openapi: 3.0.3 info: title: DSH Tenant Resource Management REST API description: Resource management API for DSH version: 1.8.0 servers: - url: /resources/v0 tags: - name: application description: Manage applications. - name: app catalog description: Manage pre-packaged, easily configured apps that you can select from the App Catalog. - name: app catalog app configuration description: Configure apps you start from the App Catalog. - name: app catalog manifest description: Query what's in the App Catalog. - name: bucket description: Manage object store resources. - name: bucket watch description: Manage object store change events. - name: bucket access description: Manage the sharing of object stores with other tenants and with the outside world. - name: third party bucket description: Manage access to the object stores of other tenants. - name: certificate description: Manage certificate resources. - name: database description: Managed a scalable, PostgreSQL compatible, relational database. - name: data catalog description: Manage opt-in for data catalog assets. - name: flink cluster description: Manage a Flink cluster. - name: kafka proxy description: Manage Kafka proxies. - name: kafka acl group description: Manage Kafka ACL groups - name: managed tenant description: Manage other tenants. - name: managed tenant limits description: Manage the limits of other tenants. - name: managed streams description: Manage public and internal streams. - name: managed streams access description: Manage access to streams. - name: robot description: Request and renew Tenant API tokens. - name: secret description: Manage secrets. - name: topic description: Manage Kafka topics. - name: volume description: Manage volumes. security: - tokenAuth: [] components: securitySchemes: tokenAuth: type: http scheme: bearer parameters: AppID: in: path name: appid description: application name schema: type: string example: simpleweb-test required: true AppCatalogAppID: in: path name: appcatalogappid description: appcatalogapp name schema: type: string example: eavesdropper required: true BucketId: $ref: 'openapi-buckets.yml#/components/parameters/BucketId' BucketAccessName: $ref: 'openapi-buckets.yml#/components/parameters/BucketAccessName' CertificateId: in: path name: id schema: type: string required: true description: certificate name example: kafka-proxy-certificate DatabaseId: in: path name: id schema: type: string required: true description: database name example: db1 KafkaProxyId: in: path name: id schema: type: string required: true description: Kafka proxy id example: kafka-proxy-id KafkaACLGroupId: in: path name: id schema: type: string pattern: "[a-z][a-z0-9-]{1,15}" required: true description: Kafka ACL group id example: kafka-acl-group-id LimitKind: in: path name: kind schema: enum: [ cpu, mem, certificatecount, secretcount, topiccount, partitioncount, consumerrate, producerrate, requestrate ] required: true description: Limit request type example: cpu Manager: in: path name: manager schema: type: string required: true description: Name of the tenant that is acting as manager for this request example: manager-tenant ManagedStreamId: in: path name: streamId schema: $ref: '#/components/schemas/ManagedStreamId' required: true description: id of the managed stream, including the type prefix examples: awesomedata: summary: public stream called `awesomedata` for tenant `tnanet` value: stream.tnanet---awesomedata moredata: summary: internal stream called `moredata` for tenant `tnanet` value: internal.tnanet---moredata evenmoredata: summary: public stream called `evenmoredata` for tenant `tnanet` value: stream.tnanet---evenmoredata ManagedPublicStreamId: in: path name: streamId schema: $ref: '#/components/schemas/ManagedPublicStreamId' required: true description: id of the managed stream, including the type prefix examples: awesomedata: summary: public stream called `awesomedata` for tenant `tnanet` value: stream.tnanet---awesomedata evenmoredata: summary: public stream called `evenmoredata` for tenant `tnanet` value: stream.tnanet---evenmoredata ManagedInternalStreamId: in: path name: streamId schema: $ref: '#/components/schemas/ManagedInternalStreamId' required: true description: id of the managed stream, including the type prefix examples: moredata: summary: internal stream called `moredata` for tenant `tnanet` value: internal.tnanet---moredata SecretId: in: path name: id schema: type: string required: true description: secret name example: proximity-certificate-key TaskId: in: path name: id schema: type: string required: true description: task name example: dbfa9cdc-b9dc-11eb-9cb4-70b3d5800002 Tenant: in: path name: tenant schema: type: string required: true description: tenant name example: tenant-a TopicId: in: path name: id schema: type: string required: true description: topic name example: flinkjob-input VolumeId: in: path name: id schema: type: string required: true description: volume name example: flinkjob-store examples: application: description: an example application value: name: simpleweb-test image: "registry.cp.kpn-dsh.com/dshdemo/simpleweb:1.0.0" cpus: 0.1 mem: 256 env: MY_VARIABLE: "{ concat('I am running on ', variables('DSH_ENVIRONMENT'), ' blank ') }" instances: 1 singleInstance: true needsToken: true metrics: port: 7070 path: "/metrics" readableStreams: - "stream.airpollution" - "stream.weather" writableStreams: - "stream.metrics" topics: - "duptest" secrets: - name: "satellite-api-key" injections: - env: SATELLITE_API_KEY user: "1673:1673" appcatalogappconfiguration: description: an example appcatalogappconfiguration value: manifestUrn: "appcatalog/manifest/klarrio/whoami/0.0.1" stopped: false name: whoami configuration: "@uid": "1674" "@gid": "1674" LOG_LEVEL: warn LOG_LEVEL_MONITOR: warn LOG_LEVEL_SERVICE: warn allocationStatus: description: an example application value: derivedFrom: "optional URN of optional parent allocation" provisioned: true notifications: [] certificate: description: an example certificate value: certChainSecret: ctest-deployment-certificate keySecret: ctest-deployment-key certificateStatus: description: an example CertificateStatus value: configuration: certChainSecret: ctest-deployment-certificate keySecret: ctest-deployment-key actual: certChainSecret: ctest-deployment-certificate keySecret: ctest-deployment-key status: provisioned: true notifications: [ ] database: description: an example database value: instances: 3 cpus: 1.0 mem: 2048 volumeSize: 10 extensions: [ ] version: "" snapshotInterval: 0 