Repository: kiwigrid/helm-charts Branch: master Commit: 01c942ae9f9d Files: 333 Total size: 898.4 KB Directory structure: gitextract_8u9zkvau/ ├── .github/ │ ├── ISSUE_TEMPLATE.md │ ├── PULL_REQUEST_TEMPLATE.md │ ├── check-for-chart-changes.sh │ ├── config.yml │ ├── ct.yaml │ ├── deploy-chart.sh │ ├── kind-config.yaml │ ├── kubeval.sh │ ├── lint-scripts.sh │ ├── stale.yml │ └── workflows/ │ ├── ci.yaml │ └── deploy.yaml ├── .gitignore ├── LICENSE ├── README.md └── charts/ ├── any-resource/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── any-resources.yaml │ └── values.yaml ├── ditto-digital-twins/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── nginx-config/ │ │ ├── index.html │ │ ├── nginx-cors.conf │ │ └── nginx.htpasswd │ ├── openapi/ │ │ ├── ditto-api-1.yml │ │ └── ditto-api-2.yml │ ├── requirements.yaml │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── concierge-deployment.yaml │ │ ├── concierge-networkpolicy.yaml │ │ ├── concierge-pdb.yaml │ │ ├── connectivity-deployment.yaml │ │ ├── connectivity-networkpolicy.yaml │ │ ├── connectivity-pdb.yaml │ │ ├── gateway-deployment.yaml │ │ ├── gateway-networkpolicy.yaml │ │ ├── gateway-pdb.yaml │ │ ├── gateway-secret.yaml │ │ ├── gateway-service.yaml │ │ ├── mongodb-secret.yaml │ │ ├── nginx-config.yaml │ │ ├── nginx-configmap.yaml │ │ ├── nginx-deployment.yaml │ │ ├── nginx-ingress.yaml │ │ ├── nginx-service.yaml │ │ ├── policies-deployment.yaml │ │ ├── policies-networkpolicy.yaml │ │ ├── policies-pdb.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── serviceaccount.yaml │ │ ├── swaggerui-config.yaml │ │ ├── swaggerui-deployment.yaml │ │ ├── swaggerui-networkpolicy.yaml │ │ ├── swaggerui-pdb.yaml │ │ ├── swaggerui-service.yaml │ │ ├── things-deployment.yaml │ │ ├── things-networkpolicy.yaml │ │ ├── things-pdb.yaml │ │ ├── thingssearch-deployment.yaml │ │ ├── thingssearch-networkpolicy.yaml │ │ └── thingssearch-pdb.yaml │ └── values.yaml ├── enmasse/ │ ├── .helmignore │ ├── Chart.yaml │ ├── ci/ │ │ └── test-values.yaml │ ├── requirements.yaml │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── api-server-cert-secret.yaml │ │ ├── api-service-v1alpha1-enmasse-io.yaml │ │ ├── api-service-v1alpha1-user-enmasse-io.yaml │ │ ├── api-service-v1beta1-enmasse-io.yaml │ │ ├── api-service-v1beta1-user-enmasse-io.yaml │ │ ├── cluster-role-api-server.yaml │ │ ├── cluster-role-binding-api-server.yaml │ │ ├── cluster-role-binding-enmasse-operator.yaml │ │ ├── cluster-role-binding-standard-authservice.yaml │ │ ├── cluster-role-enmasse-operator.yaml │ │ ├── cluster-role-standard-authservice.yaml │ │ ├── deployment-address-space-controller.yaml │ │ ├── deployment-api-server.yaml │ │ ├── deployment-enmasse-operator.yaml │ │ ├── role-address-space-admin.yaml │ │ ├── role-address-space-controller.yaml │ │ ├── role-api-server.yaml │ │ ├── role-binding-address-space-admin.yaml │ │ ├── role-binding-address-space-controller.yaml │ │ ├── role-binding-api-server.yaml │ │ ├── role-binding-enmasse-operator.yaml │ │ ├── role-enmasse-operator.yaml │ │ ├── service-account-address-space-admin.yaml │ │ ├── service-account-address-space-controller.yaml │ │ ├── service-account-api-server.yaml │ │ ├── service-account-enmasse-operator.yaml │ │ ├── service-account-standard-authservice.yaml │ │ ├── service-address-space-controller.yaml │ │ └── service-api-server.yaml │ └── values.yaml ├── enmasse-crd/ │ ├── .helmignore │ ├── Chart.yaml │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── addressplans.crd.yaml │ │ ├── addressspaceplans.crd.yaml │ │ ├── authenticationservices.crd.yaml │ │ ├── brokeredinfraconfigs.crd.yaml │ │ ├── consoleservices.crd.yaml │ │ ├── iotconfigs.crd.yaml │ │ ├── iotprojects.crd.yaml │ │ └── standardinfraconfigs.crd.yaml │ └── values.yaml ├── error-pages/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ └── service.yaml │ └── values.yaml ├── fluentd-elasticsearch/ │ ├── Chart.yaml │ ├── OWNERS │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrole.yaml │ │ ├── clusterrolebinding.yaml │ │ ├── configmaps.yaml │ │ ├── daemonset.yaml │ │ ├── metrics-service.yaml │ │ ├── pod-security-policy.yaml │ │ ├── prometheusrule.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service-account.yaml │ │ ├── service.yaml │ │ └── servicemonitor.yaml │ └── values.yaml ├── gcp-serviceaccount-controller/ │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── gcpnamespacerestriction_crd.yaml │ │ ├── gcpserviceaccount_crd.yaml │ │ ├── rbac_role.yaml │ │ ├── rbac_role_binding.yaml │ │ ├── secret.yaml │ │ ├── service.yaml │ │ └── stateful_set.yaml │ └── values.yaml ├── grafana-dashboards/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── dashboards/ │ │ └── grafana-dummy-dashboard.json │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── configmap.yaml │ └── values.yaml ├── graphite/ │ ├── .helmignore │ ├── Chart.yaml │ ├── OWNERS │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap-statsd.yaml │ │ ├── configmap.yaml │ │ ├── ingress.yaml │ │ ├── pvc.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── statefulset.yaml │ └── values.yaml ├── hawkbit-update-server/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── requirements.yaml │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── poddisruptionbudget.yaml │ │ ├── secrets.yaml │ │ ├── service.yaml │ │ └── tests/ │ │ └── test-connection.yaml │ └── values.yaml ├── influxdb-backup/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci/ │ │ └── test-values.yaml │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── cronjob.yaml │ │ ├── pvc.yaml │ │ └── secrets.yaml │ └── values.yaml ├── ingress-annotator/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ ├── rbac_role.yaml │ │ ├── rbac_role_binding.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── keycloak-controller/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── deployment.yaml │ │ └── rbac/ │ │ ├── role.yaml │ │ ├── role_binding.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── kubernetes-policy-controller/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── clusterrolebinding.yaml │ │ ├── deployment.yaml │ │ ├── matches-configmap.yaml │ │ ├── policymatches-configmap.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service.yaml │ │ └── webhookconfiguration.yaml │ └── values.yaml ├── prometheus-pingdom-exporter/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── secret.yaml │ │ └── service.yaml │ └── values.yaml ├── prometheus-thanos/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── ci/ │ │ └── test-values.yaml │ ├── requirements.yaml │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── bucket-web/ │ │ │ ├── deployment.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ │ ├── compactor/ │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── statefulset.yaml │ │ ├── querier/ │ │ │ ├── deployment-hpa.yaml │ │ │ ├── deployment.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ │ ├── query-frontend/ │ │ │ ├── deployment-hpa.yaml │ │ │ ├── deployment.yaml │ │ │ ├── service.yaml │ │ │ └── serviceaccount.yaml │ │ ├── receiver/ │ │ │ ├── hashring-configmap.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── statefulset.yaml │ │ ├── ruler/ │ │ │ ├── clusterrole.yaml │ │ │ ├── clusterrolebinding.yaml │ │ │ ├── configmap.yaml │ │ │ ├── service.yaml │ │ │ ├── serviceaccount.yaml │ │ │ └── statefulset.yaml │ │ └── store-gateway/ │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── statefulset-hpa.yaml │ │ └── statefulset.yaml │ └── values.yaml ├── pull-secret-distributor/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── cluster-role.yaml │ │ ├── cluster-rolebinding.yaml │ │ ├── deployment.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── secret-replicator/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── cluster-role.yaml │ │ ├── cluster-rolebinding.yaml │ │ ├── deployment.yaml │ │ └── serviceaccount.yaml │ └── values.yaml ├── spring-cloud-config-server/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── secret.yaml │ │ └── service.yaml │ └── values.yaml ├── stackdriver-exporter/ │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates/ │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── gcpserviceaccount.yaml │ │ └── secret.yaml │ └── values.yaml └── zipkin-stackdriver-proxy/ ├── .helmignore ├── Chart.yaml ├── README.md ├── templates/ │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ └── service.yaml └── values.yaml ================================================ FILE CONTENTS ================================================ ================================================ FILE: .github/ISSUE_TEMPLATE.md ================================================ **Is this a request for help?**: --- **Is this a BUG REPORT or FEATURE REQUEST?** (choose one): **Version of Helm and Kubernetes**: **Which chart in which version**: **What happened**: **What you expected to happen**: **How to reproduce it** (as minimally and precisely as possible): **Anything else we need to know**: ================================================ FILE: .github/PULL_REQUEST_TEMPLATE.md ================================================ #### What this PR does / why we need it: #### Which issue this PR fixes *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)* - fixes # #### Special notes for your reviewer: #### Checklist [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] - [ ] [DCO](https://developercertificate.org) signed - [ ] Chart Version bumped (if the pr is an update to an existing chart) - [ ] Variables are documented in the README.md - [ ] Title of the PR starts with chart name (e.g. `[fluentd-elasticsearch]`) ================================================ FILE: .github/check-for-chart-changes.sh ================================================ #!/bin/bash # # check for chart changes to speedup ci # set -x set -o errexit set -o pipefail echo "Check for chart changes to speedup ci..." CHART_CHANGES="$(git diff --find-renames --name-only "$(git rev-parse --abbrev-ref HEAD)" remotes/origin/master -- charts)" if [ -z "${CHART_CHANGES}" ]; then echo -e "\n\n Error! No chart changes detected! Exiting... \n" exit 1 else echo -e "\nChanges found in:" echo "${CHART_CHANGES}" echo -e "\nContinue with next job... \n" fi ================================================ FILE: .github/config.yml ================================================ # Configuration for request-info - https://github.com/behaviorbot/request-info # *OPTIONAL* Comment to reply with # Can be either a string : # requestInfoReplyComment: > # We would appreciate it if you could provide us with more info about this issue/pr! # Or an array: requestInfoReplyComment: - Ah no! young blade! That was a trifle short! - Tell me more ! - I am sure you can be more effusive ;-) # *OPTIONAL* default titles to check against for lack of descriptiveness # MUST BE ALL LOWERCASE requestInfoDefaultTitles: - Update README.md # *OPTIONAL* Label to be added to Issues and Pull Requests with insufficient information given requestInfoLabelToAdd: needs-more-info # *OPTIONAL* Require Issues to contain more information than what is provided in the issue templates # Will fail if the issue's body is equal to a provided template checkIssueTemplate: true # *OPTIONAL* Require Pull Requests to contain more information than what is provided in the PR template # Will fail if the pull request's body is equal to the provided template checkPullRequestTemplate: true # # *OPTIONAL* Only warn about insufficient information on these events type # # Keys must be lowercase. Valid values are 'issue' and 'pullRequest' # requestInfoOn: # pullRequest: true # issue: true # # *OPTIONAL* Add a list of people whose Issues/PRs will not be commented on # # keys must be GitHub usernames # requestInfoUserstoExclude: # - monotek # - axdotl ================================================ FILE: .github/ct.yaml ================================================ helm-extra-args: --timeout 1200s check-version-increment: true debug: true chart-repos: - kiwigrid=https://kiwigrid.github.io/ - minio=https://helm.min.io ================================================ FILE: .github/deploy-chart.sh ================================================ #!/bin/bash # # deploy kiwigrid charts to kiwigrid.github.io # set -x set -o errexit set -o pipefail CHART_DIR="charts" CHART_REPO="git@github.com:kiwigrid/kiwigrid.github.io.git" REPO_DIR="kiwigrid.github.io" REPO_ROOT="$(git rev-parse --show-toplevel)" TMP_DIR="tmp" # needed for github actions as home dir would be /github/home/ otherwise HOME="/home/gkh" # ssh config mkdir -p /home/gkh/.ssh echo "${SSH_PRIVATE_KEY}" > /home/gkh/.ssh/id_rsa chmod 600 /home/gkh/.ssh/id_rsa ssh-keyscan github.com >> /home/gkh/.ssh/known_hosts # get kiwigrid.github.io test -d "${REPO_ROOT}"/"${REPO_DIR}" && rm -rf "${REPO_ROOT:=?}"/"${REPO_DIR:=?}" git clone "${CHART_REPO}" "${REPO_ROOT}"/"${REPO_DIR}" # get not builded charts while read -r FILE; do echo "check file ${FILE}" if [ ! -f "${REPO_ROOT}/${REPO_DIR}/$(yq r - name < "${FILE}")-$(yq r - version < "${FILE}").tgz" ]; then echo "append chart ${FILE}" CHARTS="${CHARTS} $(yq r - name < "${FILE}")" fi done < <(find "${REPO_ROOT}/${CHART_DIR}" -maxdepth 2 -mindepth 2 -type f -name "[Cc]hart.yaml") if [ -z "${CHARTS}" ]; then echo "no chart changes... so no chart build and upload needed... exiting..." exit 0 fi # set original file dates ( cd "${REPO_ROOT}"/"${REPO_DIR}" || exit while read -r FILE; do ORG_FILE_TIME=$(git log --pretty=format:%cd --date=format:'%y%m%d%H%M' "${FILE}" | tail -n 1) echo "set original time ${ORG_FILE_TIME} to ${FILE}" touch -c -t "${ORG_FILE_TIME}" "${FILE}" done < <(git ls-files charts) ) # preserve dates in index.yaml by moving old charts and index out of the repo before packaging the new version mkdir -p "${REPO_ROOT}"/"${TMP_DIR}" mv "${REPO_ROOT}"/"${REPO_DIR}"/index.yaml "${REPO_ROOT}"/"${TMP_DIR}" || true mv "${REPO_ROOT}"/"${REPO_DIR}"/*.tgz "${REPO_ROOT}"/"${TMP_DIR}" #add helm repos if ! helm repo list | grep -q "^stable"; then helm repo add stable https://kubernetes-charts.storage.googleapis.com fi helm repo add kiwigrid https://kiwigrid.github.io helm repo add minio https://helm.min.io helm repo update # build helm dependencies for all charts find "${REPO_ROOT}"/"${CHART_DIR}" -mindepth 1 -maxdepth 1 -type d -exec helm dependency build {} \; # package only changed charts for CHART in ${CHARTS}; do echo "building ${CHART} chart..." helm package "${REPO_ROOT}"/"${CHART_DIR}"/"${CHART}" --destination "${REPO_ROOT}"/"${REPO_DIR}" done # Create index and merge with previous index which contains the non-changed charts helm repo index --merge "${REPO_ROOT}"/"${TMP_DIR}"/index.yaml --url https://"${REPO_DIR}" "${REPO_ROOT}"/"${REPO_DIR}" # move old charts back into git repo mv "${REPO_ROOT}"/"${TMP_DIR}"/*.tgz "${REPO_ROOT}"/"${REPO_DIR}" # push changes to github cd "${REPO_ROOT}"/"${REPO_DIR}" git config --global user.email "ci@kiwigrid-robot.com" git config --global user.name "kiwigrid-ci-bot" git add --all . git commit -m "Push Kiwigrid charts via Github action build nr. ${GITHUB_RUN_NUMBER}" git push --set-upstream origin master ================================================ FILE: .github/kind-config.yaml ================================================ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: # the control plane node config - role: control-plane # the 2 workers - role: worker - role: worker ================================================ FILE: .github/kubeval.sh ================================================ #!/bin/bash # # use kubeval to validate helm generated kubernetes manifest # set -x set -o errexit set -o pipefail CHART_DIRS="$(git diff --find-renames --name-only "$(git rev-parse --abbrev-ref HEAD)" remotes/origin/master -- charts | grep '[cC]hart.yaml' | sed -e 's#/[Cc]hart.yaml##g')" HELM_VERSION="v3.1.2" KUBEVAL_VERSION="0.15.0" SCHEMA_LOCATION="https://raw.githubusercontent.com/instrumenta/kubernetes-json-schema/master/" # install helm curl --silent --show-error --fail --location --output get_helm.sh https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get chmod 700 get_helm.sh ./get_helm.sh --version "${HELM_VERSION}" # install kubeval curl --silent --show-error --fail --location --output /tmp/kubeval.tar.gz https://github.com/instrumenta/kubeval/releases/download/"${KUBEVAL_VERSION}"/kubeval-linux-amd64.tar.gz sudo tar -C /usr/local/bin -xf /tmp/kubeval.tar.gz kubeval # validate charts for CHART_DIR in ${CHART_DIRS};do echo "helm dependency build..." helm dependency build "${CHART_DIR}" echo "kubeval(idating) ${CHART_DIR##charts/} chart..." helm template "${CHART_DIR}" | kubeval --strict --ignore-missing-schemas --kubernetes-version "${KUBERNETES_VERSION#v}" --schema-location "${SCHEMA_LOCATION}" done ================================================ FILE: .github/lint-scripts.sh ================================================ #!/bin/sh # # lint bash scripts # set -x set -o errexit CONFIG_DIR=".github" TMP_FILE="$(mktemp)" find "${CONFIG_DIR}" -type f -name "*.sh" > "${TMP_FILE}" while read -r FILE; do echo lint "${FILE}" shellcheck -x "${FILE}" done < "${TMP_FILE}" ================================================ FILE: .github/stale.yml ================================================ # Number of days of inactivity before an issue becomes stale daysUntilStale: 60 # Number of days of inactivity before a stale issue is closed daysUntilClose: 7 # Issues with these labels will never be considered stale exemptLabels: - pinned - security # Label to use when marking an issue as stale staleLabel: wontfix # Comment to post when marking an issue as stale. Set to `false` to disable markComment: > This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. # Comment to post when closing a stale issue. Set to `false` to disable closeComment: false ================================================ FILE: .github/workflows/ci.yaml ================================================ name: ci on: pull_request: env: helm-version: "v3.9.0" kubeval-version: "v0.16.1" jobs: lint-bash-scripts: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Lint Bash scripts uses: docker://koalaman/shellcheck-alpine:v0.7.0 with: args: .github/lint-scripts.sh check-for-chart-changes: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Fetch history run: git fetch --prune --unshallow - name: Check for chart changes run: .github/check-for-chart-changes.sh lint-chart: runs-on: ubuntu-latest needs: check-for-chart-changes steps: - name: Checkout uses: actions/checkout@v2 - name: Fetch history run: git fetch --prune --unshallow - name: Run chart-testing (lint) uses: helm/chart-testing-action@main with: command: lint config: .github/ct.yaml kubeval-chart: runs-on: ubuntu-20.04 needs: - lint-chart strategy: matrix: k8s: - v1.21.10 - v1.22.7 - v1.23.5 steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up Helm uses: azure/setup-helm@v3.1 with: version: "${{ env.helm-version }}" - name: Run kubeval env: KUBERNETES_VERSION: ${{ matrix.k8s }} KUBEVAL_VERSION: "${{ env.kubeval-version }}" run: .github/kubeval.sh install-chart: name: install-chart runs-on: ubuntu-latest needs: - lint-chart - kubeval-chart strategy: matrix: k8s: - v1.21.10 - v1.22.7 - v1.23.5 steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Set up Helm uses: azure/setup-helm@v3.1 with: version: "${{ env.helm-version }}" - uses: actions/setup-python@v4.1.0 with: python-version: 3.7 - name: Set up chart-testing uses: helm/chart-testing-action@v2.2.1 - name: Run chart-testing (list-changed) id: list-changed run: | changed=$(ct list-changed --config .github/ct.yaml) if [[ -n "$changed" ]]; then echo "::set-output name=changed::true" fi - name: Create kind cluster uses: helm/kind-action@v1.3.0 if: steps.list-changed.outputs.changed == 'true' with: config: .github/kind-config.yaml node_image: kindest/node:${{ matrix.k8s }} - name: Run chart-testing (install) run: ct install --config .github/ct.yaml ================================================ FILE: .github/workflows/deploy.yaml ================================================ name: deploy on: push: branches: [master] jobs: deploy-chart: name: deploy-chart runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v2 - name: Fetch history run: git fetch --prune --unshallow - name: Lint Bash scripts uses: docker://koalaman/shellcheck-alpine:v0.7.0 with: args: /github/workspace/.github/lint-scripts.sh - name: Set user permissions run: chmod -R 777 /home/runner/work - name: Deploy Helm chart env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_KIWIGRID_GITHUB_IO }} uses: docker://kiwigrid/gcloud-kubectl-helm:2.16.1-272.0.0-184 with: args: /github/workspace/.github/deploy-chart.sh ================================================ FILE: .gitignore ================================================ *.tgz .ci/test.sh charts/*/charts charts/*/requirements.lock kiwigrid.github.io tmp ================================================ FILE: LICENSE ================================================ MIT License Copyright (c) 2018 Kiwigrid GmbH Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: README.md ================================================ # Kiwigrid Helm charts [![Github Action](https://github.com/kiwigrid/helm-charts/workflows/deploy/badge.svg)](https://github.com/kiwigrid/helm-charts/actions) ## Add repo ```console $ helm repo add kiwigrid https://kiwigrid.github.io ``` ## Support * Please don't write mails directly to the maintainers. * Use the Github issue tracker instead. ## Adding charts * Use a fork of this repo * Always sign your commits (git commit -s -m 'usefull commitmessage') * Do NOT touch default (master) branch in any forks * Always create new branches to work on * Create a Github pull request and fill out the PR template * Follow Helm best practices: [https://docs.helm.sh/chart_best_practices](https://docs.helm.sh/chart_best_practices) ================================================ FILE: charts/any-resource/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *~ # Various IDEs .project .idea/ *.tmproj .vscode/ ================================================ FILE: charts/any-resource/Chart.yaml ================================================ apiVersion: v1 appVersion: "0.1.0" description: A Helm chart to bring any kind of resources in a k8s cluster name: any-resource version: 0.1.0 home: https://github.com/kiwigrid/helm-charts maintainers: - name: axdotl email: axel.koehler@kiwigrid.com ================================================ FILE: charts/any-resource/README.md ================================================ # A Helm Chart for any Kind of Resources The purpose of this chart is to become able to manage every installed resources in a Kubernetes cluster via HELM. For example: * Global secrets (e.g. TLS certs or `imagePullSecrets`) * ConfigMaps (e.g. grafana-dashboards, see https://github.com/helm/charts/tree/master/stable/grafana#sidecar-for-dashboards) * Custom Resources (e.g. `GcpNamespaceRestriction`, see https://github.com/kiwigrid/gcp-serviceaccount-controller) ## Example Create a file called `custom-values.yaml` with following content: ```yaml anyResources: myPullSecret: |- apiVersion: v1 data: .dockercfg: eyJodHRwczovL215LmRvY2tlci5yZWdpc3RyeSI6eyJ1c2VybmFtZSI6ImRvY2tlciIsInBhc3N3b3JkIjoidW5rbm93biIsImF1dGgiOiJFaWsxYWhrdXVzaG9ocGhpdWY5emFocGhlZVRoYXhhPSJ9fQo= kind: Secret metadata: name: my-pull-secret type: kubernetes.io/dockercfg ``` Install ```console helm upgrade --install my-pull-secret --values custom-values.yaml kiwigrid/any-resource ``` ## Open Issue * HELM standard label support ================================================ FILE: charts/any-resource/templates/NOTES.txt ================================================ Any resources deployed. ================================================ FILE: charts/any-resource/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "any-resource.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "any-resource.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "any-resource.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} ================================================ FILE: charts/any-resource/templates/any-resources.yaml ================================================ {{- if .Values.anyResources -}} {{- range $key, $value := .Values.anyResources -}} {{ $value }} --- {{ end -}} {{ else }} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "any-resource.fullname" . }}-dummy labels: app.kubernetes.io/name: {{ include "any-resource.name" . }} helm.sh/chart: {{ include "any-resource.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} data: foo: bar {{- end -}} ================================================ FILE: charts/any-resource/values.yaml ================================================ anyResources: {} # exampleResource: |- # apiVersion: v1 # kind: ConfigMap # metadata: # name: example-resource # data: # foo: bar ================================================ FILE: charts/ditto-digital-twins/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *~ # Various IDEs .project .idea/ *.tmproj .vscode/ ================================================ FILE: charts/ditto-digital-twins/Chart.yaml ================================================ apiVersion: v1 appVersion: "1.0.0-M3" description: A Helm chart for Eclipse Ditto name: ditto-digital-twins version: 0.7.1 home: www.eclipse.org/ditto sources: - https://github.com/eclipse/ditto - https://github.com/kiwigrid/helm-charts/tree/master/charts/ditto-digital-twins icon: https://www.eclipse.org/ditto/images/ditto.svg deprecated: true ================================================ FILE: charts/ditto-digital-twins/README.md ================================================ # This chart is deprecated. Ditto is now maintained within the [Eclipse Packages project](https://github.com/eclipse/packages/tree/master/charts/ditto) ## Introduction [Eclipse Ditto™](https://www.eclipse.org/ditto/) is a technology in the IoT implementing a software pattern called “digital twins”. A digital twin is a virtual, cloud based, representation of his real world counterpart (real world “Things”, e.g. devices like sensors, smart heating, connected cars, smart grids, EV charging stations, …). This chart uses `eclipse/ditto-XXX` containers to run Ditto inside Kubernetes. ## Motivation This chart is based on the [Eclipse Ditto Helm chart](https://github.com/eclipse/ditto/tree/master/deployment/helm). Unfortunately the referenced chart is not available in a Helm registry. This is the main reason why we decided to provide our own chart. Furthermore we want to cover some other points: * Enhance flexibility * Enable Prometheus support * Usage of dedicated ServiceAccount * PodDisruptionBudget * Ingress * OIDC support w/o manual change of nginx config ## Prerequisites * Has been tested on Kubernetes 1.11+ ## Installing the Chart To install the chart with the release name `ditto-digital-twins`, run the following command: ```bash helm install kiwigrid/ditto-digital-twins --name ditto-digital-twins ``` ## Uninstalling the Chart To uninstall/delete the `ditto-digital-twins` deployment: ```bash helm delete ditto-digital-twins ``` The command removes all the Kubernetes components associated with the chart and deletes the release. > **Tip**: To completely remove the release, run `helm delete --purge ditto-digital-twins` ## Configuration Please view the `values.yaml` for the list of possible configuration values with its documentation. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: ```bash helm install --name ditto-digital-twins --set swaggerui.enabled=false kiwigrid/ditto-digital-twins ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. ## Configuration Examples ### OpenID Connect (OIDC) To enable OIDC authentiaction adjust following properties: ```yaml global: jwtOnly: true gateway: enableDummyAuth: false systemProps: - "-Dditto.gateway.authentication.oauth.openid-connect-issuers.myprovider=openid-connect.onelogin.com/oidc" ``` ### Securing Devops Resource To secure /devops and /status resource adjust configuration to (username will be `devops`): ```yaml gateway: enableDummyAuth: false devopsSecureStatus: true devopsPassword: foo statusPassword: bar `` ================================================ FILE: charts/ditto-digital-twins/nginx-config/index.html ================================================ Welcome to Eclipse Ditto

You have started Eclipse Ditto

Thank you for trying out Eclipse Ditto!

In order to get started quickly, you can now have a look at the OpenAPI documentation for

Try out the HTTP APIs by using username "ditto" and password "ditto" when asked for by your browser.

We'll add more documentation and examples soon.

