Get trusted environments

GET /trusted-environments

Returns the list of trusted environments for the organization. If no organization is passed in, the organization attached to the user is assumed.

Query parameters

  • (Optional) Organization Id for which to retrieve the trusted environments

Responses

  • Trusted environments for this organization

    Hide response attributes Show response attributes object
    • accounts array[object]

      The list of trust relationships with different accounts

      Hide accounts attributes Show accounts attributes object
      • account_id string Required

        the ID of the Account

      • name string

        A human readable name of the trust relationship

      • trust_all boolean Required

        If true, all clusters in this account will by default be trusted and the trust_allowlist is ignored.

      • trust_allowlist array[string]

        The list of clusters to trust. Only used when trust_all is false.

    • external array[object]

      The list of trust relationships with external entities

      Hide external attributes Show external attributes object
      • trust_relationship_id string Required

        The ID of the external trust relationship

      • name string

        The name of the external trust relationship. Retrieved from the TrustRelationship and ignored on write.

      • trust_all boolean Required

        If true, all clusters in this external entity will be trusted and the trust_allowlist is ignored.

      • trust_allowlist array[string]

        The list of clusters to trust. Only used when trust_all is false.

    • direct array[object]

      The list of trust relationships where the certificate is bundled with the trust setting. Allows configuring trust for clusters running outside of an Elastic Cloud managed environment or in an Elastic Cloud environment without an environment level trust established.

      Hide direct attributes Show direct attributes object
      • uid string

        Auto generated identifier for this trust, allows distinguishing between update vs remove and add.

      • name string Required

        a human readable name of the trust relationship

      • type string

        The type can either be ESS, ECE, generic or proxy. If none is specified, then generic is assumed. If proxy is specified, trust_all should be false and trust_allowlist, scope_id and additional_node_names should be omitted.

        Values are ECE, ESS, generic, or proxy.

      • trust_all boolean Required

        If true, scope_id is required and the trust_allowlist is ignored and all clusters matching the scope id will be trusted.

      • trust_allowlist array[string]

        The list of clusters with matching scope to trust. Only used when trust_all is false. Providing one or more clusters makes scope_id mandatory.

      • scope_id string

        A lowercase alphanumerical string of max 32 characters. Usually an organization id or an environment id, but could really be any suitable suffix for clusters using the CA certificate of this trust. Required unless trust_all is false and trust_allowlist is empty.

      • A list of node names trusted in addition to those deducible from trust_allowlist and scope id. Allows trusting nodes that don't have a scoped name at the cost of maintaining the list. Mandatory if scope id is not defined. Wildcards are not allowed.

      • certificates array[object] Required

        The public ca certificate(s) to trust. Only one is required, but it is possible to specify multiple certificates in order to facilitate key rotation.

        Hide certificates attributes Show certificates attributes object
        • pem string Required

          The public ca certificate as string in PEM format.

        • metadata object

          Metadata about the certificate, including fingerprint and expiry date. Generated by the Cloud service and ignored on write.

          Additional properties are allowed.

          Hide metadata attributes Show metadata attributes object
          • fingerprint string Required

            The fingerprint of the certificate

          • valid_to string(date-time) Required

            The expiry date of the certificate in UTC

          • valid_from string(date-time) Required

            The valid from date of the certificate in UTC

          • also_trusted_by array[string]

            Other deployments also trusting this certificate

  • Organization not found. (code: organization.not_found)

    Hide headers attribute Show headers attribute
    • The error codes associated with the response

      Value is organization.not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields

GET /trusted-environments
curl \
 -X GET https://{{hostname}}/api/v1/trusted-environments
Response examples (200)
{
  "accounts": [
    {
      "account_id": "string",
      "name": "string",
      "trust_all": true,
      "trust_allowlist": [
        "string"
      ]
    }
  ],
  "external": [
    {
      "trust_relationship_id": "string",
      "name": "string",
      "trust_all": true,
      "trust_allowlist": [
        "string"
      ]
    }
  ],
  "direct": [
    {
      "uid": "string",
      "name": "string",
      "type": "ECE",
      "trust_all": true,
      "trust_allowlist": [
        "string"
      ],
      "scope_id": "abc123",
      "additional_node_names": [
        "string"
      ],
      "certificates": [
        {
          "pem": "string",
          "metadata": {
            "fingerprint": "string",
            "valid_to": "2024-05-04T09:42:00+00:00",
            "valid_from": "2024-05-04T09:42:00+00:00",
            "also_trusted_by": [
              "string"
            ]
          }
        }
      ]
    }
  ]
}
Response examples (404)
# Headers
x-cloud-error-codes: organization.not_found

# Payload
{
  "errors": [
    {
      "code": "string",
      "message": "string",
      "fields": [
        "string"
      ]
    }
  ]
}