 +2053,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.CreateClusterResponse type: string - - $ref: '#/components/schemas/v1.CreateClusterResponse' + - $ref: '#/components/schemas/CreateClusterResponse' - allOf: - properties: '@type': @@ -2008,7 +2061,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.UpdateClusterResponse type: string - - $ref: '#/components/schemas/v1.UpdateClusterResponse' + - $ref: '#/components/schemas/UpdateClusterResponse' - allOf: - properties: '@type': @@ -2016,7 +2069,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.DeleteClusterResponse type: string - - $ref: '#/components/schemas/v1.DeleteClusterResponse' + - $ref: '#/components/schemas/DeleteClusterResponse' - allOf: - properties: '@type': @@ -2024,7 +2077,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.CreateNetworkResponse type: string - - $ref: '#/components/schemas/v1.CreateNetworkResponse' + - $ref: '#/components/schemas/CreateNetworkResponse' - allOf: - properties: '@type': @@ -2032,7 +2085,7 @@ components: enum: - type.googleapis.com/redpanda.api.controlplane.v1.DeleteNetworkResponse type: string - - $ref: '#/components/schemas/v1.DeleteNetworkResponse' + - $ref: '#/components/schemas/DeleteNetworkResponse' Organization: properties: auth0_id: @@ -2050,6 +2103,15 @@ components: nullable: true type: string type: object + Placement: + description: Information about creation of new serverless clusters on the serverless region. + properties: + enabled: + description: Tells if new serverless clusters can be currently placed in the serverless region. + readOnly: true + type: boolean + readOnly: true + type: object PlannedDeletion: description: Date after which this cluster can and should be deleted. properties: @@ -2095,6 +2157,20 @@ components: title: status is the status of the Azure PE type: string type: object + PrivateLink.State: + description: |2- + - STATE_DISABLED: Private link is being created. + - STATE_LINKING: Private link is being created. + - STATE_READY: Private link is ready to use. + - STATE_UNLINKING: Private link is being deleted. + - STATE_FAILED: Private link is in an error state. + enum: + - STATE_DISABLED + - STATE_LINKING + - STATE_READY + - STATE_UNLINKING + - STATE_FAILED + type: string PrivateLinkAuthMode: description: |- Private link authentication mode. @@ -2148,6 +2224,22 @@ components: A message type used to describe a single quota violation. For example, a daily quota or a custom quota that was exceeded. properties: + api_service: + description: |- + The API Service from which the `QuotaFailure.Violation` orginates. In + some cases, Quota issues originate from an API Service other than the one + that was called. In other words, a dependency of the called API Service + could be the cause of the `QuotaFailure`, and this field would have the + dependency API service name. + + For example, if the called API is Kubernetes Engine API + (container.googleapis.com), and a quota violation occurs in the + Kubernetes Engine API itself, this field would be + "container.googleapis.com". On the other hand, if the quota violation + occurs when the Kubernetes Engine API creates VMs in the Compute Engine + API (compute.googleapis.com), this field would be + "compute.googleapis.com". + type: string description: description: |- A description of how the quota check failed. Clients can use this @@ -2158,6 +2250,66 @@ components: For example: "Service disabled" or "Daily Limit for read operations exceeded". type: string + future_quota_value: + description: |- + The new quota value being rolled out at the time of the violation. At the + completion of the rollout, this value will be enforced in place of + quota_value. If no rollout is in progress at the time of the violation, + this field is not set. + + For example, if at the time of the violation a rollout is in progress + changing the number of CPUs quota from 10 to 20, 20 would be the value of + this field. + format: int64 + nullable: true + type: string + quota_dimensions: + additionalProperties: + type: string + description: |- + The dimensions of the violated quota. Every non-global quota is enforced + on a set of dimensions. While quota metric defines what to count, the + dimensions specify for what aspects the counter should be increased. + + For example, the quota "CPUs per region per VM family" enforces a limit + on the metric "compute.googleapis.com/cpus_per_vm_family" on dimensions + "region" and "vm_family". And if the violation occurred in region + "us-central1" and for VM family "n1", the quota_dimensions would be, + + { + "region": "us-central1", + "vm_family": "n1", + } + + When a quota is enforced globally, the quota_dimensions would always be + empty. + type: object + quota_id: + description: |- + The id of the violated quota. Also know as "limit name", this is the + unique identifier of a quota in the context of an API service. + + For example, "CPUS-PER-VM-FAMILY-per-project-region". + type: string + quota_metric: + description: |- + The metric of the violated quota. A quota metric is a named counter to + measure usage, such as API requests or CPUs. When an activity occurs in a + service, such as Virtual Machine allocation, one or more quota metrics + may be affected. + + For example, "compute.googleapis.com/cpus_per_vm_family", + "storage.googleapis.com/internet_egress_bandwidth". + type: string + quota_value: + description: |- + The enforced quota value at the time of the `QuotaFailure`. + + For example, if the enforced quota value at the time of the + `QuotaFailure` on the number of CPUs is "10", then the value of this + field would reflect this quantity. + format: int64 + type: string subject: description: |- The subject