— the Ditto team

================================================ FILE: charts/ditto-digital-twins/nginx-config/nginx-cors.conf ================================================ # # CORS header support # # As of Nginx 1.7.5, add_header supports an "always" parameter which # allows CORS to work if the backend returns 4xx or 5xx status code. # # For more information on CORS, please see: http://enable-cors.org/ # From this Gist: https://gist.github.com/Stanback/7145487 # And this: https://gist.github.com/pauloricardomg/7084524 # set $cors '1'; # OPTIONS indicates a CORS pre-flight request if ($request_method = 'OPTIONS') { set $cors "${cors}o"; } if ($cors = '1') { add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,Content-Length,DNT,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Origin,User-Agent,X-Requested-With' always; } # OPTIONS (pre-flight) request from allowed CORS domain. return response directly if ($cors = '1o') { # Tell client that this pre-flight info is valid for 20 days add_header 'Access-Control-Max-Age' 1728000; add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; add_header 'Access-Control-Allow-Credentials' 'true' always; add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,Content-Length,DNT,If-Match,If-Modified-Since,If-None-Match,Keep-Alive,Origin,User-Agent,X-Requested-With' always; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; return 200; } ================================================ FILE: charts/ditto-digital-twins/nginx-config/nginx.htpasswd ================================================ # this file contains sample users and their hashed password ditto:A6BgmB8IEtPTs ================================================ FILE: charts/ditto-digital-twins/openapi/ditto-api-1.yml ================================================ # Copyright (c) 2017 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. # # This program and the accompanying materials are made available under the # terms of the Eclipse Public License 2.0 which is available at # http://www.eclipse.org/legal/epl-2.0 # # SPDX-License-Identifier: EPL-2.0 openapi: 3.0.0 info: title: Eclipse Ditto HTTP API description: JSON-based, REST-like API for Eclipse Ditto version: "1" servers: - url: https://ditto.eclipse.org/api/1 description: "online Ditto Sandbox" - url: /api/1 description: "local Ditto" tags: - name: Things description: Manage every Thing - name: Features description: Structure the Features of your Things - name: Things-Search description: Find every Thing - name: Messages description: Talk with your Things security: # - Google: # - openid - basicAuth: [] - bearerAuth: [] paths: /things: get: summary: List all available Things description: |- Returns all Things passed in by the required parameter `ids`. Optionally you can use field selectors (see parameter `fields`) to only get the specified fields. To retrieve all Things the logged in user is allowed to read, please use the `GET /search/things` operation. tags: - Things parameters: - name: ids in: query description: Contains a comma separated list of `thingId`s to retrieve in one single request. required: true schema: type: string - $ref: '#/components/parameters/thingFieldsQueryParam' responses: '200': description: The successfully completed request contains as its result the first 200 for the user available Things, sorted by their `thingId`. content: application/json: schema: type: array items: $ref: '#/components/schemas/Thing' '400': description: The request could not be completed. At least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '414': description: The request could not be completed due to an URI length exceeding 8k characters. post: summary: Create a new Thing description: |- Creates the Thing defined in the optional JSON body. The ID of the created Thing is a UUID generated by the service with the default namespace `org.eclipse.ditto`. Any `thingId` specified in the request body is therefore ignored. The ACL of the created Thing must include at least one entry with `READ`, `WRITE` and `ADMINISTRATE` permissions set to `true`. If no ACL is provided, a default ACL with an entry for the authorized subject with all permissions set to `true` will be created. tags: - Things responses: '201': description: The Thing was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string Location: description: The location of the created Thing resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Thing' '400': description: |- The request could not be completed. The JSON of the Thing to be created was invalid or the `thingId` was wrongly set in the request body. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/NewThing' example: {} description: |- JSON representation of the Thing to be created. Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. /things/{thingId}: get: summary: Retrieve a specific Thing description: |- Returns the Thing identified by the `thingId` path parameter. The response includes all details about the Thing. Optionally you can use field selectors (see parameter `fields`) to only get the specified fields. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/thingFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The request successfully returned the specific Thing. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Thing' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update a Thing with a specified ID description: |- Create or update the Thing specified by the `thingId` path parameter and the optional JSON body. The `thingId` has to: * contain a mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character * conform to RFC-2396 (URI) #### Valid examples * `org.eclipse.ditto.myproject:myFridge1` * `mynamespace:myFridge1` #### Invalid examples * `42:myFridge1` * `.foo:myFridge1` * `bar.:myFridge1` The ID of a Thing can't be changed after creation. Any `thingId` specified in the request body is therefore ignored. ### Creation of a new Thing The ACL of the created Thing must include at least one entry with `READ`, `WRITE` and `ADMINISTRATE` permissions set to `true`. If no ACL is provided, a default ACL with an entry for the authorized subject with all permissions set to `true` will be created. Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. ### Permissions for updating an existing Thing For updating an existing Thing the authorized subject has to have the `WRITE` permission. If the new Thing to update contains an `acl` entry, the authorized subject additionally has to have the `ADMINISTRATE` permission. For authorized subjects which don't have the `ADMINISTRATE` permission, the complete Thing may be updated if the `acl` entry is not set. ### Partially updating an existing Thing When updating an existing Thing already containing `attributes`, `acl` or `features` the already existing fields must not explicitly be provided again. For this "PUT Thing" request (and only for this top-level update on the Thing) the top-level field to update is merged with the existing top-level fields of the Thing. For example: A Thing already exists with this content: ``` { "thingId": "namespace:thing-name", "acl": {...}, "attributes": { "foo": 1 }, "features": {...} } ``` The Thing's `attributes` may be modified without having to pass the `acl` or the `features` in again. The content of the request's body would be sufficient for updating the `attributes`: ``` { "attributes": { "foo": 2, "bar": false } } ``` The `acl` and `features` of the Thing will not be overwritten, the Thing will be merged as one would expect it: ``` { "thingId": "namespace:thing-name", "acl": {...}, "attributes": { "foo": 2, "bar": false }, "features": {...} } ``` tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Thing was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string Location: description: The location of the created Thing resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Thing' '204': description: The Thing was successfully modified. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON of the Thing to be created/modified was either invalid or did contain a `thingId` which did not match the ID in the URL. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying an existing Thing `WRITE` permission is required. If the `acl` of the Thing should be updated as well, the permission `ADMINISTRATE` is additionally required. The complete Thing without `acl` can however be updated with `WRITE` permission if the body does not contain an `acl` entry. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/NewThing' example: {} description: |- JSON representation of the Thing to be modified. Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. delete: summary: Delete a specific Thing description: |- Deletes the Thing identified by the `thingId` path parameter. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Thing was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting an existing Thing `WRITE` and `ADMINISTRATE` permissions are required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' /things/{thingId}/acl: get: summary: Retrieve the complete ACL of a Thing description: |- Returns the Access Control List (ACL) of the Thing identified by the `thingId` path parameter. The response contains the ACL as JSON object containing a key for each subject having ACL permissions. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The request successfully returned completed and returned is the Access Control List. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Acl' example: { "authorizationSubject1": { "READ": true, "WRITE": true, "ADMINISTRATE": true }, "authorizationSubjectN": { "READ": true, "WRITE": true, "ADMINISTRATE": true } } '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Modify the complete ACL of a Thing description: |- Modify the complete Access Control List (ACL) of the Thing identified by the `thingId` path parameter. The ACL must include at least one entry with `READ`, `WRITE` and `ADMINISTRATE` permissions set to `true`. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Access Control List was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid ACL JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying the ACL of an existing Thing `ADMINISTRATE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/Acl' example: { "{{ request:subjectId }}":{ "READ": true, "WRITE": true, "ADMINISTRATE": true } } description: |- JSON representation of the Access Control List (ACL). Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. required: true /things/{thingId}/acl/{authorizationSubject}: get: summary: Retrieve one ACL entry of a Thing for a specific subject description: |- Returns one Access Control List (ACL) entry of the Thing identified by the `thingId` path parameter and for the subject identified by the `authorizationSubject` path parameter. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/authorizationSubjectPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The request successfully returned completed and returned is the ACL entry. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/AclEntry' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID or the ACL entry was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify one ACL entry of a Thing for a specific subject description: |- Create or modify the Access Control List (ACL) entry of the Thing identified by the `thingId` path parameter and for the subject identified by the `authorizationSubject` path parameter. An ACL entry must contain values for `READ`, `WRITE` and `ADMINISTRATE` permissions, all other permissions will be ignored. The ACL must contain at least one entry with all permissions set to `true`. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/authorizationSubjectPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The ACL entry was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string Location: description: The location of the created ACL entry schema: type: string content: application/json: schema: $ref: '#/components/schemas/AclEntry' '204': description: The ACL entry was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid ACL JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying an ACL entry of an existing Thing `ADMINISTRATE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: $ref: '#/components/requestBodies/AclEntry' delete: summary: Delete one ACL entry of a Thing for a specific subject description: |- Deletes the the Access Control List (ACL) entry of the Thing identified by the `thingId` path parameter and for the subject identified by the `authorizationSubject` path parameter. The ACL must contain at least one entry with all permissions set to `true`. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/authorizationSubjectPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The ACL entry was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting an ACL entry of an existing Thing `ADMINISTRATE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/attributes': get: summary: List all Attributes of a specific Thing description: |- Returns all Attributes of the Thing identified by the `thingId` path parameter. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/attributesFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Attributes of the specific Thing were successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Attributes' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update all Attributes of a specific Thing at once description: |- Create or update the Attributes of a Thing identified by the `thingId` path parameter at once. The Attributes will be replaced by the request body's JSON. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Attributes were successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string Location: description: The location of the created Attribute resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Attributes' '204': description: The Attributes were successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid or was not a JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying the Attributes of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: $ref: '#/components/requestBodies/Attributes' delete: summary: Delete all Attributes of a specific Thing at once description: |- Deletes all Attributes of the Thing identified by the `thingId` path parameter at once. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Attributes were successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting all Attributes of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID or its Attributes were not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/attributes/{attributePath}': get: ummary: Retrieve a specific Attribute of a specific Thing description: |- Returns a specific Attribute of the Thing identified by the `thingId` path parameter. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/attributes/address/city` in order to retrieve the `city` field of an `address` object. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/attributePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Attribute was successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID or the Attribute at the specified path was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update a specific Attribute of a specific Thing description: |- Create or update a specific Attribute of the Thing identified by the `thingId` path parameter. The Attribute will be created if it doesn't exist or else updated. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/attributes/address/city` in order to create/update the `city` field of an `address` object. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/attributePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Attribute was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string Location: description: The location of the created Attribute resource schema: type: string '204': description: The Attribute was successfully modified. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying a single Attribute of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: $ref: '#/components/requestBodies/Value' delete: summary: Delete a specific Attribute of a specific Thing description: |- Deletes a specific Attribute of the Thing identified by the `thingId` path parameter. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/attributes/address/city` in order to delete the `city` field of an `address` object. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/attributePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Attribute was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting a single Attribute of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID or the Attribute at the specified path was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' /things/{thingId}/features: get: summary: List all Features of a specific Thing description: |- Returns all Features of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featuresFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The list of Features of the specific Thing were successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Features' example: { "featureId1": { "definition": [ "namespace:definition1:v1.0" ], "properties": { "property1": "value1" } }, "featureId2": { "definition": [ "namespace:definition2:v1.0" ], "properties": { "property2": "value2" } } } '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found or the Features have not been defined. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify all Features of a specific Thing at once description: |- Create or modify the Features of a Thing identified by the `thingId` path parameter at once. The list of Features will be replaced by the request body's JSON. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Features were successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string Location: description: The location of the created Features resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Features' example: {} '204': description: The Features were successfully modified. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid or was not a JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying all features of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/Features' example: {} description: |- JSON object of the Features to be modified at once. It can be also `null` or an empty object `{}` (all features cleared). required: true delete: summary: Delete all Features of a specific Thing description: |- Deletes all features of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Features were successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting all features of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found or the Features have not been defined. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/features/{featureId}': get: summary: Retrieve a specific Feature of a specific Thing description: |- Returns a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/featureFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Feature was successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Feature' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID or the Feature with the specified `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify a specific Feature of a specific Thing description: |- Create or modify a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Feature was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string Location: description: The location of the created Feature resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Feature' '204': description: The Feature was successfully modified. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON of the Feature to be created was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying a single feature of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/Feature' example: {} description: |- JSON representation of the Feature to be created/modified. It can also be `null` or an empty object `{}`. required: true delete: summary: Delete a specific Feature of a specific Thing description: |- Deletes a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Feature was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting a single feature of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID or the Feature at the specified path was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/features/{featureId}/definition': get: summary: List the Definition of a Feature description: |- Returns the complete Definition of the Feature identified by the `thingId` and `featureId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Definition was successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/FeatureDefinition' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The specified Feature has no Definition or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update the Definition of a Feature description: |- Create or update the complete Definition of a Feature identified by the `thingId` and `featureId` path parameter at once. The Definition will be replaced by the request body's JSON array. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Definition was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string Location: description: The location of the created Definition resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/FeatureDefinition' '204': description: The Definition was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying the Definition of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing or the Feature with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/FeatureDefinition' example: {} description: |- JSON array of the complete Definition to be updated. Consider that the value has to be a JSON array or `null`. The content of the JSON array are strings in the format `"namespace:name:version"` which is enforced. required: true delete: summary: Delete the Definition of a Feature description: |- Deletes the complete Definition of the Feature identified by the `thingId` and `featureId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Definition was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting the Definition of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The specified Feature has no Definition or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/features/{featureId}/properties': get: summary: List all Properties of a Feature. description: |- Returns all Properties of the Feature identified by the `thingId` and `featureId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/propertiesFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Properties were successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/FeatureProperties' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The specified Feature has no Properties or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update all Properties of a Feature at once. description: |- Create or update the Properties of a Feature identified by the `thingId` and `featureId` path parameter at once. The Properties will be replaced by the request body's JSON. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Properties were successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/FeatureProperties' '204': description: The Properties were successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying the Properties of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing or the Feature with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/FeatureProperties' example: {} description: |- JSON object of all Properties to be updated at once. Consider that the value has to be a JSON object or `null`. We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\-]* required: true delete: summary: Delete all Properties of a Feature. description: |- Deletes all Properties of the Feature identified by the `thingId` and `featureId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Properties were successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting the Properties of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The specified Feature has no Properties or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' /things/{thingId}/features/{featureId}/properties/{propertyPath}: get: summary: Retrieve a specific Property of a Feature. description: |- Returns the Property of the Feature identified by the `thingId` and `featureId` path parameter. The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to retrieve the `latitude` field of an `location` Property. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/propertyPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Property was successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The specified Property or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update a specific Property of a Feature. description: |- Create or update a specific Property of a Feature identified by the `thingId` and `featureId` path parameter. The Property will be created if it doesn't exist or else updated. The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to create/update the `latitude` field of an `location` object. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/propertyPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Property was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '204': description: The Property was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For creating/updating a Property of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing or the Feature with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: $ref: '#/components/requestBodies/Value' delete: summary: Delete a specific Property of a Feature. description: |- Deletes a specific Property of the Feature identified by the `thingId` and `featureId` path parameter. The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to delete the `latitude` field of an `location` Property. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/propertyPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Property was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The specified Property or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' /things/{thingId}/inbox/claim: post: summary: Initiates claiming a specific Thing in order to gain access. description: |- Send a Claim message to the Thing identified by the `thingId` path parameter in order to gain access to it. The Claim message is forwarded together with the request body and `Content-Type` header to client(s) which registered for Claim messages of the specific Thing. The decision whether to grant access (by setting permissions) is completely up to the client(s) which handle the Claim message. The HTTP request blocks until a response to the issued Claim message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. No special permissions are required to issue a Claim message. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/messageClaimTimeoutParam' responses: '200': description: The Claim message was processed successfully and the response body contains the custom response. The response body may contain arbitrary data chosen by the recipient. The response code defaults to `200` but may be chosen by the recipient too. '204': description: The Claim message was processed successfully and no custom response body was set. The response code defaults to `204` but may be chosen by the recipient. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' '429': description: The user has sent too many requests in a given amount of time ("rate limiting"). content: application/json: schema: $ref: '#/components/schemas/AdvancedError' requestBody: $ref: '#/components/requestBodies/Payload' /things/{thingId}/inbox/messages/{messageSubject}: post: summary: Send a message TO a specific Thing. description: |- Send a message with the subject `messageSubject` `TO` the Thing identified by the `thingId` path parameter. The request body contains the message payload and the `Content-Type` header defines its type. The API does not provide any kind of acknowledgement that the message was received by the Thing. In order to send a message, the user needs `WRITE` permission at the Thing level. The HTTP request blocks until a response to the message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. In order to handle the message in a fire and forget manner, add a query-parameter `timeout=0` to the request. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/messageSubjectPathParam' - $ref: '#/components/parameters/messageTimeoutParam' responses: '202': description: The message was sent but not necessarly received by the Thing (fire and forget). '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller does not have `WRITE` permission at the Thing level. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' requestBody: $ref: '#/components/requestBodies/Payload' /things/{thingId}/outbox/messages/{messageSubject}: post: summary: Send a message FROM a specific Thing. description: |- Send a message with the subject `messageSubject` `FROM` the Thing identified by the `thingId` path parameter. The request body contains the message payload and the `Content-Type` header defines its type. In order to send a message, the user needs `WRITE` permission at the Thing level. The HTTP request blocks until a response to the message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. In order to handle the message in a fire and forget manner, add a query-parameter `timeout=0` to the request. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/messageSubjectPathParam' - $ref: '#/components/parameters/messageTimeoutParam' responses: '202': description: The message was sent (fire and forget). '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller does not have `WRITE` permission at the Thing level. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' requestBody: $ref: '#/components/requestBodies/Payload' /things/{thingId}/features/{featureId}/inbox/messages/{messageSubject}: post: summary: Send a message TO a specific Feature of a specific Thing. description: |- Send a message with the subject `messageSubject` `TO` the Feature specified by the `featureId` and `thingId` path parameter. The request body contains the message payload and the `Content-Type` header defines its type. The API does not provide any kind of acknowledgement that the message was received by the Feature. In order to send a message, the user needs `WRITE` permission at the Thing level. The HTTP request blocks until a response to the message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. In order to handle the message in a fire and forget manner, add a query-parameter `timeout=0` to the request. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/messageSubjectPathParam' - $ref: '#/components/parameters/messageTimeoutParam' responses: '202': description: The message was sent but not necessarly received by the Feature (fire and forget). '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller does not have `WRITE` permission at the Thing level. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' requestBody: $ref: '#/components/requestBodies/Payload' /things/{thingId}/features/{featureId}/outbox/messages/{messageSubject}: post: summary: Send a message FROM a specific Feature of a specific Thing. description: |- Send a message with the subject `messageSubject` `FROM` the Feature specified by the `featureId` and `thingId` path parameter. The request body contains the message payload and the `Content-Type` header defines its type. In order to send a message, the user needs `WRITE` permission at the Thing level. The HTTP request blocks until a response to the message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. In order to handle the message in a fire and forget manner, add a query-parameter `timeout=0` to the request. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/messageSubjectPathParam' - $ref: '#/components/parameters/messageTimeoutParam' responses: '202': description: The message was sent (fire and forget). '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller does not have `WRITE` permission at the Thing level. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' requestBody: $ref: '#/components/requestBodies/Payload' /search/things: get: summary: Search for Things description: |- This resource can be used to search for things. The query parameter `filter` is not mandatory. If it is not set there are returned all things which the logged in user is allowed to read. The resource supports sorting and paging. If paging is not explicitly specified by means of the `limit` option, a default count of `25` documents is returned. To search for nested properties, we use JSON Pointer notation (RFC-6901). See the following example how to search for the sub property `location` of the parent property `attributes` with a forward slash as separator: ```eq(attributes/location,"kitchen")``` parameters: - $ref: '#/components/parameters/searchFilter' - $ref: '#/components/parameters/namespacesFilter' - $ref: '#/components/parameters/thingFieldsQueryParam' - name: option in: query description: |- Possible values for the parameter: ###### Sort operations * ```sort([+|-]{property})``` * ```sort([+|-]{property},[+|-]{property},...)``` ###### Paging operations * ```size({page-size})``` Maximum allowed page-size is `200`. * ```cursor({cursor-id})``` Start the search from the cursor location. Specify the cursor ID without quotation marks. Cursor IDs are given in responses and mark the position after the final search result. The meaning of cursor IDs is unspecified and may change without notice. The paging option `limit({offset},{count})` is deprecated. It may result in slow queries, time-outs and will be removed eventually. ##### Examples: * ```sort(+thingId)``` * ```sort(-attributes/manufacturer)``` * ```sort(+thingId,-attributes/manufacturer)``` * ```size(10)``` return 10 results * ```cursor(LOREMIPSUM)``` return results after the position of the cursor `LOREMIPSUM`. ##### Combine: If you need to specify multiple options, when using the swagger UI just write each option in a new line. When using the plain REST API programmatically, you will need to separate the options using a comma (,) character. ```size(200),cursor(LOREMIPSUM)``` The deprecated paging option `limit` may not combine with the other paging options `size` and `cursor`. required: false schema: type: array items: type: string tags: - Things-Search responses: '200': description: An array of the matching things. content: application/json: schema: $ref: '#/components/schemas/SearchResultThings' '400': description: The request could not be completed. A provided parameter was in a wrong format. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: The request could not be completed due to an invalid authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '504': description: The request ran out of time to execute on the the back-end. Optimize your query and try again. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' /search/things/count: get: summary: Count Things description: |- This resource can be used to count things. The query parameter `filter` is not mandatory. If it is not set there is returned the total amount of things which the logged in user is allowed to read. To search for nested properties, we use JSON Pointer notation (RFC-6901). See the following example how to search for the sub property `location` of the parent property `attributes` with a forward slash as separator: ```eq(attributes/location,"kitchen")``` parameters: - $ref: '#/components/parameters/searchFilter' - $ref: '#/components/parameters/namespacesFilter' tags: - Things-Search responses: '200': description: A number indicating the amount of matched things content: application/json: schema: $ref: '#/components/schemas/SearchResultThingsCount' '400': description: The request could not be completed. A provided parameter was in a wrong format. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: The request could not be completed due to an invalid authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '504': description: The request ran out of time to execute on the the back-end. Optimize your query and try again. