Get trusted environments

GET /trusted-environments

Returns the list of trusted environments for the organization. If no organization is passed in, the organization attached to the user is assumed.

Responses

  • 200 application/json

    Trusted environments for this organization

    Hide response attributes Show response attributes object
    • accounts array[object]

      The list of trust relationships with different accounts

      The trust relationship with the clusters of one account.

      Hide accounts attributes Show accounts attributes object
      • account_id string Required

        the ID of the Account

      • name string

        A human readable name of the trust relationship

      • trust_all boolean Required

        If true, all clusters in this account will by default be trusted and the trust_allowlist is ignored.

      • trust_allowlist array[string]

        The list of clusters to trust. Only used when trust_all is false.

    • external array[object]

      The list of trust relationships with external entities

      The trust relationship with external entities (remote environments, remote accounts...).

      Hide external attributes Show external attributes object
      • trust_relationship_id string Required

        The ID of the external trust relationship

      • name string

        The name of the external trust relationship. Retrieved from the TrustRelationship and ignored on write.

      • trust_all boolean Required

        If true, all clusters in this external entity will be trusted and the trust_allowlist is ignored.

      • trust_allowlist array[string]

        The list of clusters to trust. Only used when trust_all is false.

    • direct array[object]

      The list of trust relationships where the certificate is bundled with the trust setting. Allows configuring trust for clusters running outside of an Elastic Cloud managed environment or in an Elastic Cloud environment without an environment level trust established.

      The trust relationship with entities trusted directly having their certificate bundled together with the trust settings.

      Hide direct attributes Show direct attributes object
      • uid string

        Auto generated identifier for this trust, allows distinguishing between update vs remove and add.

      • name string Required

        a human readable name of the trust relationship

      • type string

        The type can either be ESS, ECE, generic or proxy. If none is specified, then generic is assumed. If proxy is specified, trust_all should be false and trust_allowlist, scope_id and additional_node_names should be omitted.

        Values are ECE, ESS, generic, or proxy.

      • trust_all boolean Required

        If true, scope_id is required and the trust_allowlist is ignored and all clusters matching the scope id will be trusted.

      • trust_allowlist array[string]

        The list of clusters with matching scope to trust. Only used when trust_all is false. Providing one or more clusters makes scope_id mandatory.

      • scope_id string

        A lowercase alphanumerical string of max 32 characters. Usually an organization id or an environment id, but could really be any suitable suffix for clusters using the CA certificate of this trust. Required unless trust_all is false and trust_allowlist is empty.

      • additional_node_names array[string]

        A list of node names trusted in addition to those deducible from trust_allowlist and scope id. Allows trusting nodes that don't have a scoped name at the cost of maintaining the list. Mandatory if scope id is not defined. Wildcards are not allowed.

      • certificates array[object] Required

        The public ca certificate(s) to trust. Only one is required, but it is possible to specify multiple certificates in order to facilitate key rotation.

        An x509 certificate used by a DirectTrustRelationship

        Hide certificates attributes Show certificates attributes object
        • pem string Required

          The public ca certificate as string in PEM format.

        • metadata object

          Metadata about the certificate, including fingerprint and expiry date. Generated by the Cloud service and ignored on write.

          Hide metadata attributes Show metadata attributes object
          • fingerprint string Required

            The fingerprint of the certificate

          • valid_to string(date-time) Required

            The expiry date of the certificate in UTC

          • valid_from string(date-time) Required

            The valid from date of the certificate in UTC

          • also_trusted_by array[string]

            Other deployments also trusting this certificate
  • 404 application/json

    Organization not found. (code: organization.not_found)

    Hide headers attribute Show headers attribute
    • x-cloud-error-codes string

      The error codes associated with the response

      Value is organization.not_found.

    Hide response attribute Show response attribute object
    • errors array[object] Required

      A list of errors that occurred in the failing request

      Hide errors attributes Show errors attributes object
      • code string Required

        A structured code representing the error type that occurred

      • message string Required

        A human readable message describing the error that occurred

      • fields array[string]

        If the error can be tied to a specific field or fields in the user request, this lists those fields
GET /trusted-environments 
curl \
 --request GET 'http://api.elastic-cloud.com/api/v1/trusted-environments'