package harp.bundle.v1

Get desktop application:
View/edit binary Protocol Buffers messages

BundleAPI describes bundle service contract.

rpc GetSecret (GetSecretRequest, GetSecretResponse)
bundle_api.proto:33
GetSecret returns the matching RAW secret value according to requested path.
message GetSecretRequest
bundle_api.proto:38
GetSecretRequest describes information required to retrieve secret from container server.
- string namespace = 1
  Namepace name.
- string path = 2
  Secret path.
message GetSecretResponse
bundle_api.proto:45
- string namespace = 1
  Namespace name.
- string path = 2
  Secret path.
- bytes content = 3
  Secret content returned by mapped engine.

ApplicationComponentNS describes application components.

Used in: Namespaces

string type = 1
REQUIRED. Application type.
string name = 2
REQUIRED. Application name.
string description = 3
REQUIRED. Application short description.
repeated SecretSuffix secrets = 4
REQUIRED. Secret definitions.

Bundle is a concrete secret bundle.

map<string, string> labels = 1
Map of string keys and values that can be used to organize and categorize (scope and select) objects.
map<string, string> annotations = 2
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.
uint32 version = 3
Version of the file
repeated Package packages = 4
Secret package collection
optional Template template = 5
Bundle template object
optional google.protobuf.BytesValue values = 6
Associated values
bytes merkle_tree_root = 7
Merkle Tree root
map<string, google.protobuf.Any> user_data = 99
User data storage

InfrastructureSpec is the container for R1 secret generators.

Used in: Namespaces

string provider = 1
REQUIRED. Infrastructure provider
string account = 2
REQUIRED. Infrastructure provider account
string name = 3
REQUIRED. Infrastructure provider account alias (user-friendly name)
string description = 4
REQUIRED. Short descript for the infrastructure purpose.
repeated InfrastructureRegionNS regions = 5
REQUIRED. Cloud Provider Regions

InfrastructureRegionSpec describes region partition.

Used in: InfrastructureNS

string name = 1
REQUIRED. Infrastructure provider region name
repeated InfrastructureServiceNS services = 2
REQUIRED. Service secret definitions

InfrastructureServiceSpec describes infrastructure service.

Used in: InfrastructureRegionNS

string type = 1
REQUIRED. Service type.
string name = 2
REQUIRED. Service name.
string description = 3
REQUIRED. Service usage short description.
repeated SecretSuffix secrets = 4
REQUIRED. Secret definitions.

KV contains the key, the value and the type of the value.

Used in: SecretChain

string key = 1
Key
string type = 2
Golang type of initial value before packing
bytes value = 3
Value must be encoded using secret.Pack method

Namespaces defines secret generation template specification accoridng to CSO path naming.

Used in: TemplateSpec

repeated InfrastructureNS infrastructure = 1
Infrastructure secret definitions.
repeated PlatformRegionNS platform = 2
Platform secret definitions.
repeated ProductComponentNS product = 3
Product secret definitions.
repeated ApplicationComponentNS application = 4
Application secret definitions.

Package is a secret organizational unit.

Used in: Bundle

map<string, string> labels = 1
Map of string keys and values that can be used to organize and categorize (scope and select) objects.
map<string, string> annotations = 2
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.
string name = 3
Package name as a complete secret path (CSO compliance recommended)
optional SecretChain secrets = 4
Active secret version
map<fixed32, SecretChain> versions = 5
SecretChain versions
map<string, google.protobuf.Any> user_data = 99
User data storage

Patch represents bundle patch definition.

string api_version = 1
Default to ""
string kind = 2
Default to "BundlePatch"
optional PatchMeta meta = 3
BundlePatch metadata
optional PatchSpec spec = 4
BundlePatch specification

Used in: PatchSpec

bool disableAnnotations = 1
Enable/Disable annotations after patch application.

PatchMeta handles patch metadata.

Used in: Patch

string name = 1
REQUIRED. Template name.
string owner = 2
REQUIRED. Template owner.
string description = 3
REQUIRED. Short description for template role.

PatchOperation represents atomic patch operations executable on a k/v map.

Used in: PatchPackage, PatchSecret

map<string, string> add = 1
Add a new case-sentitive key and value to related data map. Key and Value can be templatized.
repeated string remove = 2
Remove a case-sensitive key from related data map. Key and Value can be templatized.
map<string, string> update = 3
Update case-sensitive existing key from related data map. Key and Value can be templatized.
map<string, string> replaceKeys = 4
Replace case-sensitive existing key using the associated value. Value can be templatized.
repeated string removeKeys = 5
Remove all keys matching these given regexp.

