Replace Secret Policy.
const url = 'https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/secret_management/namespaces/example/secret_policys/example';const options = { method: 'PUT', headers: {Authorization: '<Authorization>', 'Content-Type': 'application/json'}, body: '{"metadata":{"annotations":{},"description":"example","disable":true,"labels":{},"name":"example","namespace":"example"},"spec":{"allow_f5xc":true,"decrypt_cache_timeout":"example","legacy_rule_list":{"rules":[{"name":"example","namespace":"example"}]},"rule_list":{"rules":[{"metadata":{"description":"example","name":"example"},"spec":{"action":"DENY","client_name":"example","client_name_matcher":{"exact_values":["example"],"regex_values":["example"],"transformers":["LOWER_CASE"]},"client_selector":{"expressions":["example"]}}}]}}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request PUT \ --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/secret_management/namespaces/example/secret_policys/example \ --header 'Authorization: <Authorization>' \ --header 'Content-Type: application/json' \ --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "allow_f5xc": true, "decrypt_cache_timeout": "example", "legacy_rule_list": { "rules": [ { "name": "example", "namespace": "example" } ] }, "rule_list": { "rules": [ { "metadata": { "description": "example", "name": "example" }, "spec": { "action": "DENY", "client_name": "example", "client_name_matcher": { "exact_values": [ "example" ], "regex_values": [ "example" ], "transformers": [ "LOWER_CASE" ] }, "client_selector": { "expressions": [ "example" ] } } } ] } } }'Replace secret_policy replaces an existing object in the storage backend for metadata.namespace.
Authorizations
Section titled “Authorizations”Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
Name The configuration object to be replaced will be looked up by name.
Request Bodyrequired
Section titled “Request Bodyrequired”This is the input message of the ‘Replace’ RPC.
object
object
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.
object
Human readable description for the object.
A value of true will administratively disable the object.
Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.
object
This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.
This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""
object
If allow_f5xc is set to true, it allows relevant F5XC infrastructure services to decrypt the secret encrypted using this policy.
Decrypt_cache_timeout contains the amount of time a decrypted secret is cached in wingman. Value for this parameter is a string ending in the suffix “s” (indicating seconds), suffix “m” (indicating minutes) or suffix “h” (indicating hours)
object
A list of references to service_policy_rule objects. The order of evaluation of the rules depends on the rule combining algorithm.
This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)
object
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.
object
Define the list of rules (with an order) that should be evaluated by this service policy. Rules are evaluated from top to bottom in the list.
A Rule consists of an unordered list of predicates and an action. The predicates are evaluated against a set of input fields that are extracted from or derived from an L7 request API. A request API is considered to match the simple rule if all predicates in the rule evaluate to true for that request. Any predicates that are not specified in a rule are implicitly considered to be true. If a request API matches a simple rule, the action for the simple rule is enforced.
object
object
Human readable description.
This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.
object
Exclusive with [client_name_matcher client_selector] The name of the client trying to access the secret. Name of the client will be extracted from client TLS certificate. This predicate evaluates to true if client name matches the configured name.
object
A list of exact values to match the input against.
A list of regular expressions to match the input against.
An ordered list of transformers (starting from index 0) to be applied to the path before matching.
object
Expressions contains the Kubernetes style label expression for selections. Required: YES.
Responses
Section titled “Responses”A successful response.
object
Examplegenerated
{}Returned when operation is not authorized.
Examplegenerated
exampleReturned when there is no permission to access resource.
Examplegenerated
exampleReturned when resource is not found.
Examplegenerated
exampleReturned when operation on resource is conflicting with current value.
Examplegenerated
exampleReturned when operation has been rejected as it is happening too frequently.
Examplegenerated
exampleReturned when server encountered an error in processing API.
Examplegenerated
exampleReturned when service is unavailable temporarily.
Examplegenerated
exampleReturned when server timed out processing request.
Examplegenerated
example