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' components: requestBodies: Attributes: content: application/json: schema: $ref: '#/components/schemas/Attributes' example: {} description: |- JSON object of all Attributes to be modified at once. Consider that the value has to be a JSON object or `null`, examples: * an object: `{ "key": "value"}` -} We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\-]* * an empty object: `{}` required: true AclEntry: content: application/json: schema: $ref: '#/components/schemas/AclEntry' example: { "READ": true, "WRITE": true, "ADMINISTRATE": true } description: |- JSON representation of the Access Control List (ACL) entry for a single authorization subject required: true Payload: content: application/json: schema: type: string example: '' application/octet-stream: schema: type: string example: '' text/plain: schema: type: string example: '' description: |- Payload of the message with max size of 250 kB. It can be any HTTP supported content, including binary content. Value: content: application/json: schema: type: object example: {} description: |- JSON representation of the value to be created/updated. This may be as well `null` or an empty object. Consider that the value has to be a JSON value, examples: * for a number, the JSON value is the number: `42` * for a string, the JSON value must be quoted: `"aString"` * for a boolean, the JSON value is the boolean: `true` * for an object, the JSON value is the object: `{ "key": "value"}` -} We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\-]* * for an list, the JSON value is the list: `[ 1,2,3 ]` required: true securitySchemes: basicAuth: type: http description: |- Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo) scheme: basic bearerAuth: type: http scheme: bearer bearerFormat: JWT description: |- A JSON Web Token issued by a supported OAuth 2.0 Identity Provider, e.g. a Google "id_token" schemas: Error: properties: status: type: integer description: The HTTP status of the error message: type: string description: The message of the error - what went wrong description: type: string description: A description how to fix the error or more details href: type: string description: A link to further information about the error and how to fix it required: - status - message AdvancedError: properties: status: type: integer description: The HTTP status of the error error: type: string description: The error code of the occurred exception message: type: string description: The message of the error - what went wrong description: type: string description: A description how to fix the error or more details href: type: string description: A link to further information about the error and how to fix it required: - status - error - message Attributes: type: object description: An arbitrary JSON object. FeatureDefinition: type: array items: $ref: '#/components/schemas/FeatureDefinitionString' FeatureDefinitionString: type: string description: "A single fully qualified identifier of a Feature Definition in the form 'namespace:name:version'" pattern: ([_a-zA-Z0-9\-.]+):([_a-zA-Z0-9\-.]+):([_a-zA-Z0-9\-.]+) FeatureProperties: type: object description: An arbitrary JSON object. Feature: type: object properties: definition: $ref: '#/components/schemas/FeatureDefinition' description: The Definition of this Feature properties: $ref: '#/components/schemas/FeatureProperties' description: The Properties of this Feature SearchResultThings: properties: items: type: array items: $ref: '#/components/schemas/Thing' cursor: type: string SearchResultThingsCount: type: integer NewThing: type: object properties: acl: $ref: '#/components/schemas/Acl' description: The Access Control List of this Thing containing one AclEntry for each attributes: $ref: '#/components/schemas/Attributes' description: The attributes of this Thing features: $ref: '#/components/schemas/Features' description: The Features of this Thing Thing: type: object required: - thingId - acl - attributes - features properties: thingId: type: string description: |- Unique identifier representing the Thing - has to: * contain the mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character * conform to RFC-2396 (URI) acl: $ref: '#/components/schemas/Acl' description: The Access Control List of this Thing containing one AclEntry for each arbitrary `authorizationSubject` key attributes: $ref: '#/components/schemas/Attributes' description: The attributes of this Thing features: $ref: '#/components/schemas/Features' description: The Features of this Thing Acl: type: object description: Access Control List containing one AclEntry for each arbitrary `authorizationSubject` key properties: additionalProperties: $ref: '#/components/schemas/AclEntry' AclEntry: type: object description: Single Access Control List entry containing the permissions (READ, WRITE, ADMINISTRATE) for the Authorization Subject. required: - READ - WRITE - ADMINISTRATE properties: READ: type: boolean description: Whether the Authorization Subject has permissions to read this entity WRITE: type: boolean description: Whether the Authorization Subject has permissions to modify this entity ADMINISTRATE: type: boolean description: Whether the Authorization Subject has permissions to modify this entity's Access Control List Features: type: object description: List of Features where the key represents the `featureId` of each Feature. The `featureId` key must be unique in the list. properties: additionalProperties: $ref: '#/components/schemas/Feature' responses: entityTooLarge: description: |- The created or modified entity is larger than the accepted limit of 100 kB. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' messageTooLarge: description: |- The size of the send message is larger than the accepted limit of 250 kB. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' notModified: description: |- The (sub-)resource has not been modified. This happens when you specified a If-None-Match header which matches the current ETag of the (sub-)resource. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string preconditionFailed: description: |- A precondition for reading or writing the (sub-)resource failed. This will happen for write requests, when you specified an If-Match or If-None-Match header which fails the precondition check against the current ETag of the (sub-)resource. For read requests, this error may only happen for a failing If-Match header. In case of a failing If-None-Match header for a read request, status 304 will be returned instead. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:", for sub-resources it has the format "hash:". schema: type: string content: application/json: schema: $ref: '#/components/schemas/AdvancedError' parameters: ifMatchHeaderParam: name: If-Match in: header description: >- The `If-Match` header which has to conform to RFC-7232 (Conditional Requests). Common usages are: * optimistic locking by specifying the `ETag` from a previous GET response, e.g. `If-Match: "rev:4711"` * retrieving or modifying a resource only if it already exists, e.g. `If-Match: *` required: false schema: type: string ifNoneMatchHeaderParam: name: If-None-Match in: header description: >- The `If-None-Match` header which has to conform to RFC-7232 (Conditional Requests). A common usage scenario is to modify a resource only if it does not yet exist, thus to create it, by specifying `If-None-Match: *`. required: false schema: type: string featureIdPathPathParam: name: featureId in: path description: The ID of the Feature - has to conform to RFC-2396 (URI) required: true schema: type: string attributePathPathParam: name: attributePath in: path description: The path to the Attribute required: true schema: type: string thingIdPathParam: name: thingId in: path description: |- The ID of the Thing - has to: * contain the mandatory namespace prefix (java package notation + `:` colon) * conform to RFC-2396 (URI) required: true schema: type: string messageSubjectPathParam: name: messageSubject in: path description: The subject of the Message - has to conform to RFC-2396 (URI) required: true schema: type: string messageClaimTimeoutParam: name: timeout in: query description: |- Contains an optional timeout (in seconds) of how long to wait for the Claim response and therefore block the HTTP request. Default value (if omitted): 60 seconds. Maximum value: 600 seconds. A value of 0 seconds applies fire and forget semantics for the message. required: false schema: type: integer messageTimeoutParam: name: timeout in: query description: |- Contains an optional timeout (in seconds) of how long to wait for the message response and therefore block the HTTP request. Default value (if omitted): 10 seconds. Maximum value: 60 seconds. A value of 0 seconds applies fire and forget semantics for the message. required: false schema: type: integer authorizationSubjectPathParam: name: authorizationSubject in: path description: The subject for authorization (e.g. a user id) inside an ACL required: true schema: type: string propertyPathPathParam: name: propertyPath in: path description: The path to the Property required: true schema: type: string thingFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields to be included in the returned JSON. Attributes can be selected in the same manner. #### Selectable fields * `thingId` * `acl` * `attributes` Supports selecting arbitrary sub-fields by using a comma separated list: * several attribute paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields=attributes/model` would select only `model` attribute value (if present) * `?fields=attributes/model,attributes/make` would select only `model` and `make` attribute values (if present) Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields=attributes(model,make)` would select only `model` and `make` attribute values (if present) * `?fields=attributes(location/longitude)` would select the `longitude` value inside the `location` object * `?fields=attributes/address/postal(city,street)` would select the `city` and `street` values inside the `postal` object inside the `address` object * `features` Supports selecting arbitrary fields in features similar to `attributes` (see also Features documentation for more details) * `_namespace` Specifically selects the namespace also contained in the `thingId` * `_revision` Specifically selects the revision of the Thing. The revision is a counter which is incremented on each modification of a Thing. * `_modified` Specifically selects the modified timestamp of the Thing in ISO-8601 UTC format. The timestamp is set on each modification of a Thing. #### Examples * `?fields=thingId,attributes,features` * `?fields=attributes(model,make),features` * `?fields=thingId,attributes/location/longitude,attributes/address(city,street)` required: false schema: type: string attributesFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields from the attributes to be included in the returned JSON. #### Selectable fields Supports selecting arbitrary sub-fields as defined in the attributes by using a comma separated list: * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields=model` would select only `model` attribute value (if present) * `?fields=model,make` would select only `model` and `make` attribute values (if present) Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields=location(longitude,latitude)` would select the `longitude` and `latitude` value inside the `location` attribute #### Examples * `?fields=model,make,location(longitude,latitude)` * `?fields=listOfAddresses/postal(city,street))` required: false schema: type: string propertiesFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields from the properties to be included in the returned JSON. #### Selectable fields Supports selecting arbitrary sub-fields as defined in the properties by using a comma separated list: * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields=temperature` would select only `temperature` property value (if present) * `?fields=temperature,humidity` would select only `temperature` and `humidity` property values (if present) Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields=location(longitude,latitude)` would select the `longitude` and `latitude` value inside the `location` property #### Examples * `?fields=temperature,humidity,location(longitude,latitude)` * `?fields=configuration,status(powerConsumption/watts)` required: false schema: type: string featuresFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields from one or more Features to be included in the returned JSON. #### Selectable fields * `{featureId}` The ID of the Feature to select properties in * `properties` Supports selecting arbitrary sub-fields by using a comma separated list: * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields={featureId}/properties/color` would select only `color` property value (if present) of the Feature identified with `{featureId}` * `?fields={featureId}/properties/color,properties/brightness` would select only `color` and `brightness` property values (if present) of the Feature identified with `{featureId}` Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields={featureId}/properties(color,brightness)` would select only `color` and `brightness` property values (if present) of the Feature identified with `{featureId}` * `?fields={featureId}/properties(location/longitude)` would select the `longitude` value inside the `location` object of the Feature identified with `{featureId}` #### Examples * `?fields=EnvironmentScanner/properties(temperature,humidity)` * `?fields=EnvironmentScanner/properties(temperature,humidity),Vehicle/properties/configuration` required: false schema: type: string featureFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields from the selected Feature to be included in the returned JSON. #### Selectable fields * `properties` Supports selecting arbitrary sub-fields by using a comma separated list: * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields=properties/color` would select only `color` property value (if present) * `?fields=properties/color,properties/brightness` would select only `color` and `brightness` property values (if present) Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields=properties(color,brightness)` would select only `color` and `brightness` property values (if present) * `?fields=properties(location/longitude)` would select the `longitude` value inside the `location` object #### Examples * `?fields=properties(color,brightness)` required: false schema: type: string searchFilter: name: filter in: query description: |- Possible values for the parameter: ##### Filter operations * ```eq({property},{value})``` * ```ne({property},{value})``` * ```gt({property},{value})``` * ```ge({property},{value})``` * ```lt({property},{value})``` * ```le({property},{value})``` * ```in({property},{value},{value},...)``` * ```like({property},{value})``` * ```exists({property})``` Note: When using filter operations, only things with the specified properties are returned. For example, the filter `ne(attributes/owner, "SID123")` will only return things that have the `owner` attribute. ##### logical operations * ```and({query},{query},...)``` * ```or({query},{query},...)``` * ```not({query})``` ##### Examples * ```eq(attributes/location,"kitchen")``` * ```exists(features/featureId)``` * ```and(eq(attributes/location,"kitchen"),eq(attributes/color,"red"))``` * ```or(eq(attributes/location,"kitchen"),eq(attributes/location,"living-room"))``` required: false schema: type: string namespacesFilter: name: namespaces in: query description: |- A comma separated list of namespaces. This list is used to limit the query to things in the given namespaces only. When this parameter is omitted, all namespaces will be queried. #### Examples: * `?namespaces=com.example.namespace` * `?namespaces=com.example.namespace1,com.example.namespace2` required: false schema: type: string ================================================ FILE: charts/ditto-digital-twins/openapi/ditto-api-2.yml ================================================ # Copyright (c) 2017 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. # # This program and the accompanying materials are made available under the # terms of the Eclipse Public License 2.0 which is available at # http://www.eclipse.org/legal/epl-2.0 # # SPDX-License-Identifier: EPL-2.0 openapi: 3.0.0 info: title: Eclipse Ditto HTTP API description: JSON-based, REST-like API for Eclipse Ditto version: "2" servers: - url: https://ditto.eclipse.org/api/2 description: "online Ditto Sandbox" - url: /api/2 description: "local Ditto" tags: - name: Things description: Manage every Thing - name: Features description: Structure the Features of your Things - name: Policies description: Control access to your Things - name: Things-Search description: Find every Thing - name: Messages description: Talk with your Things security: # - Google: # - openid - basicAuth: [] - bearerAuth: [] paths: ### ### Things ### /things: get: summary: List all available Things description: |- Returns all Things passed in by the required parameter `ids`. Optionally you can use field selectors (see parameter `fields`) to only get the specified fields. tags: - Things parameters: - name: ids in: query description: |- Contains a comma separated list of `thingId`s to retrieve in one single request. required: true schema: type: string - $ref: '#/components/parameters/thingFieldsQueryParam' responses: '200': description: |- The successfully completed request contains as its result the first 200 for the user available Things, sorted by their `thingId`. content: application/json: schema: type: array items: $ref: '#/components/schemas/Thing' '400': description: |- The request could not be completed. At least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '414': description: |- The request could not be completed due to an URI length exceeding 8k characters. post: summary: Create a new Thing description: |- Creates the Thing defined in the optional JSON body. The ID of the created Thing is a UUID generated by the service with the default namespace `org.eclipse.ditto`. Any `thingId` specified in the request body is therefore ignored. The Policy must include at least one entry with `WRITE` permission on the `policy:/` resource. If no Policy is provided, a default Policy will be created which grants all permissions to the authorized subject on the root thing and policy resource. tags: - Things responses: '201': description: The Thing was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Thing resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Thing' '400': description: |- The request could not be completed. Possible reasons: * the `thingId` was wrongly set in the request body * the JSON of the Thing to be created was invalid content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed. Either * as the caller would not have access to the thing after creating it with the given policy. * as the caller had insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed as either: * the referenced thing does not exist. * the caller had insufficient permissions to read the referenced thing. * the Policy that should be copied does not exist. * the caller had insufficient permissions to read the Policy that should be copied. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/NewThing' example: {} description: JSON representation of the Thing to be created. '/things/{thingId}': get: summary: Retrieve a specific Thing description: |- Returns the Thing identified by the `thingId` path parameter. The response includes details about the Thing. Note that the Thing's Policy is not included in the response per default. Optionally you can use field selectors (see parameter `fields`) to only get the specified fields. E.g., you can get the Thing's Policy by using a field selector. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/thingFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The request successfully returned the specific Thing. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Thing' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update a Thing with a specified ID description: |- Create or update the Thing specified by the `thingId` path parameter and the optional JSON body. The `thingId` has to: * contain a mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character * conform to RFC-2396 (URI) #### Valid examples * `com.bosch.myproject:myFridge1` * `mynamespace:myFridge1` #### Invalid examples * `42:myFridge1` * `.foo:myFridge1` * `bar.:myFridge1` The ID of a Thing can't be changed after creation. Any `thingId` specified in the request body is therefore ignored. ### Creation of a new Thing The Policy must include at least one entry with `WRITE` permission on the `policy:/` resource. If no Policy is provided, a default Policy will be created which grants all permissions to the authorized subject on the root thing and policy resource. ### Permissions for updating an existing Thing For updating an existing Thing the authorized subject has to have an unrestricted `WRITE` permission on the Thing's root resource. ### Partially updating an existing Thing When updating an existing Thing already containing `attributes`, `policyId` or `features` the already existing fields must not explicitly be provided again. For this "PUT Thing" request (and only for this top-level update on the Thing) the top-level field to update is merged with the existing top-level fields of the Thing. For example: A Thing already exists with this content: ``` { "thingId": "namespace:thing-name", "policyId": "namespace:policy-name", "attributes": { "foo": 1 }, "features": {...} } ``` The Thing's `attributes` may be modified without having to pass the `policyId` or the `features` in again. The content of the request's body would be sufficient for updating the `attributes`: ``` { "attributes": { "foo": 2, "bar": false } } ``` The `policyId` and `features` of the Thing will not be overwritten, the Thing will be merged as one would expect it: ``` { "thingId": "namespace:thing-name", "policyId": "namespace:policy-name", "attributes": { "foo": 2, "bar": false }, "features": {...} } ``` tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Thing was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Thing resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Thing' '204': description: The Thing was successfully modified. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON of the Thing to be created/modified was either invalid or did contain a `thingId` which did not match the ID in the URL. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed. Either * as the caller would not have access to the thing after creating it with the given policy. * as the caller had insufficient permissions. For modifying an existing Thing an unrestricted `WRITE` permission on the Thing's root resource is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed as either: * the referenced thing does not exist. * the caller had insufficient permissions to read the referenced thing. * the Policy that should be copied does not exist. * the caller had insufficient permissions to read the Policy that should be copied. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/NewThing' example: {} description: JSON representation of the Thing to be modified. delete: summary: Delete a specific Thing description: |- Deletes the Thing identified by the `thingId` path parameter. This will not delete the Policy used for controlling access to this Thing managed by resource `/policies/{policyId}`. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Thing was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting an existing Thing an unrestricted `WRITE` permission on the Thing's root resource is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/policyId': get: summary: Retrieve the Policy ID of a Thing description: |- Returns the Policy ID of the Thing identified by the `thingId` path parameter. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The request successfully returned the Policy ID. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: type: string '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update the Policy ID of a Thing description: |- Create or update the Policy ID of the Thing identified by the `thingId` path parameter. If the Thing had not yet a `policyId` set it was considered to be in API version 1, access controlled by the `acl` mechanism. In that case PUTing a `policyId` will create the Policy ID. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: |- The Policy ID was successfully created - the Thing was migrated to API version 2. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: type: string '204': description: The Policy ID was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: type: string example: ':' description: |- The Policy ID used for controlling access to this Thing. Managed by resource `/policies/{policyId}`. * contain the mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character * conform to RFC-2396 (URI) required: true '/things/{thingId}/attributes': get: summary: List all Attributes of a specific Thing description: |- Returns all Attributes of the Thing identified by the `thingId` path parameter. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/attributesFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Attributes of the specific Thing were successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Attributes' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update all Attributes of a specific Thing at once description: |- Create or update the Attributes of a Thing identified by the `thingId` path parameter at once. The Attributes will be replaced by the request body's JSON. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Attributes were successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Attribute resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Attributes' '204': description: The Attributes were successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid or was not a JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying the Attributes of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: $ref: '#/components/requestBodies/Attributes' delete: summary: Delete all Attributes of a specific Thing at once description: |- Deletes all Attributes of the Thing identified by the `thingId` path parameter at once. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Attributes were successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting all Attributes of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID or its Attributes were not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/attributes/{attributePath}': get: summary: Retrieve a specific Attribute of a specific Thing description: |- Returns a specific Attribute of the Thing identified by the `thingId` path parameter. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/attributes/address/city` in order to retrieve the `city` field of an `address` object. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/attributePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Attribute was successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID or the Attribute at the specified path was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update a specific Attribute of a specific Thing description: |- Create or update a specific Attribute of the Thing identified by the `thingId` path parameter. The Attribute will be created if it doesn't exist or else updated. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/attributes/address/city` in order to create/update the `city` field of an `address` object. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/attributePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Attribute was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Attribute resource schema: type: string '204': description: The Attribute was successfully modified. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying a single Attribute of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: $ref: '#/components/requestBodies/Value' delete: summary: Delete a specific Attribute of a specific Thing description: |- Deletes a specific Attribute of the Thing identified by the `thingId` path parameter. The Attribute (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/attributes/address/city` in order to delete the `city` field of an `address` object. tags: - Things parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/attributePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Attribute was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting a single Attribute of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID or the Attribute at the specified path was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' ### ### Features ### '/things/{thingId}/features': get: summary: List all Features of a specific Thing description: |- Returns all Features of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featuresFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: |- The list of Features of the specific Thing were successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Features' example: { "featureId1": { "definition": [ "namespace:definition1:v1.0" ], "properties": { "property1": "value1" } }, "featureId2": { "definition": [ "namespace:definition2:v1.0" ], "properties": { "property2": "value2" } } } '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found or the Features have not been defined. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify all Features of a specific Thing at once description: |- Create or modify the Features of a Thing identified by the `thingId` path parameter at once. The list of Features will be replaced by the request body's JSON. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Features were successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Features resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Features' example: {} '204': description: The Features were successfully modified. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid or was not a JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying all features of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/Features' example: {} description: |- JSON object of the Features to be modified at once. It can be also `null` or an empty object `{}` (all features cleared). required: true delete: summary: Delete all Features of a specific Thing description: |- Deletes all features of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Features were successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting all features of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found or the Features have not been defined. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/features/{featureId}': get: summary: Retrieve a specific Feature of a specific Thing description: |- Returns a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/featureFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Feature was successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Feature' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID or the Feature with the specified `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify a specific Feature of a specific Thing description: |- Create or modify a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Feature was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Feature resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Feature' '204': description: The Feature was successfully modified. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON of the Feature to be created was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying a single feature of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/Feature' example: {} description: |- JSON representation of the Feature to be created/modified. It can also be `null` or an empty object `{}`. required: true delete: summary: Delete a specific Feature of a specific Thing description: |- Deletes a specific Feature identified by the `featureId` path parameter of the Thing identified by the `thingId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Feature was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting a single feature of an existing Thing `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing with the given ID or the Feature at the specified path was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/features/{featureId}/definition': get: summary: List the Definition of a Feature description: |- Returns the complete Definition of the Feature identified by the `thingId` and `featureId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Definition was successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/FeatureDefinition' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The specified Feature has no Definition or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update the Definition of a Feature description: |- Create or update the complete Definition of a Feature identified by the `thingId` and `featureId` path parameter at once. The Definition will be replaced by the request body's JSON array. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Definition was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Definition resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/FeatureDefinition' '204': description: The Definition was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying the Definition of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing or the Feature with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/FeatureDefinition' example: {} description: |- JSON array of the complete Definition to be updated. Consider that the value has to be a JSON array or `null`. The content of the JSON array are strings in the format `"namespace:name:version"` which is enforced. required: true delete: summary: Delete the Definition of a Feature description: |- Deletes the complete Definition of the Feature identified by the `thingId` and `featureId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Definition was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting the Definition of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The specified Feature has no Definition or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/features/{featureId}/properties': get: summary: List all Properties of a Feature description: |- Returns all Properties of the Feature identified by the `thingId` and `featureId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/propertiesFieldsQueryParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Properties were successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/FeatureProperties' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined query parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The specified Feature has no Properties or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update all Properties of a Feature at once description: |- Create or update the Properties of a Feature identified by the `thingId` and `featureId` path parameter at once. The Properties will be replaced by the request body's JSON. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Properties were successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/FeatureProperties' '204': description: The Properties were successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying the Properties of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing or the Feature with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/FeatureProperties' example: {} description: |- JSON object of all Properties to be updated at once. Consider that the value has to be a JSON object or `null`. We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\-]* required: true delete: summary: Delete all Properties of a Feature description: |- Deletes all Properties of the Feature identified by the `thingId` and `featureId` path parameter. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Properties were successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting the Properties of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The specified Feature has no Properties or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/things/{thingId}/features/{featureId}/properties/{propertyPath}': get: summary: Retrieve a specific Property of a Feature description: |- Returns the Property of the Feature identified by the `thingId` and `featureId` path parameter. The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to retrieve the `latitude` field of an `location` Property. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/propertyPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The Property was successfully retrieved. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The specified Property or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update a specific Property of a Feature description: |- Create or update a specific Property of a Feature identified by the `thingId` and `featureId` path parameter. The Property will be created if it doesn't exist or else updated. The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to create/update the `latitude` field of an `location` object. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/propertyPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Property was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '204': description: The Property was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For creating/updating a Property of an existing Feature `WRITE` permission is required. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Thing or the Feature with the given ID was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: $ref: '#/components/requestBodies/Value' delete: summary: Delete a specific Property of a Feature description: |- Deletes a specific Property of the Feature identified by the `thingId` and `featureId` path parameter. The Property (JSON) can be referenced hierarchically by applying JSON Pointer notation (RFC-6901), e.g.: `/things/{thingId}/features/{featureId}/properties/location/latitude` in order to delete the `latitude` field of an `location` Property. tags: - Features parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/propertyPathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Property was successfully deleted. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The specified Property or the Thing with the specified `thingId` or the Feature with `featureId` was not found. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' ### ### Messages ### '/things/{thingId}/inbox/claim': post: summary: Initiates claiming a specific Thing in order to gain access description: |- Send a Claim message to the Thing identified by the `thingId` path parameter in order to gain access to it. The Claim message is forwarded together with the request body and `Content-Type` header to client(s) which registered for Claim messages of the specific Thing. The decision whether to grant access (by setting permissions) is completely up to the client(s) which handle the Claim message. The HTTP request blocks until a response to the issued Claim message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. No special permissions are required to issue a Claim message. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/messageClaimTimeoutParam' responses: '200': description: |- The Claim message was processed successfully and the response body contains the custom response. The response body may contain arbitrary data chosen by the recipient. The response code defaults to `200` but may be chosen by the recipient too. '204': description: |- The Claim message was processed successfully and no custom response body was set. The response code defaults to `204` but may be chosen by the recipient. '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' '429': description: |- The user has sent too many requests in a given amount of time ("rate limiting"). content: application/json: schema: $ref: '#/components/schemas/AdvancedError' requestBody: $ref: '#/components/requestBodies/Payload' '/things/{thingId}/inbox/messages/{messageSubject}': post: summary: Send a message TO a specific Thing description: |- Send a message with the subject `messageSubject` `TO` the Thing identified by the `thingId` path parameter. The request body contains the message payload and the `Content-Type` header defines its type. The API does not provide any kind of acknowledgement that the message was received by the Thing. In order to send a message, the user needs `WRITE` permission at the Thing level. The HTTP request blocks until a response to the message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. In order to handle the message in a fire and forget manner, add a query-parameter `timeout=0` to the request. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/messageSubjectPathParam' - $ref: '#/components/parameters/messageTimeoutParam' responses: '202': description: |- The message was sent but not necessarily received by the Thing (fire and forget). '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller does not have `WRITE` permission on the resource message:/inbox/messages/`messageSubject`. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' requestBody: $ref: '#/components/requestBodies/Payload' '/things/{thingId}/outbox/messages/{messageSubject}': post: summary: Send a message FROM a specific Thing description: |- Send a message with the subject `messageSubject` `FROM` the Thing identified by the `thingId` path parameter. The request body contains the message payload and the `Content-Type` header defines its type. In order to send a message, the user needs `WRITE` permission at the Thing level. The HTTP request blocks until a response to the message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. In order to handle the message in a fire and forget manner, add a query-parameter `timeout=0` to the request. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/messageSubjectPathParam' - $ref: '#/components/parameters/messageTimeoutParam' responses: '202': description: The message was sent (fire and forget). '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller does not have `WRITE` permission on the resource message:/outbox/messages/`messageSubject`. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' requestBody: $ref: '#/components/requestBodies/Payload' '/things/{thingId}/features/{featureId}/inbox/messages/{messageSubject}': post: summary: Send a message TO a specific Feature of a specific Thing description: |- Send a message with the subject `messageSubject` `TO` the Feature specified by the `featureId` and `thingId` path parameter. The request body contains the message payload and the `Content-Type` header defines its type. The API does not provide any kind of acknowledgement that the message was received by the Feature. In order to send a message, the user needs `WRITE` permission at the Thing level. The HTTP request blocks until a response to the message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. In order to handle the message in a fire and forget manner, add a query-parameter `timeout=0` to the request. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/messageSubjectPathParam' - $ref: '#/components/parameters/messageTimeoutParam' responses: '202': description: |- The message was sent but not necessarily received by the Feature (fire and forget). '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller does not have `WRITE` permission on the resource message:/features/`featureId`/inbox/messages/`messageSubject`. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' requestBody: $ref: '#/components/requestBodies/Payload' '/things/{thingId}/features/{featureId}/outbox/messages/{messageSubject}': post: summary: Send a message FROM a specific Feature of a specific Thing description: |- Send a message with the subject `messageSubject` `FROM` the Feature specified by the `featureId` and `thingId` path parameter. The request body contains the message payload and the `Content-Type` header defines its type. In order to send a message, the user needs `WRITE` permission at the Thing level. The HTTP request blocks until a response to the message is available or until the `timeout` is expired. If many clients respond to the issued message, the first response will complete the HTTP request. In order to handle the message in a fire and forget manner, add a query-parameter `timeout=0` to the request. tags: - Messages parameters: - $ref: '#/components/parameters/thingIdPathParam' - $ref: '#/components/parameters/featureIdPathPathParam' - $ref: '#/components/parameters/messageSubjectPathParam' - $ref: '#/components/parameters/messageTimeoutParam' responses: '202': description: The message was sent (fire and forget). '400': description: |- The request could not be completed. The `thingId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or at least one of the defined path parameters was invalid. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller does not have `WRITE` permission on the resource message:/features/`featureId`/outbox/messages/`messageSubject`. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '413': $ref: '#/components/responses/messageTooLarge' requestBody: $ref: '#/components/requestBodies/Payload' ### ### Policies ### '/policies/{policyId}': get: summary: Retrieve a specific Policy description: |- Returns the Policy identified by the `policyId` path parameter. The response contains the Policy as JSON object consisting of Policy Entries. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: |- The request successfully returned completed and returned is the Policy. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Policy' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or update a Policy with a specified ID description: |- Modify the complete Policy identified by the `policyId` path parameter. The `policyId` has to: * contain a mandatory namespace prefix (java package notation + `:` colon) - periods (`.`) may be used in namespace but not as first or last character * conform to RFC-2396 (URI) #### Valid examples * `com.bosch.myproject:myPolicy1` * `mynamespace:myPolicy1` #### Invalid examples * `42:myFridge1` * `.foo:myFridge1` * `bar.:myFridge1` The ID of a Policy can't be changed after creation. Any `policyId` specified in the request body is therefore ignored. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Policy was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Policy resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/Policy' '204': description: The Policy was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid Policy JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying a complete Policy, `WRITE` permission on the resource `policy:/` is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/Policy' example: {} description: |- JSON representation of the Policy. Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. required: true delete: summary: Delete a specific Policy description: |- Deletes the Policy identified by the `policyId` path parameter. Deleting a Policy does not implicitly delete other entities (e.g. Things) which use this Policy. Those have to be deleted in advance of deleting the Policy. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Policy was successfully deleted. '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid Policy JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting an existing Policy, `WRITE` permission on the resource `policy:/` is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/policies/{policyId}/entries': get: summary: Retrieve the entries of a specific Policy description: |- Returns the Policy entries of the Policy identified by the `policyId` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: |- The request successfully returned completed and returned are the Policy entries. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/PolicyEntries' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Modify the entries of a specific Policy description: |- Modify the Policy entries of the Policy identified by the `policyId` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Policy entries were successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid Policy entry JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying the Policy entries of an existing Policy, `WRITE` permission on the resource `policy:/entries` is required is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyEntries' example: {} description: |- JSON representation of the Policy entries. Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. required: true '/policies/{policyId}/entries/{label}': get: summary: Retrieve one Policy entry of a Policy for a specific label description: |- Returns one Policy entry of the Policy identified by the `policyId` path parameter and for the label identified by the `label` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: |- The request successfully returned completed and returned is the Policy entry. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/PolicyEntry' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID or the Policy entry was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify one Policy entry of a Policy for a specific label description: |- Create or modify the Policy entry of the Policy identified by the `policyId` path parameter and with the label identified by the `label` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Policy entry was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Policy entry schema: type: string content: application/json: schema: $ref: '#/components/schemas/PolicyEntry' '204': description: The Policy entry was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid Policy entry JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying a Policy entry of an existing Policy, `WRITE` permission on the resource `policy:/entries/{label}` is required is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyEntry' example: {} description: |- JSON representation of the Policy entry. Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. required: true delete: summary: Delete one Policy entry of a Policy for a specific label description: |- Deletes the Policy entry of the Policy identified by the `policyId` path parameter and with the label identified by the `label` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Policy entry was successfully deleted. '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting a Policy entry of an existing Policy, `WRITE` permission on the resource `policy:/entries/{label}` is required is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/policies/{policyId}/entries/{label}/subjects': get: summary: Retrieve all Subjects of a Policy entry description: |- Returns all Subjects of the Policy entry of the Policy identified by the `policyId` path parameter and for the label identified by the `label` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The request successfully returned. The subjects are returned. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Subjects' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID or the Policy entry was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify all Subjects of a Policy Entry description: |- Create or modify all Subjects of the Policy entry of the Policy identified by the `policyId` path parameter and with the label identified by the `label` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Subjects were successfully created or updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid Subjects JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying Subjects of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/subjects` is required is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/Subjects' example: {} description: |- JSON representation of the Subjects. Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. required: true '/policies/{policyId}/entries/{label}/subjects/{subjectId}': get: summary: Retrieve one specific Subject of a Policy entry description: |- Returns the Subject with ID `subjectId` of the Policy entry identified by the `label` path parameter belonging to the Policy identified by the `policyId` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/subjectIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: |- The request successfully returned completed and returned is the Subject. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/SubjectEntry' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID, the Policy entry or the Subject was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify one specific Subject of a Policy entry description: |- Create or modify the Subject with ID `subjectId` of the Policy entry identified by the `label` path parameter belonging to the Policy identified by the `policyId` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/subjectIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Subject was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Subject schema: type: string content: application/json: schema: $ref: '#/components/schemas/SubjectEntry' '204': description: The Subject was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid Subject JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying a Subject of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/subjects/{subjectId}` is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID or the Policy entry was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/SubjectEntry' example: {} description: JSON representation of the Subject required: true delete: summary: Delete one specific Subject of a Policy entry description: |- Deletes the Subject with ID `subjectId` of the Policy entry identified by the `label` path parameter belonging to the Policy identified by the `policyId` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/subjectIdPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Subject was successfully deleted. '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting a Subject of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/subjects/{subjectId}` is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID, the Policy entry or the Subject was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '/policies/{policyId}/entries/{label}/resources': get: summary: Retrieve all Resources of a Policy entry description: |- Returns all Resources of the Policy entry of the Policy identified by the `policyId` path parameter and for the label identified by the `label` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: The request successfully returned. The resources are returned. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/Resources' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID or the Policy entry was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify all Resources of a Policy Entry description: |- Create or modify all Resources of the Policy entry of the Policy identified by the `policyId` path parameter and with the label identified by the `label` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Resources were successfully created or updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid Resources JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying Resources of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/resources` is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID or the Policy entry was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/Resources' example: {} description: JSON representation of the Resources required: true '/policies/{policyId}/entries/{label}/resources/{resourcePath}': get: summary: Retrieve one specific Resource of a Policy entry description: |- Returns the Resource with path `resourcePath` of the Policy entry identified by the `label` path parameter belonging to the Policy identified by the `policyId` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/resourcePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '200': description: |- The request successfully returned completed and returned is the Resource. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/ResourceEntry' '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID, the Policy entry or the Resource was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' put: summary: Create or modify one specific Resource of a Policy entry description: |- Create or modify the Resource with path `resourcePath` of the Policy entry identified by the `label` path parameter belonging to the Policy identified by the `policyId` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/resourcePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '201': description: The Resource was successfully created. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string Location: description: The location of the created Resource schema: type: string content: application/json: schema: $ref: '#/components/schemas/ResourceEntry' '204': description: The Resource was successfully updated. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string '304': $ref: '#/components/responses/notModified' '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) Or the JSON was invalid, or no valid Resource JSON object. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For modifying a Resource of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/resources/{resourcePath}` is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID or the Policy entry was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' '413': $ref: '#/components/responses/entityTooLarge' requestBody: content: application/json: schema: $ref: '#/components/schemas/ResourceEntry' example: {} description: JSON representation of the Resource required: true delete: summary: Delete one Resource of a Policy entry description: |- Deletes the Resource with path `resourcePath` of the Policy entry identified by the `label` path parameter belonging to the Policy identified by the `policyId` path parameter. tags: - Policies parameters: - $ref: '#/components/parameters/policyIdPathParam' - $ref: '#/components/parameters/labelPathParam' - $ref: '#/components/parameters/resourcePathPathParam' - $ref: '#/components/parameters/ifMatchHeaderParam' - $ref: '#/components/parameters/ifNoneMatchHeaderParam' responses: '204': description: The Resource was successfully deleted. '400': description: |- The request could not be completed. The `policyId` either * does not contain the mandatory namespace prefix (java package notation + `:` colon) * does not conform to RFC-2396 (URI) content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: |- The request could not be completed as the caller had insufficient permissions. For deleting a Resource of an existing Policy entry, `WRITE` permission on the resource `policy:/entries/{label}/resources/{resourcePath}` is required without having any revoke. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '404': description: |- The request could not be completed. The Policy with the given ID, the Policy entry or the Resource was not found in the context of the authenticated user. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '412': $ref: '#/components/responses/preconditionFailed' ### ### Things-Search ### /search/things: get: summary: Search for Things description: |- This resource can be used to search for things. The query parameter `filter` is not mandatory. If it is not set there are returned all things which the logged in user is allowed to read. The resource supports sorting and paging. If paging is not explicitly specified by means of the `limit` option, a default count of `25` documents is returned. To search for nested properties, we use JSON Pointer notation (RFC-6901). See the following example how to search for the sub property `location` of the parent property `attributes` with a forward slash as separator: ```eq(attributes/location,"kitchen")``` parameters: - $ref: '#/components/parameters/searchFilter' - $ref: '#/components/parameters/namespacesFilter' - $ref: '#/components/parameters/thingFieldsQueryParam' - name: option in: query description: |- Possible values for the parameter: ###### Sort operations * ```sort([+|-]{property})``` * ```sort([+|-]{property},[+|-]{property},...)``` ###### Paging operations * ```size({page-size})``` Maximum allowed page-size is `200`. * ```cursor({cursor-id})``` Start the search from the cursor location. Specify the cursor ID without quotation marks. Cursor IDs are given in responses and mark the position after the final search result. The meaning of cursor IDs is unspecified and may change without notice. The paging option `limit({offset},{count})` is deprecated. It may result in slow queries, time-outs and will be removed eventually. ##### Examples: * ```sort(+thingId)``` * ```sort(-attributes/manufacturer)``` * ```sort(+thingId,-attributes/manufacturer)``` * ```size(10)``` return 10 results * ```cursor(LOREMIPSUM)``` return results after the position of the cursor `LOREMIPSUM`. ##### Combine: If you need to specify multiple options, when using the swagger UI just write each option in a new line. When using the plain REST API programmatically, you will need to separate the options using a comma (,) character. ```size(200),cursor(LOREMIPSUM)``` The deprecated paging option `limit` may not combine with the other paging options `size` and `cursor`. required: false schema: type: array items: type: string tags: - Things-Search responses: '200': description: An array of the matching things. content: application/json: schema: $ref: '#/components/schemas/SearchResultThings' '400': description: |- The request could not be completed. A provided parameter was in a wrong format. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: The request could not be completed due to an invalid authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '504': description: The request ran out of time to execute on the the back-end. Optimize your query and try again. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' /search/things/count: get: summary: Count Things description: |- This resource can be used to count things. The query parameter `filter` is not mandatory. If it is not set there is returned the total amount of things which the logged in user is allowed to read. To search for nested properties, we use JSON Pointer notation (RFC-6901). See the following example how to search for the sub property `location` of the parent property `attributes` with a forward slash as separator: ```eq(attributes/location,"kitchen")``` parameters: - $ref: '#/components/parameters/searchFilter' - $ref: '#/components/parameters/namespacesFilter' tags: - Things-Search responses: '200': description: A number indicating the amount of matched things content: application/json: schema: $ref: '#/components/schemas/SearchResultThingsCount' '400': description: |- The request could not be completed. A provided parameter was in a wrong format. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '401': description: The request could not be completed due to missing authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '403': description: The request could not be completed due to an invalid authentication. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' '504': description: The request ran out of time to execute on the the back-end. Optimize your query and try again. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' components: schemas: Error: properties: status: type: integer description: The HTTP status of the error message: type: string description: The message of the error - what went wrong description: type: string description: A description how to fix the error or more details href: type: string description: A link to further information about the error and how to fix it required: - status - message AdvancedError: properties: status: type: integer description: The HTTP status of the error error: type: string description: The error code of the occurred exception message: type: string description: The message of the error - what went wrong description: type: string description: A description how to fix the error or more details href: type: string description: A link to further information about the error and how to fix it required: - status - error - message Attributes: type: object description: An arbitrary JSON object. FeatureDefinition: type: array items: type: string description: "A single fully qualified identifier of a Feature Definition in the form 'namespace:name:version'" pattern: ([_a-zA-Z0-9\-.]+):([_a-zA-Z0-9\-.]+):([_a-zA-Z0-9\-.]+) FeatureProperties: type: object description: An arbitrary JSON object. Feature: type: object properties: definition: $ref: '#/components/schemas/FeatureDefinition' description: The Definition of this Feature properties: $ref: '#/components/schemas/FeatureProperties' description: The Properties of this Feature SearchResultThings: properties: items: type: array items: $ref: '#/components/schemas/Thing' cursor: type: string SearchResultThingsCount: type: integer NewThing: type: object properties: _policy: $ref: '#/components/schemas/Policy' description: |- The initial Policy to create for this Thing. This will create a separate Policy entity managed by resource `/policies/{thingId}`. Use the placeholder `{{ request:subjectId }}` in order to let the backend insert the authenticated subjectId of the HTTP request. _copyPolicyFrom: type: string description: |- This field may contain the Policy ID of an existing Policy. The Policy is copied and used for this newly created Thing. This field may also contain a placeholder reference to a Thing in the format `{{ ref:things/[thingId]/policyId }}` where you need to replace `[thingId]` with a valid Thing ID. The newly created Thing will then obtain a copy of the Policy of the referenced Thing. In the case of using a reference, the caller needs to have READ access to both the Thing and the Policy of the Thing. In the case of using an explicit policy id to copy from, the caller needs to have READ access to the Policy. If you want to specify a Policy ID for the copied policy, use the policyId field. This field must not be used together with the field `_policy`. If you specify both `_policy` and `_copyPolicyFrom` this will lead to an error response. policyId: type: string description: |- The Policy ID used for controlling access to this Thing. Managed by resource `/policies/{policyId}`. attributes: $ref: '#/components/schemas/Attributes' description: The attributes of this Thing features: $ref: '#/components/schemas/Features' description: The Features of this Thing Thing: type: object required: - thingId - policyId - attributes - features properties: thingId: type: string description: Unique identifier representing the thing policyId: type: string description: The policy ID used for controlling access to this thing, managed by resource `/policies/{policyId}` attributes: $ref: '#/components/schemas/Attributes' description: The attributes of this thing features: $ref: '#/components/schemas/Features' description: The features of this thing Policy: type: object description: Policy consisting of PolicyEntries properties: entries: $ref: '#/components/schemas/PolicyEntries' PolicyEntries: type: object description: PolicyEntries containing one PolicyEntry for each arbitrary `label` key properties: label1: $ref: '#/components/schemas/PolicyEntry' labelN: $ref: '#/components/schemas/PolicyEntry' PolicyEntry: type: object description: Single Policy entry containing Subjects and Resources. required: - subjects - resources properties: subjects: $ref: '#/components/schemas/Subjects' resources: $ref: '#/components/schemas/Resources' Subjects: type: object description: |- (Authorization) Subjects containing one SubjectEntry for each arbitrary `issuer:subjectId` key. `issuer` being one of the following `iot-permissions`, `iot-things` properties: 'iot-permissions:subjectId1': $ref: '#/components/schemas/SubjectEntry' 'iot-permissions:subjectIdN': $ref: '#/components/schemas/SubjectEntry' SubjectEntry: type: object description: Single (Authorization) Subject entry holding its type. required: - type properties: type: type: string description: the type of the (Authorization) Subject enum: - iot-permissions-sid - iot-permissions-userid - iot-permissions-groupid - iot-permissions-roleid - iot-things-clientid - jwt Resources: type: object description: |- (Authorization) Resources containing one ResourceEntry for each `type:path` key, `type` being one of the following `thing`, `policy`, `message` properties: 'thing:/': $ref: '#/components/schemas/ResourceEntry' 'thing:/attributes/some/path': $ref: '#/components/schemas/ResourceEntryRestricted' 'policy:/': $ref: '#/components/schemas/ResourceEntry' 'message:/': $ref: '#/components/schemas/ResourceEntry' ResourceEntry: type: object description: |- Single (Authorization) Resource entry defining permissions per effect. Allowed effects are `grant` and `revoke`. properties: grant: type: array items: $ref: '#/components/schemas/Permission' revoke: type: array items: $ref: '#/components/schemas/Permission' ResourceEntryRestricted: type: object description: |- Single (Authorization) Resource entry defining permissions per effect. Allowed effects are `grant` and `revoke`. properties: grant: type: array items: $ref: '#/components/schemas/Permission' revoke: type: array items: $ref: '#/components/schemas/Permission' Permission: type: string description: A Permission allows a certain action on an entity enum: - READ - WRITE Features: type: object description: |- List of Features where the key represents the `featureId` of each Feature. The `featureId` key must be unique in the list. additionalProperties: $ref: '#/components/schemas/Feature' TagTopologyResponse: type: object properties: tag: type: string description: Tag name of the saved Topology snapshot. tagTimestamp: type: string description: Timestamp of the saved Topology snapshot. GraphQLExecutionError: type: object properties: status: type: integer description: The HTTP status of unprocessable entity (422) error: type: string description: |- The error code of GraphQL execution error `"topologoes:graphql.execution.error"` message: type: string description: |- A description of what happened `"GraphQL execution failed with errors."` graphql_errors: type: array items: type: string description: A list of error messages from the GraphQL engine. required: - status - error - message - graphql_errors GraphQLRequest: type: object GraphQLResponse: type: object required: - data properties: data: type: object description: The result of the GraphQL query. GraphQLSchema: type: string description: The GraphQL schema. example: | schema @expand(template: "Topology") { query: Ignored } type Campus implements Topology { id: ID! campusName: String buildings: [Building] companies: [Company] } type Building implements Referenceable { buildingName: String rooms: [Room] } type Room implements Referenceable { roomName: String area: Float } type Company { name: String units: [Referenceable] } Topology: type: object required: - topologyId - policyId - schemaId properties: topologyId: type: string description: The ID of the Topology. policyId: type: string description: |- The Policy ID used for controlling access to this Topology. Managed by resource `/policies/{policyId}`. schemaId: type: string description: |- The Topology Schema ID defining this Topology. Managed by resource `/topology-schemas/{schemaId}`. NewTopology: type: object required: - policyId - schemaId properties: policyId: type: string description: |- The Policy ID used for controlling access to this Topology. Managed by resource `/policies/{policyId}`. schemaId: type: string description: |- The Topology Schema ID defining this Topology. Managed by resource `/topology-schemas/{schemaId}`. _content: $ref: '#/components/schemas/NewTopologyContent' NewTopologyContent: type: object properties: query: type: string description: Only `create` mutation allowed here. variables: type: object NewTopologyResponse: type: object required: - topologyId - policyId - schemaId properties: topologyId: type: string description: The ID of the modified Topology. policyId: type: string description: |- The Policy ID used for controlling access to this Topology. Managed by resource `/policies/{policyId}`. schemaId: type: string description: |- The Topology Schema ID defining this Topology. Managed by resource `/topology-schemas/{schemaId}`. data: type: object description: GraphQL operation result if `_content` was provided with the request body. SearchResultTopologies: properties: items: type: array items: $ref: '#/components/schemas/Topology' TopologySchema: type: object required: - schemaId - policyId properties: schemaId: type: string description: The ID of the Topology Schema. policyId: type: string description: |- The Policy ID used for controlling access to this Topology Schema. Managed by resource `/policies/{policyId}`. content: $ref: '#/components/schemas/GraphQLSchema' NewTopologySchema: type: object required: - schemaId - policyId properties: schemaId: type: string description: The ID of the Topology Schema. policyId: type: string description: |- The Policy ID used for controlling access to this Topology Schema. Managed by resource `/policies/{policyId}`. content: $ref: '#/components/schemas/GraphQLSchema' NewTopologySchemaResponse: type: object required: - schemaId - policyId properties: schemaId: type: string description: The ID of the modified Topology Schema. policyId: type: string description: |- The Policy ID used for controlling access to this Topology Schema. Managed by resource `/policies/{policyId}`. content: $ref: '#/components/schemas/GraphQLSchema' responses: entityTooLarge: description: |- The created or modified entity is larger than the accepted limit of 100 kB. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' messageTooLarge: description: |- The size of the send message is larger than the accepted limit of 250 kB. content: application/json: schema: $ref: '#/components/schemas/AdvancedError' notModified: description: |- The (sub-)resource has not been modified. This happens when you specified a If-None-Match header which matches the current ETag of the (sub-)resource. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string preconditionFailed: description: |- A precondition for reading or writing the (sub-)resource failed. This will happen for write requests, when you specified an If-Match or If-None-Match header which fails the precondition check against the current ETag of the (sub-)resource. For read requests, this error may only happen for a failing If-Match header. In case of a failing If-None-Match header for a read request, status 304 will be returned instead. headers: ETag: description: |- The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". schema: type: string content: application/json: schema: $ref: '#/components/schemas/AdvancedError' parameters: ifMatchHeaderParam: name: If-Match in: header description: >- The `If-Match` header which has to conform to RFC-7232 (Conditional Requests). Common usages are: * optimistic locking by specifying the `ETag` from a previous GET response, e.g. `If-Match: "rev:4711"` * retrieving or modifying a resource only if it already exists, e.g. `If-Match: *` required: false schema: type: string ifNoneMatchHeaderParam: name: If-None-Match in: header description: >- The `If-None-Match` header which has to conform to RFC-7232 (Conditional Requests). A common usage scenario is to modify a resource only if it does not yet exist, thus to create it, by specifying `If-None-Match: *`. required: false schema: type: string featureIdPathPathParam: name: featureId in: path description: The ID of the Feature - has to conform to RFC-2396 (URI) required: true schema: type: string attributePathPathParam: name: attributePath in: path description: The path to the Attribute required: true schema: type: string thingIdPathParam: name: thingId in: path description: |- The ID of the Thing - has to: * contain the mandatory namespace prefix (java package notation + `:` colon) * conform to RFC-2396 (URI) required: true schema: type: string policyIdPathParam: name: policyId in: path description: |- The ID of the Policy - has to: * contain the mandatory namespace prefix (java package notation + `:` colon) * conform to RFC-2396 (URI) required: true schema: type: string topologyIdPathParam: name: topologyId in: path description: |- The ID of the Topology - has to: * contain the mandatory namespace prefix (java package notation + `:` colon) * conform to RFC-2396 (URI) required: true schema: type: string topologyTagPathParam: name: tagId in: path description: |- A Tag of a Topology - has to: * contain 0 or more unreserved URI characters (letters, digits, `-`, `.