on which the quota check failed. @@ -2263,6 +2415,11 @@ components: scope: $ref: '#/components/schemas/Scope' type: object + RotateServiceAccountSecretResponse: + properties: + service_account: + $ref: '#/components/schemas/ServiceAccount' + type: object SASLSpec: properties: enabled: @@ -2339,8 +2496,10 @@ components: ServerlessCluster: description: Resource describing a ServerlessCluster. properties: + console: + $ref: '#/components/schemas/ServerlessCluster.Console' console_url: - description: Redpanda Console URL. + readOnly: true type: string created_at: description: Timestamp when the Serverless cluster was created. @@ -2359,6 +2518,8 @@ components: type: string planned_deletion: $ref: '#/components/schemas/PlannedDeletion' + private_link: + $ref: '#/components/schemas/ServerlessCluster.PrivateLink' resource_group_id: description: Resource group ID of the cluster. example: a0b40af9-0250-48ca-9417-783ed127ce42 @@ -2377,12 +2538,12 @@ components: type: string title: ServerlessCluster type: object + ServerlessCluster.Console: + type: object ServerlessCluster.DataplaneAPI: description: Cluster's Data Plane API properties. properties: url: - description: Data Plane API URL. - example: https://api-ab1234l0.cjb69h1c4vs42pca89s0.fmc.prd.cloud.redpanda.com readOnly: true type: string type: object @@ -2396,11 +2557,18 @@ components: readOnly: true type: array type: object + ServerlessCluster.PrivateLink: + properties: + id: + type: string + state: + $ref: '#/components/schemas/PrivateLink.State' + type: object ServerlessCluster.SchemaRegistryStatus: description: Cluster's Schema Registry properties. properties: url: - description: Schema Registry URL. + readOnly: true type: string type: object ServerlessCluster.State: @@ -2453,6 +2621,8 @@ components: description: Unique name of the Serverless region. example: int-eu-west-1 type: string + placement: + $ref: '#/components/schemas/Placement' title: ServerlessRegion type: object ServiceAccount: @@ -2696,8 +2866,14 @@ components: $ref: '#/components/schemas/UAISpec' redpanda_cluster_assigned_identity: $ref: '#/components/schemas/UAISpec' + redpanda_connect_api_assigned_identity: + $ref: '#/components/schemas/UAISpec' + redpanda_connect_assigned_identity: + $ref: '#/components/schemas/UAISpec' redpanda_console_assigned_identity: $ref: '#/components/schemas/UAISpec' + redpanda_operator_assigned_identity: + $ref: '#/components/schemas/UAISpec' required: - agent_user_assigned_identity - aks_user_assigned_identity @@ -2706,6 +2882,9 @@ components: - external_dns_assigned_identity - redpanda_console_assigned_identity - kafka_connect_assigned_identity + - redpanda_connect_assigned_identity + - redpanda_connect_api_assigned_identity + - redpanda_operator_assigned_identity title: User Assigned Identities type: object UserInvite: @@ -3134,6 +3313,7 @@ paths: sasl: null url: https://pandaproxy-aa0000l0.cjd3r21c4vs870t0ku30.fmc.prd.cloud.redpanda.com:9092 id: cjd3r21c4vs870t0ku30 + internet_gateways: [] kafka_api: all_seed_brokers: null mtls: null @@ -3468,6 +3648,7 @@ paths: sasl: null url: https://pandaproxy-aa0000l0.cjd3r21c4vs870t0ku30.fmc.prd.cloud.redpanda.com:9092 id: cjd3r21c4vs870t0ku30 + internet_gateways: [] kafka_api: all_seed_brokers: null mtls: null @@ -3862,6 +4043,7 @@ paths: sasl: null url: https://pandaproxy-aa0000l0.cjb69h1c4vs42pca89s0.fmc.prd.cloud.redpanda.com:9092 id: cjb69h1c4vs42pca89s0 + internet_gateways: [] kafka_api: all_seed_brokers: null mtls: null @@ -3986,6 +4168,7 @@ paths: sasl: null url: https://pandaproxy-aa0000l0.cjb69h1c4vs42pca89s0.fmc.prd.cloud.redpanda.com:9092 id: cjb69h1c4vs42pca89s0 + internet_gateways: [] kafka_api: all_seed_brokers: null mtls: null @@ -4841,6 +5024,11 @@ paths: - CLOUD_PROVIDER_GCP - CLOUD_PROVIDER_AZURE type: string + - description: Only select regions with placement enabled. + in: query + name: filter.placement_enabled_only + schema: + type: boolean - description: Limit the paginated response to a number of items. in: query name: page_size @@ -5097,6 +5285,44 @@ paths: summary: Get Service Account Credentials tags: - Control Plane Service Accounts + /v1/service-accounts/{id}/rotate-secret: + get: + description: Rotates the service account's secret and returns the updated service account along with the secret. + operationId: ServiceAccountService_RotateServiceAccountSecret + parameters: + - in: path + name: id + required: true + schema: + type: string + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/RotateServiceAccountSecretResponse' + description: Ok + "404": + content: + application/json: + schema: + $ref: '#/components/schemas/rpc.Status' + description: Not Found + "500": + content: + application/json: + schema: + $ref: '#/components/schemas/rpc.Status' + description: Internal Server Error. Reach out to support. + default: + content: + application/json: + schema: + $ref: '#/components/schemas/rpc.Status' + description: An unexpected error response. + summary: Rotate Service Account Secret + tags: + - Control Plane Service Accounts /v1/user-invites: get: description: List user invites to your Redpanda Cloud organization. @@ -5407,6 +5633,7 @@ tags: name: Resource Groups - description: Manage [Redpanda Serverless](https://docs.redpanda.com/redpanda-cloud/get-started/cloud-overview/#redpanda-cloud-cluster-types) clusters. For detailed steps, see [Use the Control Plane API with Serverless](https://docs.redpanda.com/redpanda-cloud/manage/api/cloud-serverless-controlplane-api/). name: Serverless Clusters + - name: ServerlessPrivateLinkService - description: See available Redpanda Serverless regions. name: Serverless Regions - description: See information about the organization the current user belongs to.