PatchPackage represents package operations.

Used in: PatchRule

optional PatchPackagePath path = 1
Path operations.
optional PatchOperation annotations = 2
Annotation operations.
optional PatchOperation labels = 3
Label operations.
optional PatchSecret data = 4
Secret data operations.
bool remove = 5
Flag as remove.
bool create = 6
Flag to create if not exist.

PatchPackagePath represents package path operations.

Used in: PatchPackage

string template = 1
Template used to completely rewrite the package path.

PatchRule represents an operation to apply to a given bundle.

Used in: PatchSpec

string id = 1
Rule identifier.
optional PatchSelector selector = 2
Used to determine is patch strategy is applicable to the package.
optional PatchPackage package = 3
Package patch operations.

PatchSecret represents secret data operations.

Used in: PatchPackage

optional PatchOperation annotations = 1
Secret data annotation operations.
optional PatchOperation labels = 2
Secret data label operations.
string template = 3
Template to override secret data.
optional PatchOperation kv = 4
Used to target specific keys inside the secret data.

PatchSelector represents selecting strategies used to match a bundle resource.

Used in: PatchRule

optional PatchSelectorMatchPath matchPath = 1
Match a package by using its path (secret path).
string jmesPath = 2
Match a package using a JMESPath query.
string rego = 3
Match a package using a Rego policy.
string regoFile = 4
Match a package using a REgo policy stored in an external file.
optional PatchSelectorMatchSecret matchSecret = 5
Match a package by secret.
repeated string cel = 6
Match a package using CEL expressions.

PatchSelectorMatchPath represents package path matching strategies.

Used in: PatchSelector

string strict = 1
Strict case-sensitive path matching. Value can be templatized.
string regex = 2
Regex path matching. Value can be templatized.
string glob = 3
Glob path matching. - https://github.com/gobwas/glob Value can be templatized.

PatchSelectorMatchPath represents package path matching strategies.

Used in: PatchSelector

string strict = 1
Strict case-sensitive secret matching. Value can be templatized.
string regex = 2
Regex secret matching. Value can be templatized.
string glob = 3
Glob path matching. - https://github.com/gobwas/glob Value can be templatized.

PatchSpec repesetns bundle patch specification holder.

Used in: Patch

optional PatchExecutor executor = 1
repeated PatchRule rules = 2
Patch selector rules. Applied in the declaration order.

PlatformComponentSpec describes platform components.

Used in: PlatformRegionNS

string type = 1
REQUIRED. Component type.
string name = 2
REQUIRED. Component name.
string description = 3
REQUIRED. Component short description.
repeated SecretSuffix secrets = 4
REQUIRED. Secret definitions.

PlatformRegionNS is the container for R2 secret generators.

Used in: Namespaces

string region = 1
REQUIRED. Platform region name.
string description = 2
REQUIRED. Platform region short description.
repeated PlatformComponentNS components = 3
REQUIRED. Platform components deployed in the given region.

ProductComponentNS describes product components.

Used in: Namespaces

string type = 1
REQUIRED. Product type.
string name = 2
REQUIRED. Product name.
string description = 3
REQUIRED. Product short description.
repeated SecretSuffix secrets = 4
REQUIRED. Secret definitions.

Rule represents linter rule specification.

Used in: RuleSetSpec

string name = 1
REQUIRED. Rule name.
string description = 2
OPTIONAL. Rule description.
string path = 3
REQUIRED. Rule path matcher filter.
repeated string constraints = 4
OPTIONAL. CEL Constraint collection.
string rego = 5
OPTIONAL. Rego policy.
string rego_file = 6
OPTIONAL. Rego policy file.

RuleSet represents bundle linter ruleset definition.

string api_version = 1
Default to ""
string kind = 2
Default to "RuleSet"
optional RuleSetMeta meta = 3
RuleSet metadata
optional RuleSetSpec spec = 4
RuleSet specification

PatchMeta handles patch metadata.

Used in: RuleSet

string name = 1
REQUIRED. RuleSet name.
string owner = 2
REQUIRED. RuleSet owner.
string description = 3
REQUIRED. Short description for ruleset.

RuleSetSpec repesents ruleset specification holder.

