DirectTrustRelationship

edit

`DirectTrustRelationship`

edit

The trust relationship with external entities (remote environments, remote accounts…).

Properties

edit

additional_node_names (array[string]): A list of node names trusted in addition to those deducible from trust_allowlist and scope id. Allows trusting nodes that don't have a scoped name at the cost of maintaining the list. Mandatory if scope id is not defined.
certificates (array[TrustedCertificate], required): The public ca certificate(s) to trust. Only one is required, but it is possible to specify multiple certificates in order to facilitate key rotation.
name (string, required): a human readable name of the trust relationship
scope_id (string): Usually an organization id or an environment id, but could really be any suitable suffix for clusters using the CA certificate of this trust. Required unless trust_all is false and trust_allowlist is empty.
trust_all (boolean, required): If true, scope_id is required and the trust_allowlist is ignored and all clusters matching the scope id will be trusted.
trust_allowlist (array[string]): The list of clusters with matching scope to trust. Only used when trust_all is false. Providing one or more clusters makes scope_id mandatory.

Example

edit

{
   "additional_node_names" : [
      "string"
   ],
   "certificates" : [
      {
         "metadata" : {
            "fingerprint" : "string",
            "valid_from" : "2019-01-01T00:00:00Z",
            "valid_to" : "2019-01-01T00:00:00Z"
         },
         "pem" : "string"
      }
   ],
   "name" : "string",
   "scope_id" : "string",
   "trust_all" : true,
   "trust_allowlist" : [
      "string"
   ]
}

« Dimension DiscreteSizes »