databaseStatus: description: an example databaseStatus value: configuration: instances: 3 cpus: 1.0 mem: 2048 volumeSize: 10 extensions: [ ] version: "" snapshotInterval: 0 actual: instances: 3 cpus: 1.0 mem: 2048 volumeSize: 10 extensions: [ ] version: "" snapshotInterval: 0 status: provisioned: true notifications: [ ] flinkCluster: description: an example flinkCluster value: jobManager: cpus: 0.3 mem: 1024 taskManager: instances: 2 cpus: 0.3 mem: 3072 version: "1.12" zone: "public" flinkClusterStatus: description: an example FlinkClusterStatus value: configuration: jobManager: cpus: 0.3 mem: 1024 taskManager: instances: 2 cpus: 0.3 mem: 3072 version: "1.12" zone: "public" actual: jobManager: cpus: 0.3 mem: 1024 taskManager: instances: 2 cpus: 0.3 mem: 3072 version: "1.12" zone: "public" status: provisioned: true notifications: [ ] managedInternalStream: description: a internal managed stream value: kind: internal partitions: 6 replicationFactor: 3 publicManagedStreamWithDefaultKafkaPartitioner: description: a public managed stream with a default kafka partitioner value: kind: public partitions: 6 replicationFactor: 3 contract: $ref: '#/components/examples/publicStreamContractWithDefaultKafkaPartitioner/value' publicManagedStreamWithTopicLevelPartitioner: description: a public managed stream with a topic level partitioner value: kind: public partitions: 6 replicationFactor: 3 contract: $ref: '#/components/examples/publicStreamContractWithTopicLevelPartitioner/value' publicStreamContractWithTopicLevelPartitioner: description: stream contract for a managed public stream with a topic level partitioner value: canBeRetained: true partitioner: $ref: '#/components/examples/topicLevelPartitioner/value' publicStreamContractWithDefaultKafkaPartitioner: description: stream contract for a managed public stream with a default kafka partitioner value: canBeRetained: true partitioner: $ref: '#/components/examples/defaultKafkaPartitioner/value' topicLevelPartitioner: description: a topic level partitioner value: kind: topicLevel topicLevel: 2 defaultKafkaPartitioner: description: the default kafka partitioner value: kind: kafkaDefault managedTenant: description: an example managed tenant value: name: a-tenant manager: managing-tenant services: - name: vpn enabled: false - name: monitoring enabled: true - name: tracing enabled: true managedTenantLimitListAll: description: an example of all managed tenant limits as a list value: - name: cpu value: 0.5 - name: mem value: 4096 - name: certificatecount value: 10 - name: secretcount value: 10 - name: topiccount value: 10 - name: partitioncount value: 10 - cname: onsumerrate value: 1048576 - name: producerrate value: 1048576 - name: requestrate value: 50 managedTenantLimitListSome: description: an example of some managed tenant limits as a list value: - name: cpu value: 0.5 - name: mem value: 4096 managedTenantLimitCpu: description: an example of the managed tenant limit for vCPU quota value: name: cpu value: 0.5 managedTenantLimitMem: description: an example of the managed tenant limit for memory (MiB) value: name: mem value: 4096 managedTenantLimitCertificateCount: description: an example of the managed tenant limit for certificates value: name: certificateCount value: 10 managedTenantLimitSecretCount: description: an example of the managed tenant limit for secrets value: name: secretCount value: 10 managedTenantLimitTopicCount: description: an example of the managed tenant limit for topics value: name: topicCount value: 10 managedTenantLimitPartitionCount: description: an example of the managed tenant limit for partitions value: name: partitionCount value: 10 managedTenantLimitConsumerRate: description: an example of the managed tenant limit for Kafka consumer rate (bytes/s) value: name: consumerRate value: 1048576 managedTenantLimitProducerRate: description: an example of the managed tenant limit for Kafka producer rate (bytes/s) value: name: producerRate value: 1048576 managedTenantLimitRequestRate: description: an example of the managed tenant limit for Kafka request rate (%) value: name: requestRate value: 50 kafkaProxy: description: an example of a Kafka proxy configuration value: name: test-proxy zone: public instances: 1 cpus: 1.0 mem: 1024 secretNameCaChain: test-proxy-ca-chain certificate: test-certificate schemaStore: true schemaStoreCpus: 0.1 schemaStoreMem: 256 validations: - commonName: tenant-common-name country: NL locality: Rotterdam organization: KPN organizationalUnit: DSH province: Zuid-Holland subjectType: EXACT enableKafkaAclGroups: false secret: description: an example secret value: name: secret-name value: secret-value task: description: an example task value: healthy: true host: 10.0.2.36 stagedAt: '2017-12-07T10:53:46.643Z' startedAt: '2017-12-07T10:55:41.765Z' stoppedAt: '2017-12-07T10:58:41.765Z' lastUpdate: 1639161445 state: RUNNING taskStatus: description: an example taskStatus value: configuration: healthy: true host: 10.0.2.36 stagedAt: '2017-12-07T10:53:46.643Z' startedAt: '2017-12-07T10:55:41.765Z' stoppedAt: '2017-12-07T10:58:41.765Z' lastUpdate: 1639161445 state: RUNNING actual: healthy: true host: 10.0.2.36 stagedAt: '2017-12-07T10:53:46.643Z' startedAt: '2017-12-07T10:55:41.765Z' stoppedAt: '2017-12-07T10:58:41.765Z' lastUpdate: 1639161445 state: RUNNING status: provisioned: true notifications: [ ] topic: description: an example topic value: partitions: 2 replicationFactor: 1 topicStatus: description: an example topicStatus value: configuration: partitions: 2 replicationFactor: 1 actual: partitions: 2 replicationFactor: 1 status: provisioned: true notifications: [ ] volume: description: an example volume value: sizeGiB: 1 volumeStatus: description: an example volumeStatus value: configuration: sizeGiB: 1 actual: sizeGiB: 1 status: provisioned: true notifications: [ ] schemas: ActualCertificate: description: information on a certificate which is provisioned on the platform type: object allOf: - $ref: "#/components/schemas/Certificate" - type: object properties: serialNumber: type: string notBefore: type: string format: date-time notAfter: type: string format: date-time distinguishedName: type: string dnsNames: type: array items: type: string required: [ serialNumber, notBefore, notAfter, distinguishedName, dnsNames ] AllocationStatus: $ref: 'openapi-common.yml#/components/schemas/AllocationStatus' Application: type: object properties: cpus: description: How many CPUs this application needs (0.5 = 50% of 1 cpu) type: number mem: description: Amount of memory your