Used in: RuleSet

repeated Rule rules = 1
Rule collection.

SecretChain describe a secret version chain.

Used in: Package

map<string, string> labels = 1
Map of string keys and values that can be used to organize and categorize (scope and select) objects.
map<string, string> annotations = 2
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.
fixed32 version = 3
Version identifier
repeated KV data = 4
Secret K/V collection
optional google.protobuf.UInt32Value previous_version = 5
Link to previous version
optional google.protobuf.UInt32Value next_version = 6
Link to next version
optional google.protobuf.BytesValue locked = 7
Locked buffer when encryption is enabled
map<string, google.protobuf.Any> user_data = 99
User data storage

SecretSuffix holds secret value generation details.

Used in: ApplicationComponentNS, InfrastructureServiceNS, PlatformComponentNS, ProductComponentNS

string suffix = 1
REQUIRED. CSO Suffix.
string description = 2
REQUIRED. Short description of the purpose of the secret.
bool vendor = 3
Defines if secret is managed or not (generated vs static secret).
string template = 4
JSON Template for K/V Generation.
map<string, string> content = 5
String Content for file embedding process. (filename / content)
map<string, string> labels = 6
Secret labels contains identifying information used for query (i.e. Patch selector).
map<string, string> annotations = 7
Secret annotations not used internally used by external harp environments.

BundleTemplateSelector defines secret path generator default values.

Used in: TemplateSpec

string quality = 1
Quality defines default quality value for CSO path builder.
string platform = 2
Platform defines default platform value in CSO path builder.
string product = 3
Product defines default product value in CSO path builder.
string version = 4
Version defines default version value in CSO path builder.
string component = 5
Component defines default component value in CSO path builder.

Template represents bundle template generation definition.

Used in: Bundle

string api_version = 1
string kind = 2
optional TemplateMeta meta = 3
optional TemplateSpec spec = 4

TemplateMeta handles bundle template metadata.

Used in: Template

string name = 1
REQUIRED. Template name.
string owner = 2
REQUIRED. Template owner.
string description = 3
REQUIRED. Short description for template role.

TemplateSpec handles bundle template specification.

Used in: Template

optional Selector selector = 1
optional Namespaces namespaces = 2

package harp.bundle.v1

service BundleAPI

rpc GetSecret (GetSecretRequest, GetSecretResponse)

message GetSecretRequest

string namespace = 1

string path = 2

message GetSecretResponse

string namespace = 1

string path = 2

bytes content = 3

message ApplicationComponentNS

string type = 1

string name = 2

string description = 3

repeated SecretSuffix secrets = 4

message Bundle

map<string, string> labels = 1

map<string, string> annotations = 2

uint32 version = 3

repeated Package packages = 4

optional Template template = 5

optional google.protobuf.BytesValue values = 6

bytes merkle_tree_root = 7

map<string, google.protobuf.Any> user_data = 99

message InfrastructureNS

string provider = 1

string account = 2

string name = 3

string description = 4

repeated InfrastructureRegionNS regions = 5

message InfrastructureRegionNS

string name = 1

repeated InfrastructureServiceNS services = 2

message InfrastructureServiceNS

string type = 1

string name = 2

string description = 3

repeated SecretSuffix secrets = 4

message KV

string key = 1

string type = 2

bytes value = 3

message Namespaces

repeated InfrastructureNS infrastructure = 1

repeated PlatformRegionNS platform = 2

repeated ProductComponentNS product = 3

repeated ApplicationComponentNS application = 4

message Package

map<string, string> labels = 1

map<string, string> annotations = 2

string name = 3

optional SecretChain secrets = 4

map<fixed32, SecretChain> versions = 5

map<string, google.protobuf.Any> user_data = 99

message Patch

string api_version = 1

string kind = 2

optional PatchMeta meta = 3

optional PatchSpec spec = 4

message PatchExecutor

bool disableAnnotations = 1

message PatchMeta

string name = 1

string owner = 2

string description = 3

message PatchOperation

map<string, string> add = 1

repeated string remove = 2

map<string, string> update = 3

map<string, string> replaceKeys = 4

repeated string removeKeys = 5

message PatchPackage

optional PatchPackagePath path = 1

optional PatchOperation annotations = 2

optional PatchOperation labels = 3

optional PatchSecret data = 4

bool remove = 5

bool create = 6

message PatchPackagePath

string template = 1