`, `_`, `~`) * `1.1` * `~topo-1_MILESTONE` * Invalid examples: * `%22topo:logy/+5` * `!(x=42+y=z)` required: true schema: type: string topologyTagQueryParam: name: tag in: query description: |- A tag of a topology - has to: * contain 1 or more unreserved URI characters (letters, digits, `-`, `.`, `_`, `~`) * `1.1` * `topo1-MILESTONE` * Invalid examples: * `%22topo:logy/+5` * `topo?x=42&y=x` required: false schema: type: string topologyTimestampQueryParam: name: tag_timestamp in: query description: |- Timestamp of a Topology tagged in the past - has to: * conform to the ISO 8601 calendar date and time format with mandatory time zone designation. The date must be a fully specified calendar date. Week and ordinal dates are not supported. The time may be accurate up to hours, minutes, seconds or milliseconds. The separator `T` between the date and the time is mandatory. We support both the expanded format `YYYY-MM-DDThh:mm:ss.sTZD` and the basic format `YYYYMMDDThhmmss.sTZD`, where `TZD` is a URL-encoded time zone designator (`Z`, `%2Bhh:mm`, `-hh:mm`, `%2Bhhmm`, or `-hhmm`). Valid examples are: * `2017-01-03T10:15:30.013Z` * `20170103T101530.013Z` * `2017-02-03T10:15:30%2B01:00` * `2017-02-03T10:15:30-01:00` required: false schema: type: string topologyQueryQueryParam: name: query in: query description: |- A URL-encoded GraphQL query string. Suitable for small queries only: The size of the entire URL should not exceed 8 kilobyte. required: true schema: type: string topologyVariablesQueryParam: name: variables in: query description: |- A URL-encoded JSON object containing exactly the variables used in the GraphQL query. required: false schema: type: string topologyOperationNameQueryParam: name: operationName in: query required: false description: |- If several named operations are defined in a GraphQL query, this parameter names the operation to be executed. schema: type: string schemaIdPathParam: name: schemaId in: path description: |- The ID of the Schema: * has to follow the pattern `namespace`:`name`:`version` * `namespace` must conform to java package notation * `name` and `version` must conform to RFC-2396 (URI) required: true schema: type: string schemaFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields to be included in the returned JSON. #### Selectable fields * `schemaId` * `policyId` * `content` * `_revision` Specifically selects the revision of the Schema. The revision is a counter which is incremented on each modification of a Schema. #### Example * `?fields=schemaId,_revision` required: false schema: type: string topologyFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields to be included in the returned JSON. #### Selectable fields * `topologyId` * `policyId` * `schemaId` * `_revision` Specifically selects the revision of the Topology. The revision is a counter which is incremented on each modification of a Topology. #### Example * `?fields=topologyId,_revision` required: false schema: type: string messageSubjectPathParam: name: messageSubject in: path description: The subject of the Message - has to conform to RFC-2396 (URI) required: true schema: type: string messageClaimTimeoutParam: name: timeout in: query description: |- Contains an optional timeout (in seconds) of how long to wait for the Claim response and therefore block the HTTP request. Default value (if omitted): 60 seconds. Maximum value: 600 seconds. A value of 0 seconds applies fire and forget semantics for the message. required: false schema: type: integer messageTimeoutParam: name: timeout in: query description: |- Contains an optional timeout (in seconds) of how long to wait for the message response and therefore block the HTTP request. Default value (if omitted): 10 seconds. Maximum value: 60 seconds. A value of 0 seconds applies fire and forget semantics for the message. required: false schema: type: integer labelPathParam: name: label in: path description: The label of a Policy entry required: true schema: type: string subjectIdPathParam: name: subjectId in: path description: The ID of an (Authorization) Subject required: true schema: type: string resourcePathPathParam: name: resourcePath in: path description: The path of an (Authorization) Resource required: true schema: type: string propertyPathPathParam: name: propertyPath in: path description: The path to the Property required: true schema: type: string thingFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields to be included in the returned JSON. Attributes can be selected in the same manner. #### Selectable fields * `thingId` * `policyId` * `_policy` Specifically selects the policy of the Thing. (The policy is not contained in the returned JSON per default.) * `attributes` Supports selecting arbitrary sub-fields by using a comma separated list: * several attribute paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields=attributes/model` would select only `model` attribute value (if present) * `?fields=attributes/model,attributes/make` would select only `model` and `make` attribute values (if present) Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields=attributes(model,make)` would select only `model` and `make` attribute values (if present) * `?fields=attributes(location/longitude)` would select the `longitude` value inside the `location` object * `?fields=attributes/address/postal(city,street)` would select the `city` and `street` values inside the `postal` object inside the `address` object * `features` Supports selecting arbitrary fields in features similar to `attributes` (see also Features documentation for more details) * `_namespace` Specifically selects the namespace also contained in the `thingId` * `_revision` Specifically selects the revision of the Thing. The revision is a counter which is incremented on each modification of a Thing. * `_modified` Specifically selects the modified timestamp of the Thing in ISO-8601 UTC format. The timestamp is set on each modification of a Thing. #### Examples * `?fields=thingId,attributes,features` * `?fields=attributes(model,make),features` * `?fields=thingId,attributes/location/longitude,attributes/address(city,street)` required: false schema: type: string attributesFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields from the attributes to be included in the returned JSON. #### Selectable fields Supports selecting arbitrary sub-fields as defined in the attributes by using a comma separated list: * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields=model` would select only `model` attribute value (if present) * `?fields=model,make` would select only `model` and `make` attribute values (if present) Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields=location(longitude,latitude)` would select the `longitude` and `latitude` value inside the `location` attribute #### Examples * `?fields=model,make,location(longitude,latitude)` * `?fields=listOfAddresses/postal(city,street))` required: false schema: type: string propertiesFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields from the properties to be included in the returned JSON. #### Selectable fields Supports selecting arbitrary sub-fields as defined in the properties by using a comma separated list: * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields=temperature` would select only `temperature` property value (if present) * `?fields=temperature,humidity` would select only `temperature` and `humidity` property values (if present) Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields=location(longitude,latitude)` would select the `longitude` and `latitude` value inside the `location` property #### Examples * `?fields=temperature,humidity,location(longitude,latitude)` * `?fields=configuration,status(powerConsumption/watts)` required: false schema: type: string featuresFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields from one or more Features to be included in the returned JSON. #### Selectable fields * `{featureId}` The ID of the Feature to select properties in * `properties` Supports selecting arbitrary sub-fields by using a comma separated list: * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields={featureId}/properties/color` would select only `color` property value (if present) of the Feature identified with `{featureId}` * `?fields={featureId}/properties/color,properties/brightness` would select only `color` and `brightness` property values (if present) of the Feature identified with `{featureId}` Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields={featureId}/properties(color,brightness)` would select only `color` and `brightness` property values (if present) of the Feature identified with `{featureId}` * `?fields={featureId}/properties(location/longitude)` would select the `longitude` value inside the `location` object of the Feature identified with `{featureId}` #### Examples * `?fields=EnvironmentScanner/properties(temperature,humidity)` * `?fields=EnvironmentScanner/properties(temperature,humidity),Vehicle/properties/configuration` required: false schema: type: string featureFieldsQueryParam: name: fields in: query description: |- Contains a comma separated list of fields from the selected Feature to be included in the returned JSON. #### Selectable fields * `properties` Supports selecting arbitrary sub-fields by using a comma separated list: * several properties paths can be passed as a comma separated list of JSON pointers (RFC-6901) For example: * `?fields=properties/color` would select only `color` property value (if present) * `?fields=properties/color,properties/brightness` would select only `color` and `brightness` property values (if present) Supports selecting arbitrary sub-fields of objects by wrapping sub-fields inside parentheses `( )`: * a comma-separated list of sub-fields (a sub-field is a JSON pointer (RFC-6901) separated with `/`) to select * sub-selectors can be used to request only specific sub-fields by placing expressions in parentheses `( )` after a selected subfield For example: * `?fields=properties(color,brightness)` would select only `color` and `brightness` property values (if present) * `?fields=properties(location/longitude)` would select the `longitude` value inside the `location` object #### Examples * `?fields=properties(color,brightness)` required: false schema: type: string searchFilter: name: filter in: query description: |- ##### Filter operations: * ```eq({property},{value})``` * ```ne({property},{value})``` * ```gt({property},{value})``` * ```ge({property},{value})``` * ```lt({property},{value})``` * ```le({property},{value})``` * ```in({property},{value},{value},...)``` * ```like({property},{value})``` * ```exists({property})``` Note: When using filter operations, only things with the specified properties are returned. For example, the filter `ne(attributes/owner, "SID123")` will only return things that do have the `owner` attribute. ##### Logical operations: * ```and({query},{query},...)``` * ```or({query},{query},...)``` * ```not({query})``` ##### Examples: * ```eq(attributes/location,"kitchen")``` * ```exists(features/featureId)``` * ```and(eq(attributes/location,"kitchen"),eq(attributes/color,"red"))``` * ```or(eq(attributes/location,"kitchen"),eq(attributes/location,"living-room"))``` required: false schema: type: string namespacesFilter: name: namespaces in: query description: |- A comma separated list of namespaces. This list is used to limit the query to things in the given namespaces only. When this parameter is omitted, all namespaces will be queried. #### Examples: * `?namespaces=com.example.namespace` * `?namespaces=com.example.namespace1,com.example.namespace2` required: false schema: type: string requestBodies: Payload: content: application/json: schema: type: string example: '' application/octet-stream: schema: type: string example: '' text/plain: schema: type: string example: '' description: |- Payload of the message with max size of 250 kB. It can be any HTTP supported content, including binary content. Attributes: content: application/json: schema: $ref: '#/components/schemas/Attributes' example: {} description: |- JSON object of all Attributes to be modified at once. Consider that the value has to be a JSON object or `null`, examples: * an object: `{ "key": "value"}` -} We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\-]* * an empty object: `{}` required: true Value: content: application/json: schema: type: object example: {} description: |- JSON representation of the value to be created/updated. This may be as well `null` or an empty object. Consider that the value has to be a JSON value, examples: * for a number, the JSON value is the number: `42` * for a string, the JSON value must be quoted: `"aString"` * for a boolean, the JSON value is the boolean: `true` * for an object, the JSON value is the object: `{ "key": "value"}` -} We strongly recommend to use a restricted set of characters for the key (identifier). Currently these identifiers should follow the pattern: [_a-zA-Z][_a-zA-Z0-9\-]* * for an list, the JSON value is the list: `[ 1,2,3 ]` required: true securitySchemes: basicAuth: type: http description: |- Eclipse Ditto sandbox demo user (demo1 ... demo9) + password (demo) scheme: basic bearerAuth: type: http scheme: bearer bearerFormat: JWT description: |- A JSON Web Token issued by a supported OAuth 2.0 Identity Provider, e.g. a Google "id_token" ================================================ FILE: charts/ditto-digital-twins/requirements.yaml ================================================ dependencies: - name: mongodb repository: https://kubernetes-charts.storage.googleapis.com version: 7.4.4 condition: mongodb.enabled ================================================ FILE: charts/ditto-digital-twins/templates/NOTES.txt ================================================ Eclipse Ditto installed! Access ditto in your browser (http://localhost:8080) by running: kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ include "ditto-digital-twins.fullname" . }}-nginx 8080:8080 The /status resource can be accessed by: export STATUS_PWD=$(kubectl --namespace {{ .Release.Namespace }} get secret {{ include "ditto-digital-twins.fullname" . }}-gateway-secret -o jsonpath="{.data.status-password}" | base64 --decode) curl -i -X GET "http://devops:${STATUS_PWD}@localhost:8080/status" The /devops resource can be accessed by: export DEVOPS_PWD=$(kubectl --namespace {{ .Release.Namespace }} get secret {{ include "ditto-digital-twins.fullname" . }}-gateway-secret -o jsonpath="{.data.devops-password}" | base64 --decode) curl -i -X GET "http://devops:${DEVOPS_PWD}@localhost:8080/devops" ================================================ FILE: charts/ditto-digital-twins/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "ditto-digital-twins.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "ditto-digital-twins.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "ditto-digital-twins.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Common labels */}} {{- define "ditto-digital-twins.labels" -}} helm.sh/chart: {{ include "ditto-digital-twins.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* Create the name of the service account to use */}} {{- define "ditto-digital-twins.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} {{ default (include "ditto-digital-twins.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} ================================================ FILE: charts/ditto-digital-twins/templates/concierge-deployment.yaml ================================================ {{- if .Values.concierge.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ditto-digital-twins.fullname" . }}-concierge labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-concierge {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: replicas: {{ .Values.concierge.replicaCount }} strategy: {{- with .Values.concierge.updateStrategy }} {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-concierge app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-concierge app.kubernetes.io/instance: {{ .Release.Name }} actorSystemName: {{ .Values.akka.actorSystemName }} {{- with .Values.concierge.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- if .Values.global.prometheus.enabled }} prometheus.io/scrape: "true" prometheus.io/path: "/" prometheus.io/port: "{{ .Values.global.prometheus.port }}" {{- end }} checksum/mongodb-config: {{ include (print $.Template.BasePath "/mongodb-secret.yaml") . | sha256sum }} {{- with .Values.concierge.additionalAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.rbac.enabled }} serviceAccountName: {{ template "ditto-digital-twins.serviceAccountName" . }} {{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-concierge image: "{{ .Values.concierge.image.repository }}:{{ .Values.concierge.image.tag }}" imagePullPolicy: {{ .Values.concierge.image.imagePullPolicy }} command: ["java"] args: {{- if .Values.concierge.systemProps }} {{- toYaml .Values.concierge.systemProps | nindent 12 }} {{- end }} - "-jar" - "/opt/ditto/starter.jar" env: - name: POD_LABEL_SELECTOR value: "app.kubernetes.io/name=%s" - name: POD_NAMESPACE value: {{ .Release.Namespace }} - name: INSTANCE_INDEX valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: DISCOVERY_METHOD value: "kubernetes-api" - name: TZ value: "{{ .Values.global.timezone }}" - name: OPENJ9_JAVA_OPTIONS value: "-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.concierge.ssl }} -Dorg.mongodb.async.type=netty{{ end }}" - name: MONGO_DB_SSL_ENABLED value: "{{ if .Values.dbconfig.concierge.ssl }}true{{ else }}false{{ end }}" - name: MONGO_DB_URI valueFrom: secretKeyRef: name: {{ include "ditto-digital-twins.fullname" . }}-mongodb-secret key: concierge-uri {{- if .Values.global.prometheus.enabled }} - name: PROMETHEUS_PORT value: "{{ .Values.global.prometheus.port }}" {{- end }} {{- if .Values.concierge.extraEnv }} {{- toYaml .Values.concierge.extraEnv | nindent 12 }} {{- end }} ports: - name: http containerPort: 8080 protocol: TCP - name: remoting containerPort: {{ .Values.akka.remoting.port }} protocol: TCP - name: management containerPort: {{ .Values.akka.mgmthttp.port }} protocol: TCP readinessProbe: httpGet: port: management path: /ready initialDelaySeconds: {{ .Values.concierge.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.concierge.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.concierge.readinessProbe.timeoutSeconds }} failureThreshold: {{ .Values.concierge.readinessProbe.failureThreshold }} livenessProbe: httpGet: port: management path: /alive initialDelaySeconds: {{ .Values.concierge.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.concierge.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.concierge.livenessProbe.timeoutSeconds }} failureThreshold: {{ .Values.concierge.livenessProbe.failureThreshold }} resources: {{- toYaml .Values.concierge.resources | nindent 12 }} {{- with .Values.concierge.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.concierge.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.concierge.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/concierge-networkpolicy.yaml ================================================ {{- if .Values.concierge.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }}-concierge labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-concierge {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-concierge app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress - Egress ingress: # Allow inner cluster communication - from: - podSelector: matchLabels: actorSystemName: {{ .Values.akka.actorSystemName }} ports: - protocol: TCP port: {{ .Values.akka.remoting.port }} - protocol: TCP port: {{ .Values.akka.mgmthttp.port }} # Open all egress egress: - {} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/concierge-pdb.yaml ================================================ {{- if and .Values.concierge.podDisruptionBudget.enabled (gt .Values.concierge.replicaCount 1.0) -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ include "ditto-digital-twins.fullname" . }}-concierge labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-concierge {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-concierge app.kubernetes.io/instance: {{ .Release.Name }} minAvailable: {{ .Values.concierge.podDisruptionBudget.minAvailable }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/connectivity-deployment.yaml ================================================ {{- if .Values.connectivity.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ditto-digital-twins.fullname" . }}-connectivity labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-connectivity {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: replicas: {{ .Values.connectivity.replicaCount }} strategy: {{- with .Values.connectivity.updateStrategy }} {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-connectivity app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-connectivity app.kubernetes.io/instance: {{ .Release.Name }} actorSystemName: {{ .Values.akka.actorSystemName }} {{- with .Values.connectivity.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- if .Values.global.prometheus.enabled }} prometheus.io/scrape: "true" prometheus.io/path: "/" prometheus.io/port: "{{ .Values.global.prometheus.port }}" {{- end }} checksum/mongodb-config: {{ include (print $.Template.BasePath "/mongodb-secret.yaml") . | sha256sum }} {{- with .Values.connectivity.additionalAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.rbac.enabled }} serviceAccountName: {{ template "ditto-digital-twins.serviceAccountName" . }} {{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-connectivity image: "{{ .Values.connectivity.image.repository }}:{{ .Values.connectivity.image.tag }}" imagePullPolicy: {{ .Values.connectivity.image.imagePullPolicy }} command: ["java"] args: {{- if .Values.connectivity.systemProps }} {{- toYaml .Values.connectivity.systemProps | nindent 12 }} {{- end }} - "-jar" - "/opt/ditto/starter.jar" env: - name: POD_LABEL_SELECTOR value: "app.kubernetes.io/name=%s" - name: POD_NAMESPACE value: {{ .Release.Namespace }} - name: INSTANCE_INDEX valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: DISCOVERY_METHOD value: "kubernetes-api" - name: TZ value: "{{ .Values.global.timezone }}" - name: OPENJ9_JAVA_OPTIONS value: "-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.connectivity.ssl }} -Dorg.mongodb.async.type=netty{{ end }}" - name: MONGO_DB_SSL_ENABLED value: "{{ if .Values.dbconfig.connectivity.ssl }}true{{ else }}false{{ end }}" - name: MONGO_DB_URI valueFrom: secretKeyRef: name: {{ include "ditto-digital-twins.fullname" . }}-mongodb-secret key: connectivity-uri {{- if .Values.global.prometheus.enabled }} - name: PROMETHEUS_PORT value: "{{ .Values.global.prometheus.port }}" {{- end }} {{- if .Values.connectivity.extraEnv }} {{- toYaml .Values.connectivity.extraEnv | nindent 12 }} {{- end }} ports: - name: http containerPort: 8080 protocol: TCP - name: remoting containerPort: {{ .Values.akka.remoting.port }} protocol: TCP - name: management containerPort: {{ .Values.akka.mgmthttp.port }} protocol: TCP readinessProbe: httpGet: port: management path: /ready initialDelaySeconds: {{ .Values.connectivity.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.connectivity.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.connectivity.readinessProbe.timeoutSeconds }} failureThreshold: {{ .Values.connectivity.readinessProbe.failureThreshold }} livenessProbe: httpGet: port: management path: /alive initialDelaySeconds: {{ .Values.connectivity.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.connectivity.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.connectivity.livenessProbe.timeoutSeconds }} failureThreshold: {{ .Values.connectivity.livenessProbe.failureThreshold }} resources: {{- toYaml .Values.connectivity.resources | nindent 12 }} {{- with .Values.connectivity.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.connectivity.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.connectivity.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/connectivity-networkpolicy.yaml ================================================ {{- if .Values.connectivity.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }}-connectivity labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-connectivity {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-connectivity app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress - Egress ingress: # Allow inner cluster communication - from: - podSelector: matchLabels: actorSystemName: {{ .Values.akka.actorSystemName }} ports: - protocol: TCP port: {{ .Values.akka.remoting.port }} - protocol: TCP port: {{ .Values.akka.mgmthttp.port }} # Open all egress egress: - {} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/connectivity-pdb.yaml ================================================ {{- if and .Values.connectivity.podDisruptionBudget.enabled (gt .Values.connectivity.replicaCount 1.0) -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ include "ditto-digital-twins.fullname" . }}-connectivity labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-connectivity {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-connectivity app.kubernetes.io/instance: {{ .Release.Name }} minAvailable: {{ .Values.connectivity.podDisruptionBudget.minAvailable }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/gateway-deployment.yaml ================================================ {{- if .Values.gateway.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ditto-digital-twins.fullname" . }}-gateway labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: replicas: {{ .Values.gateway.replicaCount }} strategy: {{- with .Values.gateway.updateStrategy }} {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway app.kubernetes.io/instance: {{ .Release.Name }} actorSystemName: {{ .Values.akka.actorSystemName }} {{- with .Values.gateway.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- if .Values.global.prometheus.enabled }} prometheus.io/scrape: "true" prometheus.io/path: "/" prometheus.io/port: "{{ .Values.global.prometheus.port }}" {{- end }} checksum/password-config: {{ include (print $.Template.BasePath "/gateway-secret.yaml") . | sha256sum }} checksum/mongodb-config: {{ include (print $.Template.BasePath "/mongodb-secret.yaml") . | sha256sum }} {{- with .Values.gateway.additionalAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.rbac.enabled }} serviceAccountName: {{ template "ditto-digital-twins.serviceAccountName" . }} {{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-gateway image: "{{ .Values.gateway.image.repository }}:{{ .Values.gateway.image.tag }}" imagePullPolicy: {{ .Values.gateway.image.imagePullPolicy }} command: ["java"] args: {{- if .Values.gateway.systemProps }} {{- toYaml .Values.gateway.systemProps | nindent 12 }} {{- end }} - "-jar" - "/opt/ditto/starter.jar" env: - name: POD_LABEL_SELECTOR value: "app.kubernetes.io/name=%s" - name: POD_NAMESPACE value: {{ .Release.Namespace }} - name: ENABLE_DUMMY_AUTH value: {{ .Values.gateway.enableDummyAuth | quote }} - name: INSTANCE_INDEX valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: DISCOVERY_METHOD value: "kubernetes-api" - name: TZ value: "{{ .Values.global.timezone }}" - name: OPENJ9_JAVA_OPTIONS value: "-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError" - name: DEVOPS_SECURE_STATUS value: "{{ .Values.gateway.devopsSecureStatus }}" - name: DEVOPS_PASSWORD valueFrom: secretKeyRef: name: {{ include "ditto-digital-twins.fullname" . }}-gateway-secret key: devops-password - name: STATUS_PASSWORD valueFrom: secretKeyRef: name: {{ include "ditto-digital-twins.fullname" . }}-gateway-secret key: status-password {{- if .Values.global.prometheus.enabled }} - name: PROMETHEUS_PORT value: "{{ .Values.global.prometheus.port }}" {{- end }} {{- if .Values.gateway.extraEnv }} {{- toYaml .Values.gateway.extraEnv | nindent 12 }} {{- end }} ports: - name: http containerPort: 8080 protocol: TCP - name: remoting containerPort: {{ .Values.akka.remoting.port }} protocol: TCP - name: management containerPort: {{ .Values.akka.mgmthttp.port }} protocol: TCP readinessProbe: httpGet: port: management path: /ready initialDelaySeconds: {{ .Values.gateway.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.gateway.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.gateway.readinessProbe.timeoutSeconds }} failureThreshold: {{ .Values.gateway.readinessProbe.failureThreshold }} livenessProbe: httpGet: port: management path: /alive initialDelaySeconds: {{ .Values.gateway.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.gateway.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.gateway.livenessProbe.timeoutSeconds }} failureThreshold: {{ .Values.gateway.livenessProbe.failureThreshold }} resources: {{- toYaml .Values.gateway.resources | nindent 12 }} {{- with .Values.gateway.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.gateway.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.gateway.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/gateway-networkpolicy.yaml ================================================ {{- if .Values.gateway.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }}-gateway labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress - Egress ingress: # Allow access from Nginx - from: - podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx app.kubernetes.io/instance: {{ .Release.Name }} ports: - protocol: TCP port: http # Allow inner cluster communication - from: - podSelector: matchLabels: actorSystemName: {{ .Values.akka.actorSystemName }} ports: - protocol: TCP port: {{ .Values.akka.remoting.port }} - protocol: TCP port: {{ .Values.akka.mgmthttp.port }} # Open all egress egress: - {} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/gateway-pdb.yaml ================================================ {{- if and .Values.gateway.podDisruptionBudget.enabled (gt .Values.gateway.replicaCount 1.0) -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ include "ditto-digital-twins.fullname" . }}-gateway labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway app.kubernetes.io/instance: {{ .Release.Name }} minAvailable: {{ .Values.gateway.podDisruptionBudget.minAvailable }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/gateway-secret.yaml ================================================ apiVersion: v1 kind: Secret metadata: name: {{ include "ditto-digital-twins.fullname" . }}-gateway-secret labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway-secret {{ include "ditto-digital-twins.labels" . | indent 4 }} type: Opaque data: {{- if .Values.gateway.devopsPassword }} devops-password: {{ .Values.gateway.devopsPassword | b64enc | quote }} {{- else }} devops-password: {{ randAlphaNum 12 | b64enc | quote }} {{- end }} {{- if .Values.gateway.statusPassword }} status-password: {{ .Values.gateway.statusPassword | b64enc | quote }} {{- else }} status-password: {{ randAlphaNum 12 | b64enc | quote }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/gateway-service.yaml ================================================ {{- if .Values.gateway.enabled -}} apiVersion: v1 kind: Service metadata: name: {{ include "ditto-digital-twins.fullname" . }}-gateway labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway {{ include "ditto-digital-twins.labels" . | indent 4 }} {{- with .Values.gateway.service.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: ports: - port: {{ .Values.gateway.service.port }} targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-gateway app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/mongodb-secret.yaml ================================================ apiVersion: v1 kind: Secret metadata: name: {{ include "ditto-digital-twins.fullname" . }}-mongodb-secret labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-mongodb-secret {{ include "ditto-digital-twins.labels" . | indent 4 }} type: Opaque data: concierge-uri: {{ .Values.dbconfig.concierge.uri | b64enc | quote}} connectivity-uri: {{ .Values.dbconfig.connectivity.uri | b64enc | quote}} things-uri: {{ .Values.dbconfig.things.uri | b64enc | quote}} searchDB-uri: {{ .Values.dbconfig.searchDB.uri | b64enc | quote}} policies-uri: {{ .Values.dbconfig.policies.uri | b64enc | quote}} ================================================ FILE: charts/ditto-digital-twins/templates/nginx-config.yaml ================================================ {{- if .Values.nginx.enabled -}} {{- $releaseName := .Release.Name -}} {{- $name := include "ditto-digital-twins.name" . -}} {{- $labels := include "ditto-digital-twins.labels" . -}} {{ $root := . }} {{ range $path, $bytes := .Files.Glob "nginx-config/**" }} apiVersion: v1 kind: ConfigMap metadata: name: {{ $releaseName }}-{{ $path | replace "/" "-" | replace "." "-" }} labels: app.kubernetes.io/name: {{ $name }}-nginx-config {{ $labels | indent 4 }} data: {{ $path | replace "nginx-config/" ""}}: |- {{ $root.Files.Get $path | indent 4 }} --- {{- end -}} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/nginx-configmap.yaml ================================================ apiVersion: v1 kind: ConfigMap metadata: name: {{ .Release.Name }}-nginx-conf labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx-conf {{ include "ditto-digital-twins.labels" . | indent 4 }} data: nginx.conf: |- worker_processes 1; events {worker_connections 1024;} http { charset utf-8; default_type application/json; # timeouts are configured slightly higher than ditto-ditto-digital-twins-gateway read-timeout of 60 seconds proxy_connect_timeout 70; # seconds, default: 60 proxy_send_timeout 70; # seconds, default: 60 proxy_read_timeout 70; # seconds, default: 60 send_timeout 70; # seconds, default: 60 client_header_buffer_size 8k; # allow longer URIs + headers (default: 1k) large_client_header_buffers 4 16k; merge_slashes off; # allow multiple slashes for CRS Authentication upstream {{ include "ditto-digital-twins.fullname" . }}-gateway { server {{ include "ditto-digital-twins.fullname" . }}-gateway:8080; } server { listen 80; server_name localhost; location / { index index.html; } # api location /api { include nginx-cors.conf; {{ if .Values.global.jwtOnly -}} proxy_pass_request_headers on; proxy_set_header Authorization $http_authorization; {{ else }} auth_basic "Authentication required"; auth_basic_user_file nginx.htpasswd; proxy_set_header X-Forwared-User $remote_user; proxy_set_header x-ditto-dummy-auth "nginx:${remote_user}"; {{- end }} proxy_pass http://{{ include "ditto-digital-twins.fullname" . }}-gateway; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Connection ''; chunked_transfer_encoding off; proxy_buffering off; proxy_cache off; } # ws location /ws { {{ if .Values.global.jwtOnly -}} proxy_pass_request_headers on; proxy_set_header Authorization $http_authorization; {{ else }} auth_basic "Authentication required"; auth_basic_user_file nginx.htpasswd; proxy_set_header X-Forwared-User $remote_user; proxy_set_header x-ditto-dummy-auth "nginx:${remote_user}"; {{- end }} proxy_pass http://{{ include "ditto-digital-twins.fullname" . }}-gateway; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 1d; proxy_send_timeout 1d; } # health location /health { include nginx-cors.conf; proxy_pass http://{{ include "ditto-digital-twins.fullname" . }}-gateway/health; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-User $remote_user; } # status location /status { include nginx-cors.conf; proxy_pass http://{{ include "ditto-digital-twins.fullname" . }}-gateway/overall/status; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-User $remote_user; } # devops location /devops { include nginx-cors.conf; proxy_pass http://{{ include "ditto-digital-twins.fullname" . }}-gateway/devops; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-User $remote_user; } # swagger # access API doc on: /apidoc/1 or /apidoc/2 location /apidoc/ { rewrite ^/apidoc/([0-9])$ $scheme://$http_host/apidoc/?url=/apidoc/openapi/ditto-api-$1.yml redirect; proxy_pass http://{{ include "ditto-digital-twins.fullname" . }}-swaggerui:8080/; proxy_http_version 1.1; proxy_set_header Host $http_host; } } } ================================================ FILE: charts/ditto-digital-twins/templates/nginx-deployment.yaml ================================================ {{- if .Values.nginx.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ditto-digital-twins.fullname" . }}-nginx labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: replicas: {{ .Values.nginx.replicaCount }} strategy: {{- with .Values.nginx.updateStrategy }} {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx app.kubernetes.io/instance: {{ .Release.Name }} {{- with .Values.nginx.