application needs in MB type: integer minimum: 0 env: description: Environment variables type: object additionalProperties: type: string exposedPorts: description: Exposes ports of your application outside the platform type: object additionalProperties: $ref: "#/components/schemas/PortMapping" healthCheck: $ref: "#/components/schemas/HealthCheck" image: description: The container image to launch format: docker_repo/tag:version type: string instances: default: 1 description: Number of instances that need to be spun up for this app type: integer minimum: 0 needsToken: default: true description: > If true, the platform will provision a secret token in the `DSH_SECRET_TOKEN` environment variable. This token can be exchanged for a client certificate that can be used for authentication to, amongst others, the Kafka brokers. type: boolean singleInstance: default: false description: "If true, the platform will ensure that there is always at most one instance of this application running at the same time. This impacts restart and upgrade behavior: A single-instance application will be terminated before a replacement is started, whereas an application that is not single-instance will remain running until its replacement has started and reports healthy. **Note** Applications that define volumes are always implicitly treated as single-instance, even if this flag is not set." type: boolean user: description: "The userid:groupid combination used to start the application container." type: string format: "userid:groupid" metrics: $ref: "#/components/schemas/Metrics" spreadGroup: description: "The spread group - if any - to be used to ensure instances of one or more applications are not scheduled onto the same node." type: string secrets: type: array items: $ref: "#/components/schemas/ApplicationSecret" topics: description: names of scratch topics to which the application needs access. type: array items: type: string readableStreams: description: names of streams to which the application needs read access. type: array items: type: string writableStreams: description: names of streams to which the application needs write access. type: array items: type: string volumes: description: "The volumes to be mounted in the container. The dictionary key is the mount point." type: object additionalProperties: type: object properties: name: type: string description: the full name of the volume that needs to be mounted in the container. required: [ name ] required: - image - user - cpus - mem ApplicationSecret: type: object description: a secret to be injected as an environment variable in the application properties: name: type: string description: the secret's name injections: description: a list of environment variable names. The secret's value may be injected multiple times as different environment variables, so multiple environment variable names for the same secret can be provided type: array items: type: object additionalProperties: type: string required: [ name, injections ] AppCatalogApp: type: object properties: name: type: string configuration: type: string manifestUrn: type: string resources: description: child resources type: object additionalProperties: oneOf: - $ref: '#/components/schemas/Application' - $ref: '#/components/schemas/Bucket' - $ref: '#/components/schemas/Certificate' - $ref: '#/components/schemas/Secret' - $ref: '#/components/schemas/Topic' - $ref: '#/components/schemas/Vhost' - $ref: '#/components/schemas/Volume' required: [ name, manifestUrn, resources ] AppCatalogAppConfiguration: type: object properties: name: type: string manifestUrn: type: string stopped: type: boolean configuration: description: configuration parameters to be used in AppCatalog manifest type: object additionalProperties: type: string required: [ name, manifestUrn, stopped, configuration ] AppCatalogManifest: type: object properties: lastModified: description: creation timestamp of the secret type: number payload: type: string draft: type: boolean required: [ lastModified, payload, draft ] Bucket: $ref: 'openapi-buckets.yml#/components/schemas/Bucket' BucketStatus: $ref: 'openapi-buckets.yml#/components/schemas/BucketStatus' BucketWatch: $ref: 'openapi-buckets.yml#/components/schemas/BucketWatch' Certificate: type: object description: information on a certificate which is wanted on the platform but may not yet be provisioned properties: keySecret: type: string certChainSecret: type: string passphraseSecret: type: string required: [ keySecret, certChainSecret ] CertificateStatus: type: object properties: configuration: $ref: "#/components/schemas/Certificate" actual: $ref: "#/components/schemas/ActualCertificate" status: $ref: "#/components/schemas/AllocationStatus" required: [ status ] ClientSecret: type: object properties: value: description: the secret value type: string createdDate: description: creation timestamp of the secret type: number required: [ value ] Database: type: object properties: instances: type: integer minimum: 3 example: 3 cpus: type: number minimum: 0.5 example: 1.0 mem: type: integer minimum: 2048 example: 3072 volumeSize: type: integer minimum: 10 example: 10 extensions: type: array example: [ "postgis", "postgres_fdw", "uuid-ossp" ] items: type: string version: type: string example: "2.11.1.0-8" snapshotInterval: type: integer minimum: 3600 example: 3600 required: - instances - cpus - mem - volumeSize DatabaseStatus: type: object properties: configuration: $ref: "#/components/schemas/Database" actual: $ref: "#/components/schemas/Database" status: $ref: "#/components/schemas/AllocationStatus" required: [ status ] KafkaProxyStatus: type: object properties: configuration: $ref: "#/components/schemas/KafkaProxy" status: $ref: "#/components/schemas/AllocationStatus" required: [ status ] Empty: type: object properties: {} additionalProperties: false FlinkCluster: type: object properties: version: description: Flink version type: string jobManager: $ref: "#/components/schemas/FlinkJobManager" taskManager: $ref: "#/components/schemas/FlinkTaskManager" zone: description: Network zone this cluster needs to run in. /components/schemas/Zone contains a list of available network zones in this platform. type: string required: [ version, zone ] FlinkJobManager: type: object properties: cpus: description: CPU quota for the Flink job manager (minimum 0.3 = 30% of 1 CPU) type: number minimum: 0.3 example: 0.3 mem: description: Memory (MB) for this Flink job manager (minimum 1024 = 1 GB) type: integer minimum: 1024 example: 1024 required: [ cpus, mem ] FlinkClusterStatus: type: object properties: configuration: $ref: "#/components/schemas/FlinkCluster" actual: $ref: "#/components/schemas/FlinkCluster" status: $ref: "#/components/schemas/AllocationStatus" required: [ status ] FlinkTaskManager: type: object properties: instances: description: Number of Flink task managers (minimum 1) type: integer minimum: 1 example: 2 cpus: description: CPU quota for each Flink task manager (minimum 0.3 = 30% of 1 CPU) type: number minimum: 0.3 example: 0.3 mem: description: Memory (MB) for each Flink task manager (minimum 1024 = 1 GB) type: integer minimum: 1024 example: 3072 required: [ cpus, mem, instances ] HealthCheck: type: object properties: port: description: > The TCP port for the health check type: integer minimum: 0 default: 7070 path: description: > The HTTP path for the health check type: string default: '/' protocol: description: > The protocol for for the health check (http or https) type: string enum: [ http, https ] KafkaAclGroup: description: information about a Kafka ACL group type: object properties: readableStreams: type: array items: $ref: "#/components/schemas/KafkaAclGroupTopic" writableStreams: type: array items: $ref: "#/components/schemas/KafkaAclGroupTopic" example: readableStreams: - kind: topic name: readable-topic-1 - kind: public name: readable-topic-2 writableStreams: - kind: topic name: writeable-topic-1 - kind: internal name: writeable-topic-2 KafkaAclGroupTopic: description: Kafka ACL group topic definition type: object properties: name: type: string description: topic name kind: type: string enum: [ topic, internal, public ] required: [ name, kind ] KafkaProxy: type: object properties: name: description: Name of the new Kafka Proxy type: string zone: description: Available networks on this platform type: string enum: - "private" - "public" cpus: description: CPU quota for each Kafka Proxy (minimum 0.3 = 30% of 1 CPU) type: number minimum: 0.3 example: 0.3 mem: description: Memory (MB) for each Kafka Proxy (minimum 1024 = 1 GB) type: integer minimum: 1024 example: 3072 instances: description: Number of instances type: integer minimum: 1 example: 2 secretNameCaChain: description: Secret name containing the Ca Cert type: string certificate: description: Secret name with the server certificate type: string schemaStore: description: Set to True no enable Schema Store type: boolean schemaStoreCpus: description: CPU quota for Schema Store (minimum 0.3 = 30% of 1 CPU) type: number minimum: 0.1 example: 0.1 schemaStoreMem: description: Memory (MB) for Schema Store (minimum 256MB) type: integer minimum: 256 example: 256 validations: type: array items: $ref: "#/components/schemas/Validations" enableKafkaAclGroups: description: | Set to True to enable the ACL groups (Advanced feature: without the correct acl groups in place this will result in a non-functioning proxy instance) type: boolean required: [ cpus, mem, instances, zone, secretNameCaChain, certificate ] KafkaProxyValidation: type: "object" description: "client certificate validations, only non empty values taken in account, no values means no validation" properties: commonName: type: "string" country: type: "string" locality: type: "string" organization: type: "string" organizationalUnit: type: "string" province: type: "string" subjectType: description: "EXACT for exact match, PATTERN for pattern match" type: "string" enum: [ "EXACT", "PATTERN" ] required: - "subjectType" LimitValue: oneOf: - $ref: '#/components/schemas/LimitValueCpu' - $ref: '#/components/schemas/LimitValueMem' - $ref: '#/components/schemas/LimitValueCertificateCount' - $ref: '#/components/schemas/LimitValueSecretCount' - $ref: '#/components/schemas/LimitValueTopicCount' - $ref: '#/components/schemas/LimitValuePartitionCount' - $ref: '#/components/schemas/LimitValueConsumerRate' - $ref: '#/components/schemas/LimitValueProducerRate' - $ref: '#/components/schemas/LimitValueRequestRate' - $ref: '#/components/schemas/LimitValueKafkaAclGroupCount' discriminator: propertyName: name mapping: cpu: '#/components/schemas/LimitValueCpu' mem: '#/components/schemas/LimitValueMem' certificateCount: '#/components/schemas/LimitValueCertificateCount' secretCount: '#/components/schemas/LimitValueSecretCount' topicCount: '#/components/schemas/LimitValueTopicCount' partitionCount: '#/components/schemas/LimitValuePartitionCount' consumerRate: '#/components/schemas/LimitValueConsumerRate' producerRate: '#/components/schemas/LimitValueProducerRate' requestRate: '#/components/schemas/LimitValueRequestRate' kafkaAclGroupCount: '#/components/schemas/LimitValueKafkaAclGroupCount' BaseLimitValue: type: object required: - name properties: name: type: string enum: - cpu - mem - certificateCount - secretCount - topicCount - partitionCount - consumerRate - producerRate - requestRate LimitValueCpu: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The number of CPUs to provision for the managed tenant (factions of a vCPU core, 1.0 equals 1 vCPU) type: number minimum: 0.01 multipleOf: 0.01 maximum: 16.0 LimitValueMem: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The amount of memory available for the managed tenant (MiB) type: integer minimum: 1 maximum: 131072 # max 16 cpu x 8 GiB of memory = 128 GiB LimitValueCertificateCount: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The number of certificates available for the managed tenant type: integer minimum: 1 maximum: 40 LimitValueSecretCount: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The number of secrets available for the managed tenant type: integer minimum: 1 maximum: 40 LimitValueTopicCount: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The number of topics available for the managed tenant type: integer minimum: 1 maximum: 40 LimitValuePartitionCount: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The number of partitions available for the managed tenant type: integer minimum: 1 maximum: 40 LimitValueKafkaAclGroupCount: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The number of Kafka ACL groups available for the managed tenant type: integer minimum: 0 maximum: 50 LimitValueConsumerRate: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The maximum allowed consumer rate (bytes/sec) type: integer minimum: 1048576 # 1 MiB/s maximum: 1250000000 # 10 Gbit/s LimitValueProducerRate: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The maximum allowed producer rate (bytes/sec) type: integer minimum: 1048576 # 1 MiB/s maximum: 1250000000 # 10 Gbit/s LimitValueRequestRate: allOf: - $ref: '#/components/schemas/BaseLimitValue' - type: object required: - value properties: value: description: The maximum allowed request rate (%) type: integer minimum: 1 maximum: 100 InternalManagedStream: description: > An internal stream. A stream that can be shared between different tenants, but is not accessible over the MQTT protocol adapter. type: object allOf: - $ref: '#/components/schemas/Topic' - type: object properties: kind: description: For internal streams, the value of `kind` must be `internal.