Boundary
Boundary controller HTTP API
Target Service
Lists all Targets.
Query Parameters
scope_id
string
recursive
boolean
filter
string
You can specify that the filter should only return items that match. Refer to filter expressions for more information.
list_token
string
An opaque token that Boundary uses to continue an existing iteration or request updated items. If you do not specify a token, pagination starts from the beginning. To learn more about list pagination in Boundary, refer to list pagination.
page_size
integer
The maximum size of a page in this iteration. If unset, the default page size configured will be used. If the page_size is greater than the default page configured, the page size will be truncated to this number..
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
response_type
string
The type of response, either "delta" or "complete". Delta signifies that this is part of a paginated result or an update to a previously completed pagination. Complete signifies that it is the last page.
list_token
string
An opaque token used to continue an existing pagination or request updated items. Use this token in the next list request to request the next page.
sort_by
string
The name of the field which the items are sorted by.
sort_dir
string
The direction of the sort, either "asc" or "desc".
removed_ids
string[]
est_item_count
integer
An estimate at the total items available. This may change during pagination.
Creates a single Target.
Body Parameters
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
attributes
object
The attributes that are applicable for the specific Target.
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Gets a single Target.
Path Parameters
id
string
RequiredRequiredSuccessful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Deletes a Target.
Path Parameters
id
string
RequiredRequiredSuccessful Response
No content.
Updates a Target.
Path Parameters
id
string
RequiredRequiredBody Parameters
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
attributes
object
The attributes that are applicable for the specific Target.
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Adds existing Credential Sources to a Target.
Path Parameters
id
string
RequiredRequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
brokered_credential_source_ids
string[]
injected_application_credential_source_ids
string[]
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Adds existing Host Sources to a Target. Cannot be used on targets that have their address field set.
Path Parameters
id
string
RequiredRequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
host_source_ids
string[]
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Authorizes a Session.
Path Parameters
id
string
RequiredRequiredThe ID of the target. Required unless some combination of scope_id/scope_name and name are set.
Body Parameters
name
string
The name of the target. When using this, scope_id or scope_name must be set.
scope_id
string
The scope ID containing the target, if specifying the target by name.
scope_name
string
The scope name containing the target, if specifying the target by name.
host_id
string
An optional parameter allowing specification of the particular Host within the Target's configured Host Sets to connect to during this Session.
Successful Response
session_id
string
Output only. The ID of the Session.
target_id
string
Output only. The ID of the Target authorizing this Session.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
created_time
string
Output only. The time this resource was created.
user_id
string
Output only. The User for which this Session was authorized.
host_set_id
string
Output only. The Host Set containing the Host being used for this Session.
host_id
string
Output only. The Host whose address is being used as the endpoint for this Session.
type
string
Output only. Type of the Session (e.g. tcp, ssh, etc.).
authorization_token
string
Output only. The marshaled SessionAuthorizationData message containing all information that the proxy needs.
connection_limit
integer
Output only. The connection limit being applied to this session. -1 means unlimited. This is not actually enforced on the client side but it provides for better listener handling by including it.
endpoint
string
Output only. The endpoint address that the worker will connect to, useful for setting TLS parameters.
endpoint_port
integer
Output only. The endpoint port that will be connected to, either from a port directly on the target or from a service definition.
expiration
string
Output only. The expiration time of the session.
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
raw
string
Output only. The base64-encoded value representing the raw bytes from the credential provider.
decoded
object
Output only. The decoded raw string, if a JSON object.
credential
object
Output only. The fields of the strongly typed credential, empty if the credential type of the credential source is unspecified.
session_recording_id
string
Output only. The ID of the Session Recording.
Removes Credential Sources from the Target.
Path Parameters
id
string
RequiredRequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
brokered_credential_source_ids
string[]
injected_application_credential_source_ids
string[]
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Removes Host Sources from the Target.
Path Parameters
id
string
RequiredRequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
host_source_ids
string[]
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Sets the Credential Sources on the Target.
Path Parameters
id
string
RequiredRequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
brokered_credential_source_ids
string[]
injected_application_credential_source_ids
string[]
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
Sources the Host Sources on the Target. Cannot be used on targets that have their address field set.
Path Parameters
id
string
RequiredRequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
host_source_ids
string[]
Successful Response
id
string
Output only. The ID of the resource.
scope_id
string
The Scope of of this resource. This must be defined for creation of this resource, but is otherwise output only.
id
string
The ID of the scope.
type
string
The type of the scope.
name
string
The name of the scope, if any.
description
string
The description of the scope, if any.
parent_scope_id
string
The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name
string
Required name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
type
string
The type of the Target.
host_source_ids
string[]
id
string
Output only. The ID of the Host Set.
host_catalog_id
string
Output only. The Host Catalog to which this Host Source belongs.
session_max_seconds
integer
Maximum total lifetime of a created Session, in seconds.
session_connection_limit
integer
Maximum number of connections allowed in a Session. Unlimited is indicated by the value -1.
worker_filter
string
Optional boolean expression to filter the workers that are allowed to satisfy this request. Deprecated; use egress or ingress worker filters instead.
egress_worker_filter
string
Optional boolean expressions to filter the egress workers that are allowed to satisfy this request.
ingress_worker_filter
string
Optional boolean expressions to filter the ingress workers that are allowed to satisfy this request. Unsupported on OSS.
brokered_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
injected_application_credential_source_ids
string[]
id
string
The ID of the Credential. May be empty if the credential is dynamically generated from a library.
name
string
Output only. The name of the Credential source.
description
string
Output only. The description of the Credential source.
credential_store_id
string
Output only. The Credential Store to which this Credential source belongs.
type
string
Output only. The type of the credential source (e.g. "vault"; not the type of the credential itself).
credential_type
string
Output only. The type of the credential, empty if unspecified.
attributes
object
The attributes that are applicable for the specific Target.
authorized_actions
string[]
address
string
Optional string value that represents a network resource and is used when establishing a session.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.
id
string
Output only. The ID of the alias referencing this target.
value
string
Ouput only. The value of the alias referencing this target.
scope_id
string
;
host_id
string
host_id is the id of the host that the session will be authorized for. When specified authorizing a session using this alias will have the same effect of authorizing a session to the alias' destination_id and passing in this value through the -host-id flag. If the host-id flag is also specified when calling authorize-session an error will be returned unless the provided host-id matches this value.