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: checksum/nginx-conf: {{ include (print $.Template.BasePath "/nginx-configmap.yaml") . | sha256sum }} checksum/nginx-config: {{ include (print $.Template.BasePath "/nginx-config.yaml") . | sha256sum }} {{- with .Values.nginx.additionalAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-nginx image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}" imagePullPolicy: {{ .Values.nginx.image.imagePullPolicy }} env: {{- if .Values.nginx.extraEnv }} {{- toYaml .Values.nginx.extraEnv | nindent 12 }} {{- end }} ports: - name: http containerPort: 80 protocol: TCP {{- if .Values.nginx.readinessProbe }} readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }} {{- end }} {{- if .Values.nginx.livenessProbe }} livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }} {{- end }} resources: {{- toYaml .Values.nginx.resources | nindent 12 }} volumeMounts: - name: nginx-conf mountPath: /etc/nginx/nginx.conf subPath: nginx.conf - name: nginx-htpasswd mountPath: /etc/nginx/nginx.htpasswd subPath: nginx.htpasswd - name: nginx-cors mountPath: /etc/nginx/nginx-cors.conf subPath: nginx-cors.conf - name: nginx-index mountPath: /etc/nginx/html/index.html subPath: index.html volumes: - name: nginx-conf configMap: name: {{ .Release.Name }}-nginx-conf - name: nginx-htpasswd configMap: name: {{ .Release.Name }}-nginx-config-nginx-htpasswd - name: nginx-cors configMap: name: {{ .Release.Name }}-nginx-config-nginx-cors-conf - name: nginx-index configMap: name: {{ .Release.Name }}-nginx-config-index-html {{- if .Values.nginx.rootAccess }} securityContext: runAsUser: 0 {{- end }} {{- with .Values.nginx.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nginx.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nginx.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/nginx-ingress.yaml ================================================ {{- if .Values.ingress.enabled -}} {{- $fullName := include "ditto-digital-twins.fullname" . -}} {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: name: {{ $fullName }} labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx {{ include "ditto-digital-twins.labels" . | indent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} {{- end }} {{- end }} rules: {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: {{- range .paths }} - path: {{ . }} backend: serviceName: {{ $fullName }}-nginx servicePort: http {{- end }} {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/nginx-service.yaml ================================================ {{- if .Values.nginx.enabled -}} apiVersion: v1 kind: Service metadata: name: {{ include "ditto-digital-twins.fullname" . }}-nginx labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx {{ include "ditto-digital-twins.labels" . | indent 4 }} {{- with .Values.nginx.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: type: {{ .Values.nginx.service.type }} ports: - port: {{ .Values.nginx.service.port }} targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/policies-deployment.yaml ================================================ {{- if .Values.policies.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ditto-digital-twins.fullname" . }}-policies labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-policies {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: replicas: {{ .Values.policies.replicaCount }} strategy: {{- with .Values.policies.updateStrategy }} {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-policies app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-policies app.kubernetes.io/instance: {{ .Release.Name }} actorSystemName: {{ .Values.akka.actorSystemName }} {{- with .Values.policies.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- if .Values.global.prometheus.enabled }} prometheus.io/scrape: "true" prometheus.io/path: "/" prometheus.io/port: "{{ .Values.global.prometheus.port }}" {{- end }} checksum/mongodb-config: {{ include (print $.Template.BasePath "/mongodb-secret.yaml") . | sha256sum }} {{- with .Values.policies.additionalAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.rbac.enabled }} serviceAccountName: {{ template "ditto-digital-twins.serviceAccountName" . }} {{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-policies image: "{{ .Values.policies.image.repository }}:{{ .Values.policies.image.tag }}" imagePullPolicy: {{ .Values.policies.image.imagePullPolicy }} command: ["java"] args: {{- if .Values.policies.systemProps }} {{- toYaml .Values.policies.systemProps | nindent 12 }} {{- end }} - "-jar" - "/opt/ditto/starter.jar" env: - name: POD_LABEL_SELECTOR value: "app.kubernetes.io/name=%s" - name: POD_NAMESPACE value: {{.Release.Namespace}} - name: INSTANCE_INDEX valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: DISCOVERY_METHOD value: "kubernetes-api" - name: TZ value: "{{ .Values.global.timezone }}" - name: OPENJ9_JAVA_OPTIONS value: "-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.policies.ssl }} -Dorg.mongodb.async.type=netty{{ end }}" - name: MONGO_DB_SSL_ENABLED value: "{{ if .Values.dbconfig.policies.ssl }}true{{ else }}false{{ end }}" - name: MONGO_DB_URI valueFrom: secretKeyRef: name: {{ include "ditto-digital-twins.fullname" . }}-mongodb-secret key: policies-uri {{- if .Values.global.prometheus.enabled }} - name: PROMETHEUS_PORT value: "{{ .Values.global.prometheus.port }}" {{- end }} {{- if .Values.policies.extraEnv }} {{- toYaml .Values.policies.extraEnv | nindent 12 }} {{- end }} ports: - name: http containerPort: 8080 protocol: TCP - name: remoting containerPort: {{ .Values.akka.remoting.port }} protocol: TCP - name: management containerPort: {{ .Values.akka.mgmthttp.port }} protocol: TCP readinessProbe: httpGet: port: management path: /ready initialDelaySeconds: {{ .Values.policies.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.policies.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.policies.readinessProbe.timeoutSeconds }} failureThreshold: {{ .Values.policies.readinessProbe.failureThreshold }} livenessProbe: httpGet: port: management path: /alive initialDelaySeconds: {{ .Values.policies.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.policies.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.policies.livenessProbe.timeoutSeconds }} failureThreshold: {{ .Values.policies.livenessProbe.failureThreshold }} resources: {{- toYaml .Values.policies.resources | nindent 12 }} {{- with .Values.policies.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.policies.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.policies.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/policies-networkpolicy.yaml ================================================ {{- if .Values.policies.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }}-policies labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-policies {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-policies app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress - Egress ingress: # Allow inner cluster communication - from: - podSelector: matchLabels: actorSystemName: {{ .Values.akka.actorSystemName }} ports: - protocol: TCP port: {{ .Values.akka.remoting.port }} - protocol: TCP port: {{ .Values.akka.mgmthttp.port }} # Open all egress egress: - {} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/policies-pdb.yaml ================================================ {{- if and .Values.policies.podDisruptionBudget.enabled (gt .Values.policies.replicaCount 1.0) -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ include "ditto-digital-twins.fullname" . }}-policies labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-policies {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-policies app.kubernetes.io/instance: {{ .Release.Name }} minAvailable: {{ .Values.policies.podDisruptionBudget.minAvailable }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/role.yaml ================================================ {{- if .Values.rbac.enabled -}} kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }} labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }} {{ include "ditto-digital-twins.labels" . | indent 4 }} rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "watch", "list"] {{- end -}} ================================================ FILE: charts/ditto-digital-twins/templates/rolebinding.yaml ================================================ {{- if .Values.rbac.enabled -}} kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }} labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }} {{ include "ditto-digital-twins.labels" . | indent 4 }} roleRef: kind: Role name: {{ include "ditto-digital-twins.fullname" . }} apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: {{ template "ditto-digital-twins.serviceAccountName" . }} {{- end -}} ================================================ FILE: charts/ditto-digital-twins/templates/serviceaccount.yaml ================================================ {{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "ditto-digital-twins.serviceAccountName" . }} labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }} {{ include "ditto-digital-twins.labels" . | indent 4 }} {{- end -}} ================================================ FILE: charts/ditto-digital-twins/templates/swaggerui-config.yaml ================================================ {{- if .Values.swaggerui.enabled -}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "ditto-digital-twins.fullname" . }}-swaggerui labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui {{ include "ditto-digital-twins.labels" . | indent 4 }} data: {{ (.Files.Glob "openapi/*").AsConfig | indent 2 }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/swaggerui-deployment.yaml ================================================ {{- if .Values.swaggerui.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ditto-digital-twins.fullname" . }}-swaggerui labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: spec: replicas: {{ .Values.swaggerui.replicaCount }} strategy: {{- with .Values.swaggerui.updateStrategy }} {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui app.kubernetes.io/instance: {{ .Release.Name }} {{- with .Values.swaggerui.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- with .Values.swaggerui.additionalAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-swaggerui image: "{{ .Values.swaggerui.image.repository }}:{{ .Values.swaggerui.image.tag }}" imagePullPolicy: {{ .Values.swaggerui.image.imagePullPolicy }} env: {{- if .Values.swaggerui.extraEnv }} {{- toYaml .Values.swaggerui.extraEnv | nindent 12 }} {{- end }} ports: - name: http containerPort: 8080 protocol: TCP volumeMounts: - name: swagger-ui-api mountPath: /usr/share/nginx/html/openapi volumes: - name: swagger-ui-api configMap: name: {{ include "ditto-digital-twins.fullname" . }}-swaggerui {{- if .Values.swaggerui.rootAccess }} securityContext: runAsUser: 0 {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/swaggerui-networkpolicy.yaml ================================================ {{- if .Values.swaggerui.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }}-swaggerui labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress - Egress ingress: - from: - podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-nginx app.kubernetes.io/instance: {{ .Release.Name }} ports: - protocol: TCP port: 8080 {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/swaggerui-pdb.yaml ================================================ {{- if and .Values.swaggerui.podDisruptionBudget.enabled (gt .Values.swaggerui.replicaCount 1.0) -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ include "ditto-digital-twins.fullname" . }}-swaggerui labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui app.kubernetes.io/instance: {{ .Release.Name }} minAvailable: {{ .Values.swaggerui.podDisruptionBudget.minAvailable }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/swaggerui-service.yaml ================================================ {{- if .Values.swaggerui.enabled -}} apiVersion: v1 kind: Service metadata: name: {{ include "ditto-digital-twins.fullname" . }}-swaggerui labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui {{ include "ditto-digital-twins.labels" . | indent 4 }} {{- with .Values.swaggerui.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: ports: - port: {{ .Values.swaggerui.service.port }} targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-swaggerui app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/things-deployment.yaml ================================================ {{- if .Values.things.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ditto-digital-twins.fullname" . }}-things labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-things {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: replicas: {{ .Values.things.replicaCount }} strategy: {{- with .Values.things.updateStrategy }} {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-things app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-things app.kubernetes.io/instance: {{ .Release.Name }} actorSystemName: {{ .Values.akka.actorSystemName }} {{- with .Values.things.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- if .Values.global.prometheus.enabled }} prometheus.io/scrape: "true" prometheus.io/path: "/" prometheus.io/port: "{{ .Values.global.prometheus.port }}" {{- end }} checksum/mongodb-config: {{ include (print $.Template.BasePath "/mongodb-secret.yaml") . | sha256sum }} {{- with .Values.things.additionalAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.rbac.enabled }} serviceAccountName: {{ template "ditto-digital-twins.serviceAccountName" . }} {{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-things image: "{{ .Values.things.image.repository }}:{{ .Values.things.image.tag }}" imagePullPolicy: {{ .Values.things.image.imagePullPolicy }} command: ["java"] args: {{- if .Values.things.systemProps }} {{- toYaml .Values.things.systemProps | nindent 12 }} {{- end }} - "-jar" - "/opt/ditto/starter.jar" env: - name: POD_LABEL_SELECTOR value: "app.kubernetes.io/name=%s" - name: POD_NAMESPACE value: {{.Release.Namespace}} - name: INSTANCE_INDEX valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: DISCOVERY_METHOD value: "kubernetes-api" - name: TZ value: "{{ .Values.global.timezone }}" - name: OPENJ9_JAVA_OPTIONS value: "-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.things.ssl }} -Dorg.mongodb.async.type=netty{{ end }}" - name: MONGO_DB_SSL_ENABLED value: "{{ if .Values.dbconfig.things.ssl }}true{{ else }}false{{ end }}" - name: MONGO_DB_URI valueFrom: secretKeyRef: name: {{ include "ditto-digital-twins.fullname" . }}-mongodb-secret key: things-uri {{- if .Values.global.prometheus.enabled }} - name: PROMETHEUS_PORT value: "{{ .Values.global.prometheus.port }}" {{- end }} {{- if .Values.things.extraEnv }} {{- toYaml .Values.things.extraEnv | nindent 12 }} {{- end }} ports: - name: http containerPort: 8080 protocol: TCP - name: remoting containerPort: {{ .Values.akka.remoting.port }} protocol: TCP - name: management containerPort: {{ .Values.akka.mgmthttp.port }} protocol: TCP readinessProbe: httpGet: port: management path: /ready initialDelaySeconds: {{ .Values.things.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.things.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.things.readinessProbe.timeoutSeconds }} failureThreshold: {{ .Values.things.readinessProbe.failureThreshold }} livenessProbe: httpGet: port: management path: /alive initialDelaySeconds: {{ .Values.things.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.things.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.things.livenessProbe.timeoutSeconds }} failureThreshold: {{ .Values.things.livenessProbe.failureThreshold }} resources: {{- toYaml .Values.things.resources | nindent 12 }} {{- with .Values.things.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.things.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.things.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/things-networkpolicy.yaml ================================================ {{- if .Values.things.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }}-things labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-things {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-things app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress - Egress ingress: # Allow access from concierge - from: - podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-concierge app.kubernetes.io/instance: {{ .Release.Name }} ports: - protocol: TCP port: http # Allow inner cluster communication - from: - podSelector: matchLabels: actorSystemName: {{ .Values.akka.actorSystemName }} ports: - protocol: TCP port: {{ .Values.akka.remoting.port }} - protocol: TCP port: {{ .Values.akka.mgmthttp.port }} # Open all egress egress: - {} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/things-pdb.yaml ================================================ {{- if and .Values.things.podDisruptionBudget.enabled (gt .Values.things.replicaCount 1.0) -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ include "ditto-digital-twins.fullname" . }}-things labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-things {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-things app.kubernetes.io/instance: {{ .Release.Name }} minAvailable: {{ .Values.things.podDisruptionBudget.minAvailable }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/thingssearch-deployment.yaml ================================================ {{- if .Values.thingsSearch.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ditto-digital-twins.fullname" . }}-thingssearch labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-thingssearch {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: replicas: {{ .Values.thingsSearch.replicaCount }} strategy: {{- with .Values.thingsSearch.updateStrategy }} {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-thingssearch app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-thingssearch app.kubernetes.io/instance: {{ .Release.Name }} actorSystemName: {{ .Values.akka.actorSystemName }} {{- with .Values.thingsSearch.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- if .Values.global.prometheus.enabled }} prometheus.io/scrape: "true" prometheus.io/path: "/" prometheus.io/port: "{{ .Values.global.prometheus.port }}" {{- end }} checksum/mongodb-config: {{ include (print $.Template.BasePath "/mongodb-secret.yaml") . | sha256sum }} {{- with .Values.thingsSearch.additionalAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.rbac.enabled }} serviceAccountName: {{ template "ditto-digital-twins.serviceAccountName" . }} {{- end }} {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }}-thingssearch image: "{{ .Values.thingsSearch.image.repository }}:{{ .Values.thingsSearch.image.tag }}" imagePullPolicy: {{ .Values.thingsSearch.image.imagePullPolicy }} command: ["java"] args: {{- if .Values.thingsSearch.systemProps }} {{- toYaml .Values.thingsSearch.systemProps | nindent 12 }} {{- end }} - "-jar" - "/opt/ditto/starter.jar" env: - name: POD_LABEL_SELECTOR value: "app.kubernetes.io/name=%s" - name: POD_NAMESPACE value: {{.Release.Namespace}} - name: INSTANCE_INDEX valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: HOSTNAME valueFrom: fieldRef: apiVersion: v1 fieldPath: status.podIP - name: DISCOVERY_METHOD value: "kubernetes-api" - name: TZ value: "{{ .Values.global.timezone }}" - name: OPENJ9_JAVA_OPTIONS value: "-XX:MaxRAMPercentage=80 -XX:InitialRAMPercentage=40 -XX:+ExitOnOutOfMemoryError{{ if .Values.dbconfig.searchDB.ssl }} -Dorg.mongodb.async.type=netty{{ end }}" - name: MONGO_DB_SSL_ENABLED value: "{{ if .Values.dbconfig.searchDB.ssl }}true{{ else }}false{{ end }}" - name: MONGO_DB_URI valueFrom: secretKeyRef: name: {{ include "ditto-digital-twins.fullname" . }}-mongodb-secret key: searchDB-uri {{- if .Values.global.prometheus.enabled }} - name: PROMETHEUS_PORT value: "{{ .Values.global.prometheus.port }}" {{- end }} {{- if .Values.thingsSearch.extraEnv }} {{- toYaml .Values.thingsSearch.extraEnv | nindent 12 }} {{- end }} ports: - name: http containerPort: 8080 protocol: TCP - name: remoting containerPort: {{ .Values.akka.remoting.port }} protocol: TCP - name: management containerPort: {{ .Values.akka.mgmthttp.port }} protocol: TCP readinessProbe: httpGet: port: management path: /ready initialDelaySeconds: {{ .Values.thingsSearch.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.thingsSearch.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.thingsSearch.readinessProbe.timeoutSeconds }} failureThreshold: {{ .Values.thingsSearch.readinessProbe.failureThreshold }} livenessProbe: httpGet: port: management path: /alive initialDelaySeconds: {{ .Values.thingsSearch.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.thingsSearch.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.thingsSearch.livenessProbe.timeoutSeconds }} failureThreshold: {{ .Values.thingsSearch.livenessProbe.failureThreshold }} resources: {{- toYaml .Values.thingsSearch.resources | nindent 12 }} {{- with .Values.thingsSearch.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.thingsSearch.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.thingsSearch.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/thingssearch-networkpolicy.yaml ================================================ {{- if .Values.thingsSearch.networkPolicy.enabled }} kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: {{ include "ditto-digital-twins.fullname" . }}-thingssearch labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-thingssearch {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: podSelector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-thingssearch app.kubernetes.io/instance: {{ .Release.Name }} policyTypes: - Ingress - Egress ingress: # Allow inner cluster communication - from: - podSelector: matchLabels: actorSystemName: {{ .Values.akka.actorSystemName }} ports: - protocol: TCP port: {{ .Values.akka.remoting.port }} - protocol: TCP port: {{ .Values.akka.mgmthttp.port }} # Open all egress egress: - {} {{- end }} ================================================ FILE: charts/ditto-digital-twins/templates/thingssearch-pdb.yaml ================================================ {{- if and .Values.things.podDisruptionBudget.enabled (gt .Values.things.replicaCount 1.0) -}} apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ include "ditto-digital-twins.fullname" . }}-thingssearch labels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-thingssearch {{ include "ditto-digital-twins.labels" . | indent 4 }} spec: selector: matchLabels: app.kubernetes.io/name: {{ include "ditto-digital-twins.name" . }}-thingssearch app.kubernetes.io/instance: {{ .Release.Name }} minAvailable: {{ .Values.things.podDisruptionBudget.minAvailable }} {{- end }} ================================================ FILE: charts/ditto-digital-twins/values.yaml ================================================ # Default values for ditto-digital-twins. # This is a YAML-formatted file. # Declare variables to be passed into your templates. serviceAccount: ## create controls whether a service account should be created create: true ## name of the service account to use ## If not set and create is true, a name is generated using the fullname template name: rbac: ## enabled controls whether RBAC resources will be created enabled: true nameOverride: "" fullnameOverride: "" ## dbconfig for mongodb connections ## will be handled as k8s secret as connection uri might contain auth credentials dbconfig: concierge: uri: mongodb://ditto-mongodb:27017/concierge ssl: false connectivity: uri: mongodb://ditto-mongodb:27017/connectivity ssl: false things: uri: mongodb://ditto-mongodb:27017/things ssl: false searchDB: uri: mongodb://ditto-mongodb:27017/searchDB ssl: false policies: uri: mongodb://ditto-mongodb:27017/policies ssl: false ## ingress configuration ingress: enabled: false annotations: {} # kubernetes.io/tls-acme: "true" # ingress.kubernetes.io/ssl-redirect: "true" hosts: - host: ditto.example.com paths: [] # - /api # - /ws # - /devops # - /status # - /health # - /apidoc tls: [] # - secretName: ditto-tls # hosts: # - ditto.example.com ## ---------------------------------------------------------------------------- ## global configuration shared by all components global: ## jwtOnly controls whether only OpenID-Connect authentication is supported ## if false, basicAuth is used ## ref: https://www.eclipse.org/ditto/installation-operating.html#openid-connect jwtOnly: false ## timezone timezone: Europe/Berlin ## imagePullSecrets will be added to every deployment imagePullSecrets: [] prometheus: ## enabled controls whether scrape config annotation will be added to pod templates enabled: true ## port where prometheus metrics will be provided port: 9095 ## ---------------------------------------------------------------------------- ## akka actor configuration ## ref: https://doc.akka.io/docs/akka/current/typed/index.html akka: ## actorSystemName actorSystemName: ditto-cluster remoting: ## port for remoting port: 2551 mgmthttp: ## port for http managment port: 8558 ## ---------------------------------------------------------------------------- ## concierge configuration ## ref: https://www.eclipse.org/ditto/architecture-services-concierge.html concierge: ## enabled controls whether Concierge related resources should be created enabled: true ## replicaCount for concierge service replicaCount: 1 ## updateStrategy for concierge service ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 ## additionalLabels on concierge pods additionalLabels: {} ## additionalAnnotations on concierge pods additionalAnnotations: {} image: ## repository for the concierge docker image repository: docker.io/eclipse/ditto-concierge ## tag for the concierge docker image tag: 1.0.0-M3 ## pullPolicy for the concierge docker image pullPolicy: IfNotPresent ## systemProps used to define arbritrary system properties for concierge service ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration systemProps: [] ## extraEnv to add arbritrary environment variable to concierge container extraEnv: [] ## resources for the concierge container resources: {} # requests: # memory: 512Mi # limits: # ## no cpu limit to avoid CFS scheduler limits # ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes # ## cpu: "" # memory: 1Gi ## readinessProbe configuration for concierge ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes readinessProbe: initialDelaySeconds: 45 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 ## livenessProbe configuration for concierge ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes livenessProbe: initialDelaySeconds: 180 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 4 networkPolicy: ## enabled controls whether concierge related NetworkPolicy should be created enabled: true podDisruptionBudget: ## enabled controls whether concierge related PodDisruptionBudget should be created enabled: true ## minAvailable number of replicas during voluntary disruptions minAvailable: 1 ## nodeSelector ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} ## tolerations ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} ## ---------------------------------------------------------------------------- ## connectivity configuration ## ref: https://www.eclipse.org/ditto/architecture-services-connectivity.html connectivity: ## enabled controls whether connectivity related resources should be created enabled: true ## replicaCount for connectivity service replicaCount: 1 ## updateStrategy for connectivity service ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 ## additionalLabels on connectivity pods additionalLabels: {} ## additionalAnnotations on connectivity pods additionalAnnotations: {} image: ## repository for the connectivity docker image repository: docker.io/eclipse/ditto-connectivity ## tag for the connectivity docker image tag: 1.0.0-M3 ## pullPolicy for the connectivity docker image pullPolicy: IfNotPresent ## systemProps used to define arbritrary system properties for connectivity service ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration systemProps: [] ## extraEnv to add arbritrary environment variable to connectivity container extraEnv: [] ## resources for the connectivity container resources: {} # requests: # memory: 512Mi # limits: # ## no cpu limit to avoid CFS scheduler limits # ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes # ## cpu: "" # memory: 1Gi ## readinessProbe configuration for connectivity ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes readinessProbe: initialDelaySeconds: 45 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 ## livenessProbe configuration for connectivity ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes livenessProbe: initialDelaySeconds: 180 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 4 networkPolicy: ## enabled controls whether connectivity related NetworkPolicy should be created enabled: true podDisruptionBudget: ## enabled controls whether connectivity related PodDisruptionBudget should be created enabled: true ## minAvailable number of replicas during voluntary disruptions minAvailable: 1 ## nodeSelector ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} ## tolerations ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} ## ---------------------------------------------------------------------------- ## gateway configuration ## ref: https://www.eclipse.org/ditto/architecture-services-gateway.html gateway: ## enabled controls whether gateway related resources should be created enabled: true ## devopsSecureStatus is used as value for DEVOPS_SECURE_STATUS environment var ## this controls whether /status resource is secured or not devopsSecureStatus: false ## enableDummyAuth is used as value for ENABLE_DUMMY_AUTH environment var enableDummyAuth: true ## devopsPassword will be used for accessing /devops resource (username: devops) ## if not set a random password will be set devopsPassword: ## statusPassword will be used for accessing /status resource (username: devops) ## if not set a random password will be set statusPassword: ## replicaCount for gateway service replicaCount: 1 ## updateStrategy for gateway service ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 ## additionalLabels on gateway pods additionalLabels: {} ## additionalAnnotations on gateway pods additionalAnnotations: {} image: ## repository for the gateway docker image repository: docker.io/eclipse/ditto-gateway ## tag for the gateway docker image tag: 1.0.0-M3 ## pullPolicy for the gateway docker image pullPolicy: IfNotPresent ## systemProps used to define arbritrary system properties for gateway service ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration systemProps: [] ## extraEnv to add arbritrary environment variabled to gateway container extraEnv: [] # - name: LOG_LEVEL_APPLICATION # value: "DEBUG" ## resources for the gateway container resources: {} # requests: # memory: 512Mi # limits: # ## no cpu limit to avoid CFS scheduler limits # ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes # ## cpu: "" # memory: 1Gi ## readinessProbe configuration for gateway ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes readinessProbe: initialDelaySeconds: 45 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 ## livenessProbe configuration for gateway ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes livenessProbe: initialDelaySeconds: 180 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 4 service: ## port number for gateway service port: 8080 ## annotations to add arbritrary annotations to nginx service annotations: {} networkPolicy: ## enabled controls whether gateway related NetworkPolicy should be created enabled: true podDisruptionBudget: ## enabled controls whether gateway related PodDisruptionBudget should be created enabled: true ## minAvailable number of replicas during voluntary disruptions minAvailable: 1 ## nodeSelector ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} ## tolerations ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} ## ---------------------------------------------------------------------------- ## nginx configuration nginx: ## enabled controls whether nginx related resources should be created enabled: true ## replicaCount for nginx replicaCount: 1 ## updateStrategy for nginx ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 ## additionalLabels on nginx pods additionalLabels: {} ## additionalAnnotations on nginx pods additionalAnnotations: {} image: ## repository for the nginx docker image repository: docker.io/nginx ## tag for the nginx docker image tag: 1.17.5-alpine ## pullPolicy for the nginx docker image pullPolicy: IfNotPresent ## extraEnv to add arbritrary environment variables to nginx container extraEnv: [] ## resources for the nginx container resources: {} ## readinessProbe configuration for nginx ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes readinessProbe: {} ## livenessProbe configuration for nginx ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes livenessProbe: {} # rootAccess to control securityContext (necessary when running on Openshift for writing in pod) rootAccess: false service: ## type of the nginx service type: ClusterIP ## port of the nginx service port: 8080 ## annotations to add arbritrary annotations to nginx service annotations: {} ## nodeSelector ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} ## tolerations ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} ## ---------------------------------------------------------------------------- ## policies configuration ## ref: https://www.eclipse.org/ditto/architecture-services-policies.html policies: ## enabled controls whether policies related resources should be created enabled: true ## replicaCount for policies service replicaCount: 1 ## updateStrategy for policies service ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 ## additionalLabels on policies pods additionalLabels: {} ## additionalAnnotations on policies pods additionalAnnotations: {} image: ## repository for the policies docker image repository: docker.io/eclipse/ditto-policies ## tag for the policies docker image tag: 1.0.0-M3 ## pullPolicy for the policies docker image pullPolicy: IfNotPresent ## systemProps used to define arbritrary system properties for policies service ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration systemProps: [] ## extraEnv to add arbritrary environment variable to policies container extraEnv: [] ## resources for the policies container resources: {} # requests: # memory: 512Mi # limits: # ## no cpu limit to avoid CFS scheduler limits # ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes # ## cpu: "" # memory: 1Gi ## readinessProbe configuration for policies ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes readinessProbe: initialDelaySeconds: 45 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 ## livenessProbe configuration for policies ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes livenessProbe: initialDelaySeconds: 180 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 4 networkPolicy: ## enabled controls whether policies related NetworkPolicy should be created enabled: true podDisruptionBudget: ## enabled controls whether policies related PodDisruptionBudget should be created enabled: true ## minAvailable number of replicas during voluntary disruptions minAvailable: 1 ## nodeSelector ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} ## tolerations ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} ## ---------------------------------------------------------------------------- ## swaggerui configuration swaggerui: ## enabled controls whether swagger ui related resources should be created enabled: true ## replicaCount for swagger ui service replicaCount: 1 ## updateStrategy for swagger ui service ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 ## additionalLabels on swagger ui pods additionalLabels: {} ## additionalAnnotations on swagger ui pods additionalAnnotations: {} image: ## repository for the swagger ui docker image repository: docker.io/swaggerapi/swagger-ui ## tag for the swagger ui docker image tag: 3.17.4 ## pullPolicy for the swagger ui docker image pullPolicy: IfNotPresent ## extraEnv to add arbritrary environment variable to swagger ui container extraEnv: [] ## resources for the swagger ui container resources: {} networkPolicy: ## enabled controls whether swagger ui related NetworkPolicy should be created enabled: true podDisruptionBudget: ## enabled controls whether swagger ui related PodDisruptionBudget should be created enabled: true ## minAvailable number of replicas during voluntary disruptions minAvailable: 1 # rootAccess to control securityContext (necessary when running on Openshift for writing in pod) rootAccess: false service: ## port of the swaggerui service port: 8080 ## annotations to add arbritrary annotations to swaggerui service annotations: {} ## ---------------------------------------------------------------------------- ## things configuration ## ref: https://www.eclipse.org/ditto/architecture-services-things.html things: ## enabled controls whether things related resources should be created enabled: true ## replicaCount for things service replicaCount: 1 ## updateStrategy for things service ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 ## additionalLabels on things pods additionalLabels: {} ## additionalAnnotations on things pods additionalAnnotations: {} image: ## repository for the things docker image repository: docker.io/eclipse/ditto-things ## tag for the things docker image tag: 1.0.0-M3 ## pullPolicy for the things docker image pullPolicy: IfNotPresent ## systemProps used to define arbritrary system properties for things service ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration systemProps: [] ## extraEnv to add arbritrary environment variable to things container extraEnv: [] ## resources for the things container resources: {} # requests: # memory: 512Mi # limits: # ## no cpu limit to avoid CFS scheduler limits # ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes # ## cpu: "" # memory: 1Gi ## readinessProbe configuration for things ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes readinessProbe: initialDelaySeconds: 45 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 ## livenessProbe configuration for things ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes livenessProbe: initialDelaySeconds: 180 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 4 networkPolicy: ## enabled controls whether things related NetworkPolicy should be created enabled: true podDisruptionBudget: ## enabled controls whether things related PodDisruptionBudget should be created enabled: true ## minAvailable number of replicas during voluntary disruptions minAvailable: 1 ## nodeSelector ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} ## tolerations ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} ## ---------------------------------------------------------------------------- ## things-search configuration ## ref: https://www.eclipse.org/ditto/architecture-services-things-search.html thingsSearch: ## enabled controls whether things-search related resources should be created enabled: true ## replicaCount for things-search service replicaCount: 1 ## updateStrategy for things-search service ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy updateStrategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 ## additionalLabels on things-search pods additionalLabels: {} ## additionalAnnotations on things-search pods additionalAnnotations: {} image: ## repository for the things-search docker image repository: docker.io/eclipse/ditto-things-search ## tag for the things-search docker image tag: 1.0.0-M3 ## pullPolicy for the things-search docker image pullPolicy: IfNotPresent ## systemProps used to define arbritrary system properties for things-search service ## ref: https://www.eclipse.org/ditto/installation-operating.html#configuration systemProps: [] ## extraEnv to add arbritrary environment variable to things-search container extraEnv: [] ## resources for the things-search container resources: {} # requests: # memory: 512Mi # limits: # ## no cpu limit to avoid CFS scheduler limits # ## ref: https://doc.akka.io/docs/akka/snapshot/additional/deploy.html#in-kubernetes # ## cpu: "" # memory: 1Gi ## readinessProbe configuration for things-search ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes readinessProbe: initialDelaySeconds: 45 periodSeconds: 10 timeoutSeconds: 1 failureThreshold: 3 ## livenessProbe configuration for things-search ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes livenessProbe: initialDelaySeconds: 180 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 4 networkPolicy: ## enabled controls whether things-search related NetworkPolicy should be created enabled: true podDisruptionBudget: ## enabled controls whether things-search related PodDisruptionBudget should be created enabled: true ## minAvailable number of replicas during voluntary disruptions minAvailable: 1 ## nodeSelector ## https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} ## tolerations ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] ## affinity ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity affinity: {} ## ---------------------------------------------------------------------------- ## mongodb dependency chart configuration mongodb: ## enabled controls usage of dependency chart enabled: true fullnameOverride: ditto-mongodb usePassword: false persistence: enabled: false ================================================ FILE: charts/enmasse/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *~ # Various IDEs .project .idea/ *.tmproj .vscode/ ================================================ FILE: charts/enmasse/Chart.yaml ================================================ apiVersion: v1 appVersion: "0.30.1" description: A Helm chart for enmasse name: enmasse version: 0.1.0 home: https://enmasse.io/ sources: - https://github.com/EnMasseProject/enmasse - https://github.com/kiwigrid/helm-charts/tree/master/charts/enmasse maintainers: - name: rpahli email: rico.pahlisch@kiwigrid.com ================================================ FILE: charts/enmasse/ci/test-values.yaml ================================================ enmasse-crd: enabled: true ================================================ FILE: charts/enmasse/requirements.yaml ================================================ dependencies: - name: enmasse-crd version: 0.1.0 repository: https://kiwigrid.github.io/ condition: enmasse-crd.enabled ================================================ FILE: charts/enmasse/templates/NOTES.txt ================================================ ================================================ FILE: charts/enmasse/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "enmasse.