` type: string enum: [ internal ] required: - kind example: $ref: '#/components/examples/managedInternalStream' PublicManagedStream: description: > A public stream. A stream that can be shared between different tenants within the DSH platform, and is accessible over the MQTT protocol adapter. A public stream requires a stream contract. type: object allOf: - $ref: '#/components/schemas/Topic' - type: object properties: kind: description: For public streams, the value of `kind` must be `public` type: string enum: [ public ] contract: $ref: '#/components/schemas/PublicManagedStreamContract' required: - contract - kind example: - $ref: '#/components/examples/publicManagedStreamWithTopicLevelPartitioner' - $ref: '#/components/examples/publicManagedStreamWithDefaultKafkaPartitioner' PublicManagedStreamContract: description: The stream contract for a public stream. type: object required: - canBeRetained - partitioner properties: canBeRetained: description: Whether MQTT records can have the "retained" flag. type: boolean partitioner: description: The partitioner used to partition messages across different kafka partitions. oneOf: - $ref: '#/components/schemas/PublicManagedStreamTopicLevelPartitioner' - $ref: '#/components/schemas/PublicManagedStreamKafkaDefaultPartitioner' discriminator: propertyName: kind mapping: topicLevel: '#/components/schemas/PublicManagedStreamTopicLevelPartitioner' kafkaDefault: '#/components/schemas/PublicManagedStreamKafkaDefaultPartitioner' example: - $ref: '#/components/examples/publicManagedStreamWithTopicLevelPartitioner' - $ref: '#/components/examples/publicManagedStreamWithDefaultKafkaPartitioner' PublicManagedStreamTopicLevelPartitioner: type: object properties: topicLevel: type: integer example: 2 kind: enum: [ topicLevel ] example: "topicLevel" required: - topicLevel - kind example: $ref: '#/components/examples/topicLevelPartitioner' PublicManagedStreamKafkaDefaultPartitioner: type: object properties: kind: example: "kafkaDefault" enum: [ kafkaDefault ] required: - kind example: $ref: '#/components/examples/defaultKafkaPartitioner' ManagedStreamId: description: > The id of a managed stream consists of a `stream.` or `internal.` prefix followed by a managing prefix set specifically as a limit for each managing tenant, and name of the stream. The managing prefix and the name are separated by `---` (three hyphens). Id's starting with `stream` indicate a public stream, id's starting with `internal` indicate an internal stream. For an internal stream called `maerts` for tenant `tnanet` with an assigned managing prefix `tna` the full name would be `internal.tna---maerts` For a public stream with the same name and tenant, the full name would be `stream.tna---maerts`. Note that the regular expressions below don't cover all restrictions. The tenant name part must still adhere to the rules for tenant names, the stream name part must still adhere to the following rules: - Must have a minimum length of 3 and a maximum length of 100, - Must only contain lower case alphanumerical characters `[a-z0-9]` and hyphens `-`, - Must not contain three sequential hyphens `---`, two sequential hyphens is fine, - Must start with an lowercase letter `^[a-z]` - Must end with a lowercase letter or digit `[a-z0-9]$` type: string pattern: '^(stream|internal)\.[a-z][a-z0-9-]{0,38}[a-z]---[a-z][a-z0-9-]{1,98}[a-z0-9]$' ManagedPublicStreamId: description: > The id of a managed stream consists of a `stream.` or `internal.` prefix followed by a managing prefix set specifically as a limit for each managing tenant, and name of the stream. The managing prefix and the name are separated by `---` (three hyphens). Id's starting with `stream` indicate a public stream, id's starting with `internal` indicate an internal stream. For an internal stream called `maerts` for tenant `tnanet` with an assigned managing prefix `tna` the full name would be `internal.tna---maerts` For a public stream with the same name and tenant, the full name would be `stream.tna---maerts`. Note that the regular expressions below don't cover all restrictions. The tenant name part must still adhere to the rules for tenant names, the stream name part must still adhere to the following rules: - Must have a minimum length of 3 and a maximum length of 100, - Must only contain lower case alphanumerical characters `[a-z0-9]` and hyphens `-`, - Must not contain three sequential hyphens `---`, two sequential hyphens is fine, - Must start with an lowercase letter `^[a-z]` - Must end with a lowercase letter or digit `[a-z0-9]$` type: string pattern: '^(stream)\.[a-z][a-z0-9-]{0,38}[a-z]---[a-z][a-z0-9-]{1,98}[a-z0-9]$' ManagedInternalStreamId: description: > The id of a managed stream consists of a `internal.` prefix followed by the name of the managing tenant and the name of the stream separated by `---` (three hyphens). id's starting with `internal` indicate an internal stream. For an internal stream called `maerts` for tenant `tnanet` with an assigned managing prefix `tna` the full name would be `internal.tna---maerts` For a public stream with the same name and tenant, the full name would be `stream.tna---maerts`. Note that the regular expressions below don't cover all restrictions. The tenant name part must still adhere to the rules for tenant names, the stream name part must still adhere to the following rules: - Must have a minimum length of 3 and a maximum length of 100, - Must only contain lower case alphanumerical characters `[a-z0-9]` and hyphens `-`, - Must not contain three sequential hyphens `---`, two sequential hyphens is fine, - Must start with an lowercase letter `^[a-z]` - Must end with a lowercase letter or digit `[a-z0-9]$` type: string pattern: '^(internal)\.