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "enmasse.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "enmasse.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Common labels */}} {{- define "enmasse.labels" -}} app.kubernetes.io/name: {{ include "enmasse.name" . }} helm.sh/chart: {{ include "enmasse.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* Create the name of the service account to use */}} {{- define "enmasse.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} {{ default (include "enmasse.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} ================================================ FILE: charts/enmasse/templates/api-server-cert-secret.yaml ================================================ {{- $cn := printf "%s.%s.svc.cluster.local" ( include "enmasse.fullname" . ) .Release.Namespace }} {{- $ca := genCA "enmasse" 3650 -}} {{- $cert := genSignedCert $cn nil nil 3650 $ca }} kind: Secret apiVersion: v1 metadata: name: {{ include "enmasse.fullname" . }}-api-server-cert labels: {{ include "enmasse.labels" . | indent 4 }} type: kubernetes.io/tls data: tls.crt: {{ b64enc $cert.Cert }} tls.key: {{ b64enc $cert.Key }} ================================================ FILE: charts/enmasse/templates/api-service-v1alpha1-enmasse-io.yaml ================================================ apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: name: v1alpha1.enmasse.io labels: {{ include "enmasse.labels" . | indent 4 }} name: v1alpha1.enmasse.io spec: group: enmasse.io groupPriorityMinimum: 1000 insecureSkipTLSVerify: true service: name: {{ include "enmasse.fullname" . }}-api-server namespace: {{.Release.Namespace}} version: v1alpha1 versionPriority: 15 ================================================ FILE: charts/enmasse/templates/api-service-v1alpha1-user-enmasse-io.yaml ================================================ apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: labels: {{ include "enmasse.labels" . | indent 4 }} name: v1alpha1.user.enmasse.io spec: group: user.enmasse.io groupPriorityMinimum: 1000 insecureSkipTLSVerify: true service: name: {{ include "enmasse.fullname" . }}-api-server namespace: {{.Release.Namespace}} version: v1alpha1 versionPriority: 15 ================================================ FILE: charts/enmasse/templates/api-service-v1beta1-enmasse-io.yaml ================================================ apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: labels: {{ include "enmasse.labels" . | indent 4 }} name: v1beta1.enmasse.io spec: group: enmasse.io groupPriorityMinimum: 1000 insecureSkipTLSVerify: true service: name: {{ include "enmasse.fullname" . }}-api-server namespace: {{.Release.Namespace}} version: v1beta1 versionPriority: 15 ================================================ FILE: charts/enmasse/templates/api-service-v1beta1-user-enmasse-io.yaml ================================================ apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: labels: {{ include "enmasse.labels" . | indent 4 }} name: v1beta1.user.enmasse.io spec: group: user.enmasse.io groupPriorityMinimum: 1000 insecureSkipTLSVerify: true service: name: {{ include "enmasse.fullname" . }}-api-server namespace: {{.Release.Namespace}} version: v1beta1 versionPriority: 15 ================================================ FILE: charts/enmasse/templates/cluster-role-api-server.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "enmasse.fullname" . }}-api-server labels: {{ include "enmasse.labels" . | indent 4 }} rules: - apiGroups: [ "authentication.k8s.io" ] resources: [ "tokenreviews" ] verbs: [ "create" ] - apiGroups: [ "authorization.k8s.io" ] resources: [ "subjectaccessreviews" ] verbs: [ "create" ] - apiGroups: [ "" ] resources: [ "configmaps" ] resourceNames: [ "extension-apiserver-authentication" ] verbs: [ "get" ] {{- end }} ================================================ FILE: charts/enmasse/templates/cluster-role-binding-api-server.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "enmasse.fullname" . }}-api-server labels: {{ include "enmasse.labels" . | indent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ include "enmasse.fullname" . }}-api-server subjects: - kind: ServiceAccount name: {{ include "enmasse.fullname" . }}-api-server namespace: {{.Release.Namespace}} {{- end }} ================================================ FILE: charts/enmasse/templates/cluster-role-binding-enmasse-operator.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "enmasse.fullname" . }}-operator labels: {{ include "enmasse.labels" . | indent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ include "enmasse.fullname" . }}-operator subjects: - kind: ServiceAccount name: {{ include "enmasse.fullname" . }}-operator namespace: {{.Release.Namespace}} {{- end }} ================================================ FILE: charts/enmasse/templates/cluster-role-binding-standard-authservice.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "enmasse.fullname" . }}-standard-authservice labels: {{ include "enmasse.labels" . | indent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ include "enmasse.fullname" . }}-standard-authservice subjects: - kind: ServiceAccount name: {{ include "enmasse.fullname" . }}-standard-authservice namespace: {{.Release.Namespace}} {{- end }} ================================================ FILE: charts/enmasse/templates/cluster-role-enmasse-operator.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "enmasse.fullname" . }}-operator labels: {{ include "enmasse.labels" . | indent 4 }} rules: - apiGroups: [ "oauth.openshift.io" ] resources: [ "oauthclients" ] verbs: [ "create", "get", "update", "list", "watch" ] {{- end }} ================================================ FILE: charts/enmasse/templates/cluster-role-standard-authservice.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "enmasse.fullname" . }}-standard-authservice labels: {{ include "enmasse.labels" . | indent 4 }} rules: - apiGroups: [ "authentication.k8s.io" ] resources: [ "tokenreviews" ] verbs: [ "create" ] {{- end }} ================================================ FILE: charts/enmasse/templates/deployment-address-space-controller.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: labels: {{ include "enmasse.labels" . | indent 4 }} name: {{ include "enmasse.fullname" . }}-address-space-controller spec: replicas: {{ .Values.addressSpaceController.replicaCount }} strategy: type: Recreate selector: matchLabels: app.kubernetes.io/name: {{ include "enmasse.fullname" . }}-address-space-controller app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "enmasse.fullname" . }}-address-space-controller app.kubernetes.io/instance: {{ .Release.Name }} {{- with .Values.addressSpaceController.annotations }} annotations: {{ toYaml . | indent 8 }} {{- end }} spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: node-role.enmasse.io/operator-infra operator: In values: - "true" containers: - env: - name: EXPOSE_ENDPOINTS_BY_DEFAULT valueFrom: configMapKeyRef: key: exposeEndpointsByDefault name: address-space-controller-config optional: true - name: ENVIRONMENT valueFrom: configMapKeyRef: key: environment name: address-space-controller-config optional: true - name: TEMPLATE_DIR value: /opt/templates - name: RESOURCES_DIR value: /opt - name: STANDARD_AUTHSERVICE_CONFIG_NAME value: keycloak-config - name: STANDARD_AUTHSERVICE_CREDENTIALS_SECRET_NAME value: keycloak-credentials - name: STANDARD_AUTHSERVICE_CERT_SECRET_NAME value: standard-authservice-cert - name: WILDCARD_ENDPOINT_CERT_SECRET valueFrom: configMapKeyRef: key: wildcardEndpointCertSecret name: address-space-controller-config optional: true - name: RESYNC_INTERVAL valueFrom: configMapKeyRef: key: resyncInterval name: address-space-controller-config optional: true - name: RECHECK_INTERVAL valueFrom: configMapKeyRef: key: recheckInterval name: address-space-controller-config optional: true {{- if .Values.addressSpaceController.configEnv }} {{- toYaml .Values.addressSpaceController.configEnv | nindent 8 }} {{- end }} image: "{{ .Values.addressSpaceController.image.repository }}:{{ .Values.addressSpaceController.image.tag }}" imagePullPolicy: {{ .Values.addressSpaceController.image.pullPolicy }} livenessProbe: httpGet: path: /healthz port: http scheme: HTTP name: address-space-controller ports: - containerPort: 8080 name: http readinessProbe: httpGet: path: /healthz port: http scheme: HTTP resources: {{ toYaml .Values.addressSpaceController.resources | indent 10 }} {{- if .Values.rbac.enabled }} serviceAccountName: {{ include "enmasse.fullname" . }}-address-space-controller {{- end }} ================================================ FILE: charts/enmasse/templates/deployment-api-server.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: labels: {{ include "enmasse.labels" . | indent 4 }} name: {{ include "enmasse.fullname" . }}-api-server spec: replicas: {{ .Values.apiServer.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "enmasse.fullname" . }}-api-server app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "enmasse.fullname" . }}-api-server app.kubernetes.io/instance: {{ .Release.Name }} {{- with .Values.apiServer.annotations }} annotations: {{ toYaml . | indent 8 }} {{- end }} spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: node-role.enmasse.io/operator-infra operator: In values: - "true" containers: - env: - name: JAVA_OPTS value: -verbose:gc -Xlog:gc* - name: CERT_DIR value: /api-server-cert - name: ENABLE_RBAC value: "true" - name: APISERVER_CLIENT_CA_CONFIG_NAME value: extension-apiserver-authentication - name: APISERVER_CLIENT_CA_CONFIG_NAMESPACE value: kube-system - name: APISERVER_ROUTE_NAME value: restapi image: "{{ .Values.apiServer.image.repository }}:{{ .Values.apiServer.image.tag }}" imagePullPolicy: {{ .Values.apiServer.image.pullPolicy }} livenessProbe: httpGet: path: /healthz port: http scheme: HTTP initialDelaySeconds: 60 name: api-server ports: - containerPort: 8080 name: http - containerPort: 8443 name: https readinessProbe: httpGet: path: /healthz port: http scheme: HTTP resources: {{ toYaml .Values.apiServer.resources | indent 10 }} volumeMounts: - mountPath: /api-server-cert name: api-server-cert readOnly: true {{- if .Values.rbac.enabled }} serviceAccountName: {{ include "enmasse.fullname" . }}-api-server {{- end }} volumes: - name: api-server-cert secret: secretName: {{ include "enmasse.fullname" . }}-api-server-cert ================================================ FILE: charts/enmasse/templates/deployment-enmasse-operator.yaml ================================================ kind: Deployment apiVersion: apps/v1 metadata: name: {{ include "enmasse.fullname" . }}-operator labels: {{ include "enmasse.labels" . | indent 4 }} spec: replicas: {{ .Values.operator.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "enmasse.fullname" . }}-operator app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "enmasse.fullname" . }}-operator app.kubernetes.io/instance: {{ .Release.Name }} {{- with .Values.operator.annotations }} annotations: {{ toYaml . | indent 8 }} {{- end }} spec: affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 preference: matchExpressions: - key: node-role.enmasse.io/operator-infra operator: In values: - "true" {{- if .Values.rbac.enabled }} serviceAccountName: {{ include "enmasse.fullname" . }}-operator {{- end }} containers: - name: controller image: "{{ .Values.operator.image.repository }}:{{ .Values.operator.image.tag }}" imagePullPolicy: {{ .Values.operator.image.pullPolicy }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace {{- if .Values.operator.configEnv }} {{- toYaml .Values.operator.configEnv | nindent 8 }} {{- end }} resources: {{ toYaml .Values.operator.resources | indent 10 }} ================================================ FILE: charts/enmasse/templates/role-address-space-admin.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "enmasse.fullname" . }}-address-space-admin labels: {{ include "enmasse.labels" . | indent 4 }} rules: - apiGroups: [ "admin.enmasse.io" ] resources: [ "addressplans", "addressspaceplans", "brokeredinfraconfigs", "standardinfraconfigs", "authenticationservices", "consoleservices"] verbs: [ "get", "list", "watch" ] - apiGroups: [ "" ] resources: [ "pods", "secrets" ] verbs: [ "get", "list", "watch" ] - apiGroups: [ "" ] resources: [ "configmaps", "configmaps/finalizers" ] verbs: [ "create", "update", "patch", "get", "list", "watch", "delete" ] - apiGroups: [ "" ] resources: [ "events" ] verbs: [ "create", "update", "patch", "get", "list" ] - apiGroups: [ "" ] resources: [ "persistentvolumeclaims", "services" ] verbs: [ "create", "update", "patch", "get", "list", "delete" ] - apiGroups: [ "apps" ] resources: [ "statefulsets", "deployments" ] verbs: [ "create", "update", "patch", "get", "list", "delete" ] {{- end }} ================================================ FILE: charts/enmasse/templates/role-address-space-controller.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "enmasse.fullname" . }}-address-space-controller labels: {{ include "enmasse.labels" . | indent 4 }} rules: - apiGroups: [ "admin.enmasse.io" ] resources: [ "addressplans", "addressspaceplans", "brokeredinfraconfigs", "standardinfraconfigs", "authenticationservices", "consoleservices"] verbs: [ "get", "list", "watch" ] - apiGroups: [ "" ] resources: [ "pods" ] verbs: [ "get", "list", "patch", "update" ] - apiGroups: [ "" ] resources: [ "configmaps", "configmaps/finalizers" ] verbs: [ "create", "update", "patch", "get", "list", "watch", "delete" ] - apiGroups: [ "" ] resources: [ "events" ] verbs: [ "create", "update", "patch", "get", "list" ] - apiGroups: [ "" ] resources: [ "services", "secrets", "persistentvolumeclaims" ] verbs: [ "create", "update", "patch", "get", "list", "delete" ] - apiGroups: [ "networking.k8s.io", "extensions" ] resources: [ "networkpolicies" ] verbs: [ "create", "update", "patch", "get", "list", "delete" ] - apiGroups: [ "route.openshift.io", "" ] resources: [ "routes", "routes/custom-host", "routes/status" ] verbs: [ "create", "update", "patch", "get", "list", "delete" ] - apiGroups: [ "apps", "extensions" ] resources: [ "statefulsets", "deployments", "replicasets" ] verbs: [ "create", "update", "patch", "get", "list", "delete" ] {{- end }} ================================================ FILE: charts/enmasse/templates/role-api-server.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "enmasse.fullname" . }}-api-server labels: {{ include "enmasse.labels" . | indent 4 }} rules: - apiGroups: [ "" ] resources: [ "services", "secrets" ] verbs: [ "get", "list", "watch" ] - apiGroups: [ "" ] resources: [ "configmaps", "configmaps/finalizers" ] verbs: [ "create", "update", "patch", "get", "list", "watch", "delete" ] - apiGroups: [ "admin.enmasse.io" ] resources: [ "addressspaceplans", "addressplans", "standardinfraconfigs", "brokeredinfraconfigs", "authenticationservices", "consoleservices"] verbs: [ "get", "list", "watch" ] {{- end }} ================================================ FILE: charts/enmasse/templates/role-binding-address-space-admin.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "enmasse.fullname" . }}-address-space-admin labels: {{ include "enmasse.labels" . | indent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ include "enmasse.fullname" . }}-address-space-admin subjects: - kind: ServiceAccount name: address-space-admin namespace: {{.Release.Namespace}} {{- end }} ================================================ FILE: charts/enmasse/templates/role-binding-address-space-controller.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "enmasse.fullname" . }}-address-space-controller labels: {{ include "enmasse.labels" . | indent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ include "enmasse.fullname" . }}-address-space-controller subjects: - kind: ServiceAccount name: {{ include "enmasse.fullname" . }}-address-space-controller namespace: {{.Release.Namespace}} {{- end }} ================================================ FILE: charts/enmasse/templates/role-binding-api-server.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "enmasse.fullname" . }}-api-server labels: {{ include "enmasse.labels" . | indent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ include "enmasse.fullname" . }}-api-server subjects: - kind: ServiceAccount name: {{ include "enmasse.fullname" . }}-api-server namespace: {{.Release.Namespace}} {{- end }} ================================================ FILE: charts/enmasse/templates/role-binding-enmasse-operator.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "enmasse.fullname" . }}-operator labels: {{ include "enmasse.labels" . | indent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: {{ include "enmasse.fullname" . }}-operator subjects: - kind: ServiceAccount name: {{ include "enmasse.fullname" . }}-operator namespace: {{.Release.Namespace}} {{- end }} ================================================ FILE: charts/enmasse/templates/role-enmasse-operator.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "enmasse.fullname" . }}-operator labels: {{ include "enmasse.labels" . | indent 4 }} rules: - apiGroups: [ "apps" ] resources: [ "deployments" ] verbs: [ "get", "list", "watch", "update", "create", "patch", "delete" ] - apiGroups: [ "" ] resources: [ "configmaps", "secrets", "persistentvolumeclaims", "services" ] verbs: [ "get", "list", "watch", "update", "create", "patch", "delete" ] - apiGroups: [ "", "route.openshift.io" ] resources: [ "routes", "routes/custom-host", "routes/status"] verbs: [ "create", "update", "patch", "get", "list", "watch", "delete" ] - apiGroups: [ "apps.openshift.io" ] resources: [ "deploymentconfigs"] verbs: [ "get", "list", "watch" ] - apiGroups: [ "admin.enmasse.io" ] resources: [ "authenticationservices", "authenticationservices/finalizers", "consoleservices", "consoleservices/finalizers" ] verbs: [ "get", "list", "watch", "update", "create", "patch" ] - apiGroups: [ "iot.enmasse.io" ] resources: [ "iotconfigs", "iotconfigs/finalizers", "iotconfigs/status" ] verbs: [ "get", "list", "watch", "update", "create", "patch" ] {{- end }} ================================================ FILE: charts/enmasse/templates/service-account-address-space-admin.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: address-space-admin labels: {{ include "enmasse.labels" . | indent 4 }} {{- end }} ================================================ FILE: charts/enmasse/templates/service-account-address-space-controller.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "enmasse.fullname" . }}-address-space-controller labels: {{ include "enmasse.labels" . | indent 4 }} {{- end }} ================================================ FILE: charts/enmasse/templates/service-account-api-server.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "enmasse.fullname" . }}-api-server labels: {{ include "enmasse.labels" . | indent 4 }} {{- end }} ================================================ FILE: charts/enmasse/templates/service-account-enmasse-operator.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "enmasse.fullname" . }}-operator labels: {{ include "enmasse.labels" . | indent 4 }} {{- end }} ================================================ FILE: charts/enmasse/templates/service-account-standard-authservice.yaml ================================================ {{- if .Values.rbac.enabled }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "enmasse.fullname" . }}-standard-authservice labels: {{ include "enmasse.labels" . | indent 4 }} {{- end }} ================================================ FILE: charts/enmasse/templates/service-address-space-controller.yaml ================================================ apiVersion: v1 kind: Service metadata: name: {{ include "enmasse.fullname" . }}-address-space-controller labels: {{ include "enmasse.labels" . | indent 4 }} {{- with .Values.addressSpaceController.service.annotations }} annotations: {{ toYaml . | indent 4 }} {{- end }} spec: ports: - name: health port: 8080 protocol: TCP targetPort: http selector: app.kubernetes.io/name: {{ include "enmasse.fullname" . }}-address-space-controller app.kubernetes.io/instance: {{ .Release.Name }} type: ClusterIP ================================================ FILE: charts/enmasse/templates/service-api-server.yaml ================================================ apiVersion: v1 kind: Service metadata: name: {{ include "enmasse.fullname" . }}-api-server labels: {{ include "enmasse.labels" . | indent 4 }} annotations: service.alpha.openshift.io/serving-cert-secret-name: {{ include "enmasse.fullname" . }}-api-server-cert {{- with .Values.apiServer.service.annotations }} {{ toYaml .Values.apiServer.service.annotations | nindent 4 }} {{- end }} spec: ports: - name: https port: 443 protocol: TCP targetPort: https - name: health port: 8080 protocol: TCP targetPort: http selector: app.kubernetes.io/name: {{ include "enmasse.fullname" . }}-api-server app.kubernetes.io/instance: {{ .Release.Name }} type: ClusterIP ================================================ FILE: charts/enmasse/values.yaml ================================================ # Default values for enmasse. # This is a YAML-formatted file. # Declare variables to be passed into your templates. enmasse-crd: enabled: false rbac: enabled: true operator: replicaCount: 1 image: repository: quay.io/enmasse/controller-manager tag: 0.30.1 pullPolicy: IfNotPresent annotations: configEnv: - name: OPERATOR_NAME value: "enmasse-operator" - name: IMAGE_PULL_POLICY value: "IfNotPresent" - name: CONTROLLER_DISABLE_ALL value: "true" - name: CONTROLLER_ENABLE_IOT_CONFIG value: "true" - name: CONTROLLER_ENABLE_AUTHENTICATION_SERVICE value: "true" - name: CONTROLLER_MANAGER_IMAGE value: quay.io/enmasse/controller-manager:0.30.1 - name: IOT_AUTH_SERVICE_IMAGE value: quay.io/enmasse/iot-auth-service:0.30.1 - name: IOT_DEVICE_REGISTRY_FILE_IMAGE value: quay.io/enmasse/iot-device-registry-file:0.30.1 - name: IOT_DEVICE_REGISTRY_INFINISPAN_IMAGE value: quay.io/enmasse/iot-device-registry-infinispan:0.30.1 - name: IOT_GC_IMAGE value: - name: IOT_HTTP_ADAPTER_IMAGE value: quay.io/enmasse/iot-http-adapter:0.30.1 - name: IOT_MQTT_ADAPTER_IMAGE value: quay.io/enmasse/iot-mqtt-adapter:0.30.1 - name: IOT_LORAWAN_ADAPTER_IMAGE value: quay.io/enmasse/iot-lorawan-adapter:0.30.1 - name: IOT_SIGFOX_ADAPTER_IMAGE value: quay.io/enmasse/iot-sigfox-adapter:0.30.1 - name: IOT_TENANT_SERVICE_IMAGE value: quay.io/enmasse/iot-tenant-service:0.30.1 - name: IOT_PROXY_CONFIGURATOR_IMAGE value: quay.io/enmasse/iot-proxy-configurator:0.30.1 - name: ROUTER_IMAGE value: quay.io/interconnectedcloud/qdrouterd:1.9.0 - name: NONE_AUTHSERVICE_IMAGE value: quay.io/enmasse/none-authservice:0.30.1 - name: KEYCLOAK_IMAGE value: quay.io/enmasse/keycloak-openshift:4.8.3.Final - name: KEYCLOAK_PLUGIN_IMAGE value: quay.io/enmasse/keycloak-plugin:0.30.1 - name: CONTROLLER_ENABLE_CONSOLE_SERVICE value: "true" - name: CONSOLE_INIT_IMAGE value: "quay.io/enmasse/console-init:0.30.1" - name: CONSOLE_PROXY_OPENSHIFT_IMAGE value: "openshift/oauth-proxy:latest" - name: CONSOLE_PROXY_KUBERNETES_IMAGE value: "quay.io/pusher/oauth2_proxy:latest" - name: CONSOLE_HTTPD_IMAGE value: "quay.io/enmasse/console-httpd:0.30.1" resources: {} apiServer: replicaCount: 1 image: repository: quay.io/enmasse/api-server tag: 0.30.1 pullPolicy: IfNotPresent annotations: service: annotations: {} resources: {} addressSpaceController: replicaCount: 1 image: repository: quay.io/enmasse/address-space-controller tag: 0.30.1 pullPolicy: IfNotPresent annotations: service: annotations: {} configEnv: - name: JAVA_OPTS value: -verbose:gc - name: ENABLE_EVENT_LOGGER value: "true" - name: IMAGE_PULL_POLICY value: IfNotPresent - name: ROUTER_IMAGE value: quay.io/interconnectedcloud/qdrouterd:1.9.0 - name: STANDARD_CONTROLLER_IMAGE value: quay.io/enmasse/standard-controller:0.30.1 - name: AGENT_IMAGE value: quay.io/enmasse/agent:0.30.1 - name: BROKER_IMAGE value: quay.io/enmasse/artemis-base:2.10.1 - name: BROKER_PLUGIN_IMAGE value: quay.io/enmasse/broker-plugin:0.30.1 - name: TOPIC_FORWARDER_IMAGE value: quay.io/enmasse/topic-forwarder:0.30.1 - name: MQTT_GATEWAY_IMAGE value: quay.io/enmasse/mqtt-gateway:0.30.1 - name: MQTT_LWT_IMAGE value: quay.io/enmasse/mqtt-lwt:0.30.1 resources: {} imagePullSecrets: [] nameOverride: "" fullnameOverride: "" ================================================ FILE: charts/enmasse-crd/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *~ # Various IDEs .project .idea/ *.tmproj .vscode/ ================================================ FILE: charts/enmasse-crd/Chart.yaml ================================================ apiVersion: v1 appVersion: "0.30.1" description: A Helm chart for enmasse CRD's name: enmasse-crd version: 0.1.0 home: https://enmasse.io/ sources: - https://github.com/EnMasseProject/enmasse - https://github.com/kiwigrid/helm-charts/tree/master/charts/enmasse-crd maintainers: - name: rpahli email: rico.pahlisch@kiwigrid.com ================================================ FILE: charts/enmasse-crd/templates/NOTES.txt ================================================ Enmasse CRD's successful installed ================================================ FILE: charts/enmasse-crd/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "enmasse-crd.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "enmasse-crd.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "enmasse-crd.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Common labels */}} {{- define "enmasse-crd.labels" -}} app.kubernetes.io/name: {{ include "enmasse-crd.name" . }} helm.sh/chart: {{ include "enmasse-crd.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} {{/* Create the name of the service account to use */}} {{- define "enmasse-crd.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} {{ default (include "enmasse-crd.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} ================================================ FILE: charts/enmasse-crd/templates/addressplans.crd.yaml ================================================ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: addressplans.admin.enmasse.io labels: {{ include "enmasse-crd.labels" . | indent 4 }} spec: group: admin.enmasse.io version: v1beta2 scope: Namespaced names: kind: AddressPlan listKind: AddressPlanList singular: addressplan plural: addressplans versions: - name: v1beta2 served: true storage: true - name: v1beta1 served: true storage: false - name: v1alpha1 served: true storage: false validation: openAPIV3Schema: properties: spec: type: object required: - addressType - resources properties: displayName: type: string displayOrder: type: integer shortDescription: type: string longDescription: type: string addressType: type: string partitions: type: integer resources: type: object properties: router: type: number broker: type: number displayName: type: string displayOrder: type: integer shortDescription: type: string longDescription: type: string uuid: type: string addressType: type: string requiredResources: type: array items: type: object required: - name - credit properties: name: type: string credit: type: number ================================================ FILE: charts/enmasse-crd/templates/addressspaceplans.crd.yaml ================================================ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: addressspaceplans.admin.enmasse.io labels: {{ include "enmasse-crd.labels" . | indent 4 }} spec: group: admin.enmasse.io version: v1beta2 scope: Namespaced names: kind: AddressSpacePlan listKind: AddressSpacePlanList singular: addressspaceplan plural: addressspaceplans versions: - name: v1beta2 served: true storage: true - name: v1beta1 served: true storage: false - name: v1alpha1 served: true storage: false validation: openAPIV3Schema: properties: spec: type: object required: - addressSpaceType - resourceLimits - addressPlans - infraConfigRef properties: displayName: type: string displayOrder: type: integer shortDescription: type: string longDescription: type: string addressSpaceType: type: string infraConfigRef: type: string resourceLimits: type: object properties: aggregate: type: number router: type: number broker: type: number addressPlans: type: array items: type: string displayName: type: string displayOrder: type: integer shortDescription: type: string longDescription: type: string uuid: type: string addressSpaceType: type: string resources: type: array items: type: object required: - name - max properties: name: type: string max: type: number addressPlans: type: array items: type: string ================================================ FILE: charts/enmasse-crd/templates/authenticationservices.crd.yaml ================================================ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: authenticationservices.admin.enmasse.io labels: {{ include "enmasse-crd.labels" . | indent 4 }} spec: group: admin.enmasse.io version: v1beta1 scope: Namespaced names: kind: AuthenticationService listKind: AuthenticationServiceList singular: authenticationservice plural: authenticationservices validation: openAPIV3Schema: properties: spec: type: object properties: type: type: string enum: - none - standard - external realm: type: string none: type: object properties: certificateSecret: type: object properties: name: type: string namespace: type: string image: type: object properties: name: type: string pullPolicy: type: string resources: type: object properties: requests: type: object properties: cpu: type: string memory: type: string limits: type: object properties: cpu: type: string memory: type: string standard: type: object properties: certificateSecret: type: object properties: name: type: string namespace: type: string credentialsSecret: type: object properties: name: type: string namespace: type: string initImage: type: object properties: name: type: string pullPolicy: type: string jvmOptions: type: string image: type: object properties: name: type: string pullPolicy: type: string deploymentName: type: string serviceName: type: string routeName: type: string storage: type: object required: - type properties: type: type: string enum: - ephemeral - persistent-claim class: type: string size: type: string claimName: type: string deleteClaim: type: boolean resources: type: object properties: requests: type: object properties: cpu: type: string memory: type: string limits: type: object properties: cpu: type: string memory: type: string datasource: type: object required: - type properties: type: type: string host: type: string port: type: integer database: type: string credentialsSecret: type: object properties: name: type: string namespace: type: string external: type: object required: - host - port properties: allowOverride: type: boolean host: type: string port: type: integer caCertSecret: type: object properties: name: type: string namespace: type: string clientCertSecret: type: object properties: name: type: string namespace: type: string status: type: object properties: host: type: string port: type: integer ================================================ FILE: charts/enmasse-crd/templates/brokeredinfraconfigs.crd.yaml ================================================ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: brokeredinfraconfigs.admin.enmasse.io labels: {{ include "enmasse-crd.labels" . | indent 4 }} spec: group: admin.enmasse.io version: v1beta1 scope: Namespaced names: kind: BrokeredInfraConfig listKind: BrokeredInfraConfigList singular: brokeredinfraconfig plural: brokeredinfraconfigs versions: - name: v1beta1 served: true storage: true - name: v1alpha1 served: true storage: false validation: openAPIV3Schema: properties: spec: type: object properties: version: type: string networkPolicy: type: object properties: ingress: type: array egress: type: array admin: type: object properties: podTemplate: type: object properties: metadata: type: object properties: labels: type: object spec: type: object properties: affinity: type: object tolerations: type: array items: type: object priorityClassName: type: string containers: type: array items: type: object properties: resources: type: object resources: type: object properties: memory: type: string broker: type: object properties: podTemplate: type: object properties: metadata: type: object properties: labels: type: object spec: type: object properties: affinity: type: object tolerations: type: array priorityClassName: type: string resources: type: object resources: type: object properties: memory: type: string storage: type: string addressFullPolicy: type: string enum: - PAGE - BLOCK - FAIL - DROP storageClassName: type: string updatePersistentVolumeClaim: type: boolean ================================================ FILE: charts/enmasse-crd/templates/consoleservices.crd.yaml ================================================ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: consoleservices.admin.enmasse.io labels: {{ include "enmasse-crd.labels" . | indent 4 }} spec: group: admin.enmasse.io version: v1beta1 scope: Namespaced names: kind: ConsoleService listKind: ConsoleServiceList singular: consoleservice plural: consoleservices validation: openAPIV3Schema: properties: spec: type: object properties: discoveryMetadataURL: type: string certificateSecret: type: object properties: name: type: string namespace: type: string oauthClientSecret: type: object properties: name: type: string namespace: type: string ssoCookieSecret: type: object properties: name: type: string namespace: type: string ssoCookieDomain: type: string scope: type: string host: type: string status: type: object properties: host: type: string port: type: integer caCertSecret: type: object properties: name: type: string ================================================ FILE: charts/enmasse-crd/templates/iotconfigs.crd.yaml ================================================ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: iotconfigs.iot.enmasse.io labels: {{ include "enmasse-crd.labels" . | indent 4 }} spec: group: iot.enmasse.io version: v1alpha1 scope: Namespaced names: kind: IoTConfig plural: iotconfigs singular: iotconfig shortNames: - icfg additionalPrinterColumns: - name: Phase type: string description: Phase of the IoT config JSONPath: .status.phase subresources: status: {} ================================================ FILE: charts/enmasse-crd/templates/iotprojects.crd.yaml ================================================ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: iotprojects.iot.enmasse.io labels: {{ include "enmasse-crd.labels" . | indent 4 }} enmasse-component: iot spec: group: iot.enmasse.io version: v1alpha1 scope: Namespaced names: kind: IoTProject plural: iotprojects singular: iotproject shortNames: - itp additionalPrinterColumns: - name: IoT tenant type: string description: The name of the IoT tenant JSONPath: .status.tenantName - name: Downstream Host type: string description: The endpoint host name JSONPath: .status.downstreamEndpoint.host - name: Downstream Port type: integer description: The endpoint port number JSONPath: .status.downstreamEndpoint.port - name: TLS type: boolean description: If TLS is enabled JSONPath: .status.downstreamEndpoint.tls - name: Phase type: string description: Phase of the IoT project JSONPath: .status.phase subresources: status: {} ================================================ FILE: charts/enmasse-crd/templates/standardinfraconfigs.crd.yaml ================================================ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: standardinfraconfigs.admin.enmasse.io labels: {{ include "enmasse-crd.labels" . | indent 4 }} spec: group: admin.enmasse.io version: v1beta1 scope: Namespaced names: kind: StandardInfraConfig listKind: StandardInfraConfigList singular: standardinfraconfig plural: standardinfraconfigs versions: - name: v1beta1 served: true storage: true - name: v1alpha1 served: true storage: false validation: openAPIV3Schema: properties: spec: type: object properties: version: type: string networkPolicy: type: object properties: ingress: type: array egress: type: array admin: type: object properties: resources: type: object properties: memory: type: string podTemplate: type: object properties: metadata: type: object properties: labels: type: object spec: type: object properties: affinity: type: object tolerations: type: array items: type: object priorityClassName: type: string containers: type: array items: type: object properties: resources: type: object broker: type: object properties: podTemplate: type: object properties: metadata: type: object properties: labels: type: object spec: type: object properties: affinity: type: object tolerations: type: array priorityClassName: type: string resources: type: object resources: type: object properties: memory: type: string storage: type: string addressFullPolicy: type: string enum: - PAGE - BLOCK - FAIL - DROP storageClassName: type: string updatePersistentVolumeClaim: type: boolean connectorIdleTimeout: type: integer connectorWorkerThreads: type: integer router: type: object properties: podTemplate: type: object properties: metadata: type: object properties: labels: type: object spec: type: object properties: affinity: type: object tolerations: type: array priorityClassName: type: string resources: type: object resources: type: object properties: memory: type: string minReplicas: type: integer linkCapacity: type: integer idleTimeout: type: integer workerThreads: type: integer policy: type: object properties: maxConnections: type: integer maxConnectionsPerUser: type: integer maxConnectionsPerHost: type: integer maxSessionsPerConnection: type: integer maxSendersPerConnection: type: integer maxReceiversPerConnection: type: integer ================================================ FILE: charts/enmasse-crd/values.yaml ================================================ ================================================ FILE: charts/error-pages/.helmignore ================================================ # Patterns to ignore when building packages. # This supports shell glob matching, relative path matching, and # negation (prefixed with !). Only one pattern per line. .DS_Store # Common VCS dirs .git/ .gitignore .bzr/ .bzrignore .hg/ .hgignore .svn/ # Common backup files *.swp *.bak *.tmp *~ # Various IDEs .project .idea/ *.tmproj .vscode/ ================================================ FILE: charts/error-pages/Chart.yaml ================================================ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes error pages for traefik name: error-pages version: 1.0.0 home: https://github.com/kiwigrid/helm-charts sources: - https://github.com/kiwigrid/helm-charts maintainers: - name: rpahli email: rico.pahlisch@kiwigrid.com ================================================ FILE: charts/error-pages/README.md ================================================ # Global Error Pages ## Introduction This chart installs a controller for [Traefik](https://traefik.io/) global [error pages](https://docs.traefik.io/configuration/backends/kubernetes/#global-default-backend-ingresses). This service creates a global ingress rule which match all unmatched ingress rules. You can use any container you want. The container must expose the error page at the `/` path. The only error which is handled by traefik over this service by default is the `404` error. ## Prerequisites - Has been tested on Kubernetes 1.11+ ## Installing the Chart To install the chart with the release name `error-pages`, run the following command: ```bash $ helm install kiwigrid/error-pages --name error-pages --values=my-values.yaml ``` ## Uninstalling the Chart To uninstall/delete the `error-pages` deployment: ```bash $ helm delete error-pages ``` The command removes all the Kubernetes components associated with the chart and deletes the release. > **Tip**: To completely remove the release, run `helm delete --purge error-pages` ## Configuration The following table lists the configurable parameters of the error-pages chart and their default values. | Parameter | Description | Default | | ------------------------------------------ | ----------------------------------------- | ---------------------------------- | | `replicaCount` | replica count | `1`| | `updateStrategy` | Deployment update strategy | `type: RollingUpdate` | | `image.repository` | Docker image repo | `guillaumebriday/traefik-custom-error-pages`| | `image.tag` | Docker image tag | `latest`| | `image.pullPolicy` | Docker image pull policy| `IfNotPresent`| | `resources` | Resources | `{}`| | `nodeSelector` | NodeSelector | `{}`| | `tolerations` | Tolerations | `[]`| | `affinity` | Affinity | `{}`| Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: ```bash $ helm install --name error-pages --set ingress.enabled=false kiwigrid/error-pages ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. ================================================ FILE: charts/error-pages/templates/NOTES.txt ================================================ Your error page service is up and running ================================================ FILE: charts/error-pages/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "error-pages.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "error-pages.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "error-pages.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} ================================================ FILE: charts/error-pages/templates/deployment.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "error-pages.fullname" . }} labels: app.kubernetes.io/name: {{ include "error-pages.name" . }} helm.sh/chart: {{ include "error-pages.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "error-pages.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "error-pages.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: 80 protocol: TCP resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} ================================================ FILE: charts/error-pages/templates/ingress.yaml ================================================ {{- if .Values.ingress.enabled -}} {{- $fullName := include "error-pages.fullname" . -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} labels: app.kubernetes.io/name: {{ include "error-pages.name" . }} helm.sh/chart: {{ include "error-pages.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} annotations: traefik.ingress.kubernetes.io/error-pages: |- foo: status: - "404" - "503" backend: global-default-backend query: "/{status}.html" {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: backend: serviceName: {{ $fullName }} servicePort: http {{- end }} ================================================ FILE: charts/error-pages/templates/service.yaml ================================================ apiVersion: v1 kind: Service metadata: name: {{ include "error-pages.fullname" . }} labels: app.kubernetes.io/name: {{ include "error-pages.name" . }} helm.sh/chart: {{ include "error-pages.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} targetPort: http protocol: TCP name: http selector: app.kubernetes.io/name: {{ include "error-pages.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} ================================================ FILE: charts/error-pages/values.yaml ================================================ # Default values for error-pages. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 image: repository: guillaumebriday/traefik-custom-error-pages tag: latest pullPolicy: IfNotPresent nameOverride: "" fullnameOverride: "" service: type: ClusterIP port: 80 ingress: enabled: false annotations: {} resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi nodeSelector: {} tolerations: [] affinity: {} ================================================ FILE: charts/fluentd-elasticsearch/Chart.yaml ================================================ apiVersion: v1 name: fluentd-elasticsearch version: 9.6.2 appVersion: 3.0.4 home: https://www.fluentd.org/ description: A Fluentd Helm chart for Kubernetes with Elasticsearch output icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png keywords: - fluentd - elasticsearch - multiline - detect-exceptions - logging sources: - https://github.com/kiwigrid/helm-charts/tree/master/charts/fluentd-elasticsearch - https://github.com/fluent/fluentd-kubernetes-daemonset - https://github.com/GoogleCloudPlatform/fluent-plugin-detect-exceptions - https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch/fluentd-es-image engine: gotpl deprecated: true ================================================ FILE: charts/fluentd-elasticsearch/OWNERS ================================================ approvers: - axdotl - monotek reviewers: - axdotl - monotek ================================================ FILE: charts/fluentd-elasticsearch/README.md ================================================ # !DEPRECATED! - Fluentd Elasticsearch **!! Chart has been deprecated and moved to !!** - Installs [Fluentd](https://www.fluentd.org/) log forwarder. ## TL;DR ```console helm install kiwigrid/fluentd-elasticsearch ``` ## Introduction This chart bootstraps a [Fluentd](https://www.fluentd.org/) daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. It's meant to be a drop in replacement for fluentd-gcp on GKE which sends logs to Google's Stackdriver service, but can also be used in other places where logging to ElasticSearch is required. The used Docker image also contains Google's detect exceptions (for Java multiline stacktraces), Prometheus exporter, Kubernetes metadata filter & Systemd plugins. ## Prerequisites - Kubernetes 1.8+ with Beta APIs enabled ## Installing the Chart To install the chart with the release name `my-release`: ```console helm install --name my-release kiwigrid/fluentd-elasticsearch ``` The command deploys fluentd-elasticsearch on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. ## Uninstalling the Chart To uninstall/delete the `my-release` deployment: ```console helm delete my-release ``` The command removes all the Kubernetes components associated with the chart and deletes the release. ## Configuration The following table lists the configurable parameters of the Fluentd elasticsearch chart and their default values. | Parameter | Description | Default | | ---------------------------------------------------- | ------------------------------------------------------------------------------ | -------------------------------------------------- | | `affinity` | Optional daemonset affinity | `{}` | | `annotations` | Optional daemonset annotations | `NULL` | | `podAnnotations` | Optional daemonset's pods annotations | `NULL` | | `configMaps.useDefaults.systemConf` | Use default system.conf | true | | `configMaps.useDefaults.containersInputConf` | Use default containers.input.conf | true | | `configMaps.useDefaults.systemInputConf` | Use default system.input.conf | true | | `configMaps.useDefaults.forwardInputConf` | Use default forward.input.conf | true | | `configMaps.useDefaults.monitoringConf` | Use default monitoring.conf | true | | `configMaps.useDefaults.outputConf` | Use default output.conf | true | | `extraConfigMaps` | Add additional Configmap or overwrite disabled default | `{}` | | `awsSigningSidecar.enabled` | Enable AWS request signing sidecar | `false` | | `awsSigningSidecar.resources` | AWS Sidecar resources | `{}` | | `awsSigningSidecar.network.port` | AWS Sidecar exposure port | `8080` | | `awsSigningSidecar.network.address` | AWS Sidecar listen address | `localhost` | | `awsSigningSidecar.network.remoteReadTimeoutSeconds` | AWS Sidecar socket read timeout when talking to ElasticSearch | `15` | | `awsSigningSidecar.image.repository` | AWS signing sidecar repository image | `abutaha/aws-es-proxy` | | `awsSigningSidecar.image.tag` | AWS signing sidecar repository tag | `v1.0` | | `elasticsearch.auth.enabled` | Elasticsearch Auth enabled | `false` | | `elasticsearch.auth.user` | Elasticsearch Auth User | `""` | | `elasticsearch.auth.password` | Elasticsearch Auth Password | `""` | | `elasticsearch.setOutputHostEnvVar` | Use `elasticsearch.hosts` (Disable this to manually configure hosts) | `true` | | `elasticsearch.hosts` | Elasticsearch Hosts List (host and port) | `["elasticsearch-client:9200"]` | | `elasticsearch.includeTagKey` | Elasticsearch Including of Tag key | `true` | | `elasticsearch.logstash.enabled` | Elasticsearch Logstash enabled (supersedes indexName) | `true` | | `elasticsearch.logstash.prefix` | Elasticsearch Logstash prefix | `logstash` | | `elasticsearch.logstash.prefixSeparator` | Elasticsearch Logstash prefix separator | `-` | | `elasticsearch.logstash.dateformat` | Elasticsearch Logstash strftime format to generate index target index name | `%Y.%m.%d` | | `elasticsearch.ilm.enabled` | | Elasticsearch Index Lifecycle Management enabled | `false` | `elasticsearch.ilm.policy_id` | | Elasticsearch ILM policy ID | `logstash-policy` | `elasticsearch.ilm.policy` | | Elasticsearch ILM policy to create | `{}` | `elasticsearch.ilm.policies` | | Elasticsearch ILM policies to create, map of policy IDs and policies | `{}` | `elasticsearch.ilm.policy_overwrite` | | Elastichsarch ILM policy overwrite | `false` | `elasticsearch.indexName` | Elasticsearch Index Name | `fluentd` | | `elasticsearch.path` | Elasticsearch Path | `""` | | `elasticsearch.scheme` | Elasticsearch scheme setting | `http` | | `elasticsearch.sslVerify` | Elasticsearch Auth SSL verify | `true` | | `elasticsearch.sslVersion` | Elasticsearch tls version setting | `TLSv1_2` | | `elasticsearch.outputType` | Elasticsearch output type | `elasticsearch` | | `elasticsearch.typeName` | Elasticsearch type name | `_doc` | | `elasticsearch.logLevel` | Elasticsearch global log level | `info` | | `elasticsearch.reconnectOnError` | Elasticsearch Reconnect on error | `true` | | `elasticsearch.reloadOnFailure` | Elasticsearch Reload on failure | `false` | | `elasticsearch.reloadConnections` | Elasticsearch reload connections | `false` | | `elasticsearch.requestTimeout` | Elasticsearch request timeout | `5s` | | `elasticsearch.suppressTypeName | Elasticsearch type name suppression (for ES >= 7) | `false` | | `elasticsearch.buffer.enabled` | Elasticsearch Buffer enabled | `true` | | `elasticsearch.buffer.type` | Elasticsearch Buffer type | `file` | | `elasticsearch.buffer.path` | Elasticsearch Buffer path | `/var/log/fluentd-buffers/kubernetes.system.buffer`| | `elasticsearch.buffer.flushMode` | Elasticsearch Buffer flush mode | `interval` | | `elasticsearch.buffer.retryType` | Elasticsearch Buffer retry type | `exponential_backoff` | | `elasticsearch.buffer.flushThreadCount` | Elasticsearch Buffer flush thread count | `2` | | `elasticsearch.buffer.flushInterval` | Elasticsearch Buffer flush interval | `5s` | | `elasticsearch.buffer.retryForever` | Elasticsearch Buffer retry forever | `true` | | `elasticsearch.buffer.retryMaxInterval` | Elasticsearch Buffer retry max interval | `30` | | `elasticsearch.buffer.chunkLimitSize` | Elasticsearch Buffer chunk limit size | `2M` | | `elasticsearch.buffer.queueLimitLength` | Elasticsearch Buffer queue limit size | `8` | | `elasticsearch.buffer.overflowAction` | Elasticsearch Buffer over flow action | `block` | | `env` | List of env vars that are added to the fluentd pods | `{}` | | `fluentdArgs` | Fluentd args | `--no-supervisor -q` | | `secret` | List of env vars that are set from secrets and added to the fluentd pods | `[]` | | `extraVolumeMounts` | Mount extra volume, required to mount ssl certificates when ES has tls enabled | `[]` | | `extraVolume` | Extra volume | `[]` | | `hostLogDir.varLog` | Specify where fluentd can find var log | `/var/log` | | `hostLogDir.dockerContainers` | Specify where fluentd can find logs for docker container | `/var/lib/docker/containers` | | `hostLogDir.libSystemdDir` | Specify where fluentd can find logs for lib Systemd | `/usr/lib64` | | `image.repository` | Image | `quay.io/fluentd_elasticsearch/fluentd` | | `image.tag` | Image tag | `v3.0.2` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `` | | `livenessProbe.enabled` | Whether to enable livenessProbe | `true` | | `livenessProbe.initialDelaySeconds` | livenessProbe initial delay seconds | `600` | | `livenessProbe.periodSeconds` | livenessProbe period seconds | `60` | | `livenessProbe.kind` | livenessProbe kind | `Set to a Linux compatible command` | | `nodeSelector` | Optional daemonset nodeSelector | `{}` | | `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | | `podSecurityPolicy.enabled` | Specify if a pod security policy must be created | `false` | | `priorityClassName` | Optional PriorityClass for pods | `""` | | `prometheusRule.enabled` | Whether to enable Prometheus prometheusRule | `false` | | `prometheusRule.prometheusNamespace` | Namespace for prometheusRule | `monitoring` | | `prometheusRule.labels` | Optional labels for prometheusRule | `{}` | | `rbac.create` | RBAC | `true` | | `resources.limits.cpu` | CPU limit | `100m` | | `resources.limits.memory` | Memory limit | `500Mi` | | `resources.requests.cpu` | CPU request | `100m` | | `resources.requests.memory` | Memory request | `200Mi` | | `service` | Service definition | `{}` | | `service.ports` | List of service ports dict [{name:...}...] | Not Set | | `service.ports[].type` | Service type (ClusterIP/NodePort) | `ClusterIP` | | `service.ports[].name` | One of service ports name | Not Set | | `service.ports[].port` | Service port | Not Set | | `service.ports[].nodePort` | NodePort port (when service.type is NodePort) | Not Set | | `service.ports[].protocol` | Service protocol(optional, can be TCP/UDP) | Not Set | | `serviceAccount.create` | Specifies whether a service account should be created. | `true` | | `serviceAccount.name` | Name of the service account. | `""` | | `serviceAccount.annotations` | Specify annotations in the pod service account | `{}` | | `serviceMetric.enabled` | Generate the metric service regardless of whether serviceMonitor is enabled. | `false` | | `serviceMonitor.enabled` | Whether to enable Prometheus serviceMonitor | `false` | | `serviceMonitor.port` | Define on which port the ServiceMonitor should scrape | `24231` | | `serviceMonitor.interval` | Interval at which metrics should be scraped | `10s` | | `serviceMonitor.path` | Path for Metrics | `/metrics` | | `serviceMonitor.labels` | Optional labels for serviceMonitor | `{}` | | `serviceMonitor.metricRelabelings` | Optional metric relabel configs to apply to samples before ingestion | `[]` | | `serviceMonitor.relabelings` | Optional relabel configs to apply to samples before scraping | `[]` | | `serviceMonitor.jobLabel` | Label whose value will define the job name | `app.kubernetes.io/instance` | | `serviceMonitor.type` | Optional the type of the metrics service | `ClusterIP` | | `tolerations` | Optional daemonset tolerations | `[]` | | `updateStrategy` | Optional daemonset update strategy | `type: RollingUpdate` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console helm install --name my-release kiwigrid/fluentd-elasticsearch ``` Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, ```console helm install --name my-release -f values.yaml kiwigrid/fluentd-elasticsearch ``` ## Installation ### IBM IKS For IBM IKS path `/var/log/pods` must be mounted, otherwise only kubelet logs would be available ```yaml extraVolumeMounts: | - name: pods mountPath: /var/log/pods readOnly: true extraVolumes: | - name: pods hostPath: path: "/var/log/pods" type: Directory ``` ### AWS Elasticsearch Domains AWS Elasticsearch requires requests to upload data to be signed using [AWS Signature V4](https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). In order to support this, you can add `awsSigningSidecar: {enabled: true}` to your configuration. This results in a sidecar container being deployed that proxies all requests to your Elasticsearch domain and signs them appropriately. ## Upgrading ### From a version < 2.0.0 When you upgrade this chart you have to add the "--force" parameter to your helm upgrade command as there have been changes to the lables which makes a normal upgrade impossible. ### From a version ≥ 4.9.3 to version ≥ 5.0.0 When upgrading this chart you need to rename `livenessProbe.command` parameter to `livenessProbe.kind.exec.command` (only applicable if `livenessProbe.command` parameter was used). ### From a version < 6.0.0 to version ≥ 6.0.0 When upgrading this chart you have to perform updates for any system that uses fluentd output from systemd logs, because now: - field names have removed leading underscores (`_pid` becomes `pid`) - field names from systemd are now lowercase (`PROCESS` becomes `process`) This means any system that uses fluend output needs to be updated, especially: - in Kibana go to `Management > Index Patterns`, for each index click on `Refresh field list` icon - fix renamed fields in other places - such as Kibana or Grafana, in items such as dashboards queries/vars/annotations It is strongly suggested to set up temporarily new fluentd instance with output to another elasticsearch index prefix to see the differences and then apply changes. The amount of fields altered can be noticeable and hard to list them all in this document. Some dashboards can be easily fixed with sed: ```bash cat dashboard.json | sed -e 's/_PID/pid/g' ``` Below list of most commonly used systemd fields: ```text __MONOTONIC_TIMESTAMP __REALTIME_TIMESTAMP _BOOT_ID _CAP_EFFECTIVE _CMDLINE _COMM _EXE _GID _HOSTNAME _MACHINE_ID _PID _SOURCE_REALTIME_TIMESTAMP _SYSTEMD_CGROUP _SYSTEMD_SLICE _SYSTEMD_UNIT _TRANSPORT _UID CODE_FILE CODE_FUNC CODE_FUNCTION CODE_LINE MESSAGE MESSAGE_ID NM_LOG_DOMAINS NM_LOG_LEVEL PRIORITY SYSLOG_FACILITY SYSLOG_IDENTIFIER SYSLOG_PID TIMESTAMP_BOOTTIME TIMESTAMP_MONOTONIC UNIT ``` ### From a version <= 6.3.0 to version => 7.0.0 The additional plugins option has been removed as the used container image does not longer contains the build tools needed to build the plugins. Please use an own container image containing the plugins you want to use. ### From a version < 8.0.0 to version => 8.0.0 > Both `elasticsearch.host` and `elasticsearch.port` are removed in favor of `elasticsearch.hosts` You can now [configure multiple elasticsearch hosts](https://docs.fluentd.org/output/elasticsearch#hosts-optional) as target for fluentd. The following parameters are deprecated and will be replaced by `elasticsearch.hosts` with a default value of `["elasticsearch-client:9200"]` ```yaml elasticsearch: host: elasticsearch-client port: 9200 ``` You can use any yaml array syntax: ```yaml elasticsearch: hosts: ["elasticsearch-node-1:9200", "elasticsearch-node-2:9200"] ``` ```yaml elasticsearch: hosts: - "elasticsearch-node-1:9200" - "elasticsearch-node-2:9200" ``` If were using `--set elasticsearch.host=elasticsearch-client --set elasticsearch.port=9200` previously, you will need to pass those values as an array as in `--set elasticsearch.host="{elasticsearch-client:9200}"`. The quotes around the curly brackets are important in order to make sure your shell passes the string through without processing it. Note: > If you are using the AWS Sidecar, only the first host in the array is used. [Aws-es-proxy](https://github.com/abutaha/aws-es-proxy) is limited to one endpoint. ### From a version < 8.0.0 to version => 9.0.0 In this version elasticsearch template in `output.conf` configmap was expanded to be fully configured from `values.yaml` - decide if to add a `logstash` - toggle `logstash.enabled` - decide if to add a `buffer` - toggle `buffer.enabled` #### The following fields were removed from the elasticsearch block in vlaues.yaml - `bufferChunkLimit` in favor of `buffer.chunkLimitSize` - `bufferQueueLimit` in favor of `buffer.queueLimitLength` - `logstashPrefix` in favor of `logstash.enabled` and `logstash.prefix` #### The following fields were added - `reconnectOnError` - `reloadOnFailure` - `reloadConnections` - `buffer.enabled` - `buffer.type` - `buffer.path` - `buffer.flushMode` - `buffer.retryType` - `buffer.flushThreadCount` - `buffer.flushInterval` - `buffer.retryForever` - `buffer.retryMaxInterval` - `buffer.chunkLimitSize` - `buffer.queueLimitLength` - `buffer.overflowAction` ================================================ FILE: charts/fluentd-elasticsearch/templates/NOTES.txt ================================================ 1. To verify that Fluentd has started, run: kubectl --namespace={{ .Release.Namespace }} get pods -l "app.kubernetes.io/name={{ include "fluentd-elasticsearch.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" THIS APPLICATION CAPTURES ALL CONSOLE OUTPUT AND FORWARDS IT TO elasticsearch . Anything that might be identifying, including things like IP addresses, container images, and object names will NOT be anonymized. {{- if .Values.service }} 2. Get the application URL by running these commands: {{- range $port := .Values.service.ports }} {{- $service_type := $port.type | default "ClusterIP" -}} {{- if contains "NodePort" $service_type }} export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fluentd-elasticsearch.fullname" $ }}) export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" $service_type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get svc -w {{ include "fluentd-elasticsearch.fullname" $ }}' export SERVICE_IP=$(kubectl get svc --namespace {{ $.Release.Namespace }} {{ include "fluentd-elasticsearch.fullname" $ }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{ $port.port }} {{- else if contains "ClusterIP" $service_type }} export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "fluentd-elasticsearch.name" $ }},app.kubernetes.io/instance={{ $.Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl port-forward $POD_NAME 8080:80 {{- end }} {{- end }} {{- end }} ================================================ FILE: charts/fluentd-elasticsearch/templates/_helpers.tpl ================================================ {{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "fluentd-elasticsearch.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "fluentd-elasticsearch.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "fluentd-elasticsearch.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create the name of the service account to use */}} {{- define "fluentd-elasticsearch.serviceAccountName" -}} {{- if .Values.serviceAccount.create -}} {{ default (include "fluentd-elasticsearch.fullname" .) .Values.serviceAccount.name }} {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} {{/* Common labels */}} {{- define "fluentd-elasticsearch.labels" -}} app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} ================================================ FILE: charts/fluentd-elasticsearch/templates/clusterrole.yaml ================================================ {{- if .Values.rbac.create -}} {{- $striped_version := (split "-" .Capabilities.KubeVersion.GitVersion)._0 -}} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "fluentd-elasticsearch.fullname" . }} labels: {{ include "fluentd-elasticsearch.labels" . | indent 4 }} {{- if semverCompare "< 1.6" $striped_version }} kubernetes.io/cluster-service: "true" {{- end }} addonmanager.kubernetes.io/mode: Reconcile rules: - apiGroups: - "" resources: - "namespaces" - "pods" verbs: - "get" - "watch" - "list" {{- end -}} ================================================ FILE: charts/fluentd-elasticsearch/templates/clusterrolebinding.yaml ================================================ {{- if .Values.rbac.create -}} {{- $striped_version := (split "-" .Capabilities.KubeVersion.GitVersion)._0 -}} kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ include "fluentd-elasticsearch.fullname" . }} labels: {{ include "fluentd-elasticsearch.labels" . | indent 4 }} {{- if semverCompare "< 1.6" $striped_version }} kubernetes.io/cluster-service: "true" {{- end }} addonmanager.kubernetes.io/mode: Reconcile subjects: - kind: ServiceAccount name: {{ if .Values.serviceAccount.name }}{{ .Values.serviceAccount.name }}{{ else }}{{ include "fluentd-elasticsearch.fullname" . }}{{ end }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole name: {{ include "fluentd-elasticsearch.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end -}} ================================================ FILE: charts/fluentd-elasticsearch/templates/configmaps.yaml ================================================ {{- $striped_version := (split "-" .Capabilities.KubeVersion.GitVersion)._0 -}} apiVersion: v1 kind: ConfigMap metadata: name: {{ include "fluentd-elasticsearch.fullname" . }} labels: {{ include "fluentd-elasticsearch.labels" . | indent 4 }} {{- if semverCompare "< 1.6" $striped_version }} kubernetes.io/cluster-service: "true" {{- end }} addonmanager.kubernetes.io/mode: Reconcile data: {{- if .Values.configMaps.useDefaults.systemConf }} system.conf: |- root_dir /tmp/fluentd-buffers/ {{- end }} {{- if .Values.configMaps.useDefaults.containersInputConf }} containers.input.conf: |- # This configuration file for Fluentd / td-agent is used # to watch changes to Docker log files. The kubelet creates symlinks that # capture the pod name, namespace, container name & Docker container ID # to the docker logs for pods in the /var/log/containers directory on the host. # If running this fluentd configuration in a Docker container, the /var/log # directory should be mounted in the container. # # These logs are then submitted to Elasticsearch which assumes the # installation of the fluent-plugin-elasticsearch & the # fluent-plugin-kubernetes_metadata_filter plugins. # See https://github.com/uken/fluent-plugin-elasticsearch & # https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter for # more information about the plugins. # # Example # ======= # A line in the Docker log file might look like this JSON: # # {"log":"2014/09/25 21:15:03 Got request with path wombat\n", # "stream":"stderr", # "time":"2014-09-25T21:15:03.499185026Z"} # # The time_format specification below makes sure we properly # parse the time format produced by Docker. This will be # submitted to Elasticsearch and should appear like: # $ curl 'http://elasticsearch-logging:9200/_search?pretty' # ... # { # "_index" : "logstash-2014.09.25", # "_type" : "fluentd", # "_id" : "VBrbor2QTuGpsQyTCdfzqA", # "_score" : 1.0, # "_source":{"log":"2014/09/25 22:45:50 Got request with path wombat\n", # "stream":"stderr","tag":"docker.container.all", # "@timestamp":"2014-09-25T22:45:50+00:00"} # }, # ... # # The Kubernetes fluentd plugin is used to write the Kubernetes metadata to the log # record & add labels to the log record if properly configured. This enables users # to filter & search logs on any metadata. # For example a Docker container's logs might be in the directory: # # /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b # # and in the file: # # 997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log # # where 997599971ee6... is the Docker ID of the running container. # The Kubernetes kubelet makes a symbolic link to this file on the host machine # in the /var/log/containers directory which includes the pod name and the Kubernetes # container name: # # synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log # -> # /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log # # The /var/log directory on the host is mapped to the /var/log directory in the container # running this instance of Fluentd and we end up collecting the file: # # /var/log/containers/synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log # # This results in the tag: # # var.log.containers.synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log # # The Kubernetes fluentd plugin is used to extract the namespace, pod name & container name # which are added to the log message as a kubernetes field object & the Docker container ID # is also added under the docker field object. # The final tag is: # # kubernetes.var.log.containers.synthetic-logger-0.25lps-pod_default_synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log # # And the final log record look like: # # { # "log":"2014/09/25 21:15:03 Got request with path wombat\n", # "stream":"stderr", # "time":"2014-09-25T21:15:03.499185026Z", # "kubernetes": { # "namespace": "default", # "pod_name": "synthetic-logger-0.25lps-pod", # "container_name": "synth-lgr" # }, # "docker": { # "container_id": "997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b" # } # } # # This makes it easier for users to search for logs by pod name or by # the name of the Kubernetes container regardless of how many times the # Kubernetes pod has been restarted (resulting in a several Docker container IDs). # Json Log Example: # {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"} # CRI Log Example: # 2016-02-17T00:04:05.931087621Z stdout F [info:2016-02-16T16:04:05.930-08:00] Some log text here @id fluentd-containers.log @type tail path /var/log/containers/*.log pos_file /var/log/containers.log.pos tag raw.kubernetes.* read_from_head true @type multi_format format json time_key time time_format %Y-%m-%dT%H:%M:%S.%NZ format /^(? # Detect exceptions in the log output and forward them as one log entry. @id raw.kubernetes @type detect_exceptions remove_tag_prefix raw message log stream stream multiline_flush_interval 5 max_bytes 500000 max_lines 1000 # Concatenate multi-line logs @id filter_concat @type concat key message multiline_end_regexp /\n$/ separator "" timeout_label @NORMAL flush_interval 5 # Enriches records with Kubernetes metadata @id filter_kubernetes_metadata @type kubernetes_metadata # Fixes json fields in Elasticsearch @id filter_parser @type parser key_name log reserve_time true reserve_data true remove_key_name_field true @type multi_format format json format none {{- end }} {{- if .Values.configMaps.useDefaults.systemInputConf }} system.input.conf: |- # Example: # 2015-12-21 23:17:22,066 [salt.state ][INFO ] Completed state [net.ipv4.ip_forward] at time 23:17:22.066081 @id minion @type tail format /^(?