[a-z][a-z0-9-]{0,38}[a-z]---[a-z][a-z0-9-]{1,98}[a-z0-9]$' ManagedTenant: type: object required: - name - manager properties: name: type: string description: Name of the tenant. Must be identical to the tenant name used in the path. manager: type: string description: | Name of the tenant that is acting as manager for this tenant. Must be identical to the `manager` parameter in the path. services: type: array description: | List of services that are enabled for this tenant. At this point, `monitoring` is a requirement (it's `enabled` value must be `true`). The default values for `tracing` and `vpn` are both `false`. The `vpn` service is only available on some platforms. Requesting it on a platform that doesn't support it will cause the request to be rejected. default: - name: monitoring enabled: true - name: vpn enabled: false - name: tracing enabled: false items: type: object required: - name - enabled properties: name: type: string enum: [ "vpn", "tracing", "monitoring" ] enabled: type: boolean Metrics: type: object description: metrics endpoint which will be scraped by the platform. properties: port: description: > The TCP port for the metrics endpoint type: integer minimum: 0 default: 7070 path: description: > The HTTP path for the metrics endpoint type: string default: '/metrics' Notification: type: object properties: remove: type: boolean description: true if the notification has to do with removal of the allocation, false if it relates to creation/update of the resource message: type: string args: type: object additionalProperties: type: string required: [ remove, message ] PortMapping: type: object properties: auth: # TODO give a proper description, define a pattern spec that captures all possible variations description: TODO type: string mode: type: string description: > Routing mode. The allowed values are: * `http` (default if this property is omitted). HTTP routing and TLS termination are done by the platform. In this case, the `tls` and (optionally) `paths` settings should be configured as well. * `tcp/`. The platform only does plain TCP routing, with TLS pass-through. When set, the `tls` and `paths` settings are ignored. The application is responsible for TLS termination and certificate management. There are various possible values for `` that may appear when listing allocation configurations, but the only value that is allowed to be set in regular application allocations is `tcp/https`. * `tcp/https`. Any traffic arriving on `:443` will be forwarded (TLS included) to the service. * `tcp/kafka-proxy` is used by Kafka Proxies. This endpoint is auto-configured by the platform when allocating a Kafka Proxy application and should *not* be used when allocating regular applications. * `tcp/vpn-tcp` is used by a VPN application. This endpoint is auto-configured by the platform when allocating a VPN application and should *not* be used when allocating regular applications. paths: description: The paths which are allowed on the associated vhost type: array items: $ref: "#/components/schemas/PathSpec" tls: description: The default is 'auto', indicating that the port will only accept secured connections. Put this to 'none' if you do not want the service to have a secure endpoint. type: string enum: [ 'auto', 'none' ] vhost: description: The host name that needs to be assigned to this port (for multiple names, separate them with commas) type: string whitelist: description: Put ip addresses or ip ranges that can call this service here (for multiple addresses, separate them with spaces) type: string serviceGroup: description: To load balance traffic between different services, use this optional field to put those services in the same service group. Choose any name consisting of all lowercase letters. type: string PathSpec: type: object properties: prefix: type: string description: The path prefix (starting with `/`, ending without `/`) that will be matched for routing to this service. required: [prefix] Secret: type: object properties: name: type: string value: type: string required: [ name, value ] Task: type: object example: healthy: true host: 10.0.2.36 stagedAt: '2017-12-07T10:53:46.643Z' startedAt: '2017-12-07T10:55:41.765Z' stoppedAt: '2017-12-07T10:58:41.765Z' lastUpdate: 1638980430 state: RUNNING properties: healthy: description: > false or true depending on health checks (empty if no health checks) type: boolean host: description: > The IP address of the host the task is running on (not the IP address of the task itself) type: string format: ipv4 logs: description: Optional link to the latest log dump for this task format: url type: string stagedAt: description: Staging time of the task type: string format: date-time startedAt: description: Start time of the task type: string format: date-time stoppedAt: description: Stopped time of the task type: string format: date-time lastUpdate: description: Timestamp of the last time the task was updated type: integer format: int64 state: description: The state the task is in type: string enum: - DROPPED - ERROR - FAILED - FINISHED - GONE - GONE_BY_OPERATOR - KILLED - KILLING - LOST - RUNNING - STAGING - STARTING - UNKNOWN - UNREACHABLE required: [ host, stagedAt, startedAt, state ] TaskStatus: type: object properties: configuration: $ref: "#/components/schemas/Task" actual: $ref: "#/components/schemas/Task" status: $ref: "#/components/schemas/AllocationStatus" required: [ status ] Topic: type: object properties: partitions: type: integer replicationFactor: type: integer kafkaProperties: $ref: "#/components/schemas/KafkaProperties" required: [ partitions, replicationFactor ] KafkaProperties: type: object additionalProperties: type: string description: | Additional Kafka properties to be set on the topic. The properties are key-value pairs. The key is the property name and the value is the property value. The following properties are allowed: - `cleanup.policy`: `delete|compact` - `compression.type`: `uncompressed|zstd|lz4|snappy|gzip|producer` - `delete.retention.ms`: min 0 - `max.message.bytes`: min `1024`, max `1048576` (1024x1024) - `message.timestamp.type`: `CreateTime|LogAppendTime` - `retention.bytes` min 0 - `retention.ms` min `3600000` (1 hour), max: `3,1536E+10` (365 days) - `segment.bytes`: min `52428800` (1024x1024x50) TopicStatus: type: object properties: configuration: $ref: "#/components/schemas/Topic" actual: $ref: "#/components/schemas/Topic" status: $ref: "#/components/schemas/AllocationStatus" required: [ status ] Validations: type: object properties: commonName: description: Certificate common name type: string country: description: Certificate country type: string locality: description: Certificate locality type: string organization: description: Certificate organization type: string organizationalUnit: description: Certificate Organizational unit type: string province: description: Certificate province type: string subjectType: description: Certificate subject Type type: string Vhost: type: object properties: value: type: string required: [ value ] Volume: type: object properties: sizeGiB: type: integer required: [ sizeGiB ] VolumeStatus: type: object properties: configuration: $ref: "#/components/schemas/Volume" actual: $ref: "#/components/schemas/Volume" status: $ref: "#/components/schemas/AllocationStatus" required: [ status ] Zone: description: available networks on this platform type: object properties: network: type: string enum: - "internal" - "public" required: [ network ] paths: ####################################### # APPLICATIONS # ####################################### /allocation/{tenant}/application/configuration: parameters: - $ref: "#/components/parameters/Tenant" get: tags: - application summary: Returns the configuration of every application created by a given tenant. responses: '200': description: Returns a json object where the key is the name of an application, and the value is it's respective configuration. content: application/json: schema: type: object additionalProperties: $ref: "#/components/schemas/Application" /allocation/{tenant}/application/{appid}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppID" get: tags: - application summary: Returns the configuration of a certain application, specified by the tenant name and application name. responses: '200': description: Returns the service definition of a given application identifier and tenant content: application/json: schema: $ref: "#/components/schemas/Application" examples: application: $ref: "#/components/examples/application" delete: tags: - application summary: deletes an application by a specified application id responses: '202': description: delete request has been accepted put: tags: - application summary: creates an application allocation, or update it's configuration requestBody: description: a JSON containing the configuration of the application you want to deploy required: true content: application/json: schema: $ref: '#/components/schemas/Application' examples: application: $ref: '#/components/examples/application' responses: '202': description: create/update request has been accepted '500': description: create/update request was not accepted /allocation/{tenant}/application/actual: parameters: - $ref: "#/components/parameters/Tenant" get: tags: - application summary: returns a list containing the configuration of every deployed application of a given tenant responses: '200': description: returns a JSON object containing the configurations of all application allocations as they are actually deployed. This may differ from the wanted configuration. If an application is stuck while deploying, it will not show up here. content: application/json: schema: type: object additionalProperties: $ref: "#/components/schemas/Application" /allocation/{tenant}/application/{appid}/actual: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppID" get: summary: returns the configuration of a deployed application allocation for a given app id and tenant tags: - application responses: '200': description: returns a JSON object containing the configuration of an application allocation as it is actually deployed. This may differ from the wanted configuration. If an application is stuck while deploying, it will not show up here. content: application/json: schema: $ref: "#/components/schemas/Application" examples: objectExample: $ref: '#/components/examples/application' /allocation/{tenant}/application/{appid}/status: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppID" get: summary: returns a status description of an application allocation tags: - application responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' ####################################### # appcatalogAPPS # ####################################### /allocation/{tenant}/appcatalogapp/configuration: parameters: - $ref: "#/components/parameters/Tenant" get: tags: - app catalog summary: returns a list containing all App Catalog App allocations and their respective configurations of a given tenant responses: '200': description: > configuration of all App Catalog App allocations of a tenant. This may differ from the wanted configuration. This shows the complete configuration of the App Catalog App. To only view the configuration parameters of this allocation, see the `appcatalogappconfiguration` section. content: application/json: schema: type: object additionalProperties: $ref: "#/components/schemas/AppCatalogApp" /allocation/{tenant}/appcatalogapp/actual: parameters: - $ref: "#/components/parameters/Tenant" get: tags: - app catalog summary: returns a list containing all App Catalog App allocations and their respective configurations of a given tenant, as they are actually deployed responses: '200': description: > configuration of all App Catalog App allocations as they are actually deployed. This may differ from the wanted configuration. This shows the complete configuration of the App Catalog App. To only view the configuration parameters of this allocation, see the `appcatalogappconfiguration` section. content: application/json: schema: type: object additionalProperties: $ref: "#/components/schemas/AppCatalogApp" /allocation/{tenant}/appcatalogapp/{appcatalogappid}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppCatalogAppID" get: tags: - app catalog summary: > returns the configuration of an App Catalog App allocation by a specified tenant name and App Catalog App Id. To only view the configuration parameters of this allocation, see the `appcatalogappconfiguration` section. responses: '200': description: a JSON object containing the configuration of an appcatalogapp allocation content: application/json: schema: $ref: "#/components/schemas/AppCatalogApp" /allocation/{tenant}/appcatalogapp/{appcatalogappid}/actual: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppCatalogAppID" get: summary: > returns the configuration of an App Catalog App allocation as it is actually deployed. To only view the configuration parameters of this allocation, see the `appcatalogappconfiguration` section. tags: - app catalog responses: '200': description: a JSON object containing the configuration of an App Catalog App allocation as it is actually deployed. This may differ from the wanted configuration. If an application is stuck while deploying, it will not show up here. content: application/json: schema: $ref: "#/components/schemas/AppCatalogApp" /appcatalog/{tenant}/appcatalogapp/{appcatalogappid}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppCatalogAppID" get: tags: - app catalog app configuration summary: Returns the wanted configuration of an App Catalog App by its tenant name and AppCatalogApp Id. If an App Catalog App is stuck while deploying and not on actual, it will show up here. responses: '200': description: A JSON Object containing the wanted configuration of an App Catalog App content: application/json: schema: $ref: "#/components/schemas/AppCatalogAppConfiguration" examples: appcatalogapp: $ref: "#/components/examples/appcatalogappconfiguration" delete: tags: - app catalog app configuration summary: deletes an App Catalog App responses: '202': description: the delete request has been accepted put: tags: - app catalog app configuration summary: creates a new App Catalog App, or update its configuration requestBody: description: JSON object containing required parameters for AppCatalogApp manifest. This is comparable to the configuration object on a regular Application service. required: true content: application/json: schema: $ref: '#/components/schemas/AppCatalogAppConfiguration' examples: appcatalogapp: $ref: "#/components/examples/appcatalogappconfiguration" responses: '202': description: create/update request has been accepted '500': description: create/update request was not accepted /appcatalog/{tenant}/appcatalogapp/{appcatalogappid}/status: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppCatalogAppID" get: summary: gets status description of an App Catalog App tags: - app catalog app configuration responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' /appcatalog/{tenant}/manifest: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns a list of AppCatalog manifests for a given tenant tags: - app catalog manifest responses: '200': description: lists AppCatalog manifests content: application/json: schema: type: array items: $ref: "#/components/schemas/AppCatalogManifest" ####################################### # BUCKET WATCH # ####################################### # referring to paths is ugly because of json ref character escapes /allocation/{tenant}/bucketwatch: $ref: "openapi-buckets.yml#/paths/allTenantBucketWatches" /allocation/{tenant}/bucket/{id}/bucketwatch: $ref: "openapi-buckets.yml#/paths/bucketWatchOfBucket" /allocation/{tenant}/bucket/{id}/bucketwatch/configuration: $ref: "openapi-buckets.yml#/paths/bucketWatchConfigOfBucket" /allocation/{tenant}/bucket/{id}/bucketwatch/actual: $ref: "openapi-buckets.yml#/paths/bucketWatchActualOfBucket" /allocation/{tenant}/bucket/{id}/bucketwatch/status: $ref: "openapi-buckets.yml#/paths/bucketWatchAllocStatusOfBucket" ####################################### # BUCKETS # ####################################### /allocation/{tenant}/bucket: $ref: "openapi-buckets.yml#/paths/allTenantBuckets" /allocation/{tenant}/bucket/{id}: $ref: "openapi-buckets.yml#/paths/bucketOfTenant" /allocation/{tenant}/bucket/{id}/configuration: $ref: "openapi-buckets.yml#/paths/bucketConfiguration" /allocation/{tenant}/bucket/{id}/actual: $ref: "openapi-buckets.yml#/paths/bucketActual" /allocation/{tenant}/bucket/{id}/status: $ref: "openapi-buckets.yml#/paths/bucketAllocStatus" ####################################### # BUCKET ACCESS # ####################################### /allocation/{tenant}/bucketaccess: $ref: "openapi-buckets.yml#/paths/allTenantBucketAccesses" /allocation/{tenant}/bucket/{id}/bucketaccess: $ref: "openapi-buckets.yml#/paths/bucketAccessesOfBucket" /allocation/{tenant}/bucket/{id}/bucketaccess/{name}: $ref: "openapi-buckets.yml#/paths/bucketAccessOfBucket" /allocation/{tenant}/bucket/{id}/bucketaccess/{name}/configuration: $ref: "openapi-buckets.yml#/paths/bucketAccessConfigOfBucketAccess" /allocation/{tenant}/bucket/{id}/bucketaccess/{name}/actual: $ref: "openapi-buckets.yml#/paths/bucketAccessActualOfBucketAccess" /allocation/{tenant}/bucket/{id}/bucketaccess/{name}/status: $ref: "openapi-buckets.yml#/paths/bucketAccessAllocStatusOfBucketAccess" ####################################### # CERTIFICATES # ####################################### /allocation/{tenant}/certificate: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns a list of all certificate names that are allocated to a tenant tags: - certificate responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /allocation/{tenant}/certificate/{id}: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/CertificateId" get: summary: returns the status of a specific certificate allocation by id tags: - certificate responses: '200': description: a JSON object containing the overall status of a specific certificate allocation along with the certificate's configuration and its actual state content: application/json: schema: $ref: "#/components/schemas/CertificateStatus" examples: certificateStatus: $ref: "#/components/examples/certificateStatus" /allocation/{tenant}/certificate/{id}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/CertificateId" get: summary: returns the configuration of a certificate allocation tags: - certificate responses: '200': description: a JSON object containing the configuration of a certain certificate content: application/json: schema: $ref: "#/components/schemas/Certificate" examples: certificate: $ref: '#/components/examples/certificate' delete: tags: - certificate summary: deletes a certificate by id responses: '202': description: delete request has been accepted put: tags: - certificate summary: create a new certificate. It is impossible to update an existing certificate. This requires a delete of the existing certificate and creation of a new one with the wanted configuration. requestBody: description: the JSON object containing the configuration of a certificate. certChainSecret and keySecret must be known to the platform. required: true content: application/json: schema: $ref: '#/components/schemas/Certificate' examples: certificate: $ref: '#/components/examples/certificate' responses: '202': description: create/update request has been accepted /allocation/{tenant}/certificate/{id}/actual: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/CertificateId" get: summary: returns the actual configuration of a certificate allocation. This may not represent the wanted configuration. tags: - certificate responses: '200': description: a JSON object containing the configuration of a certificate allocation as it is actually deployed. This may differ from the wanted configuration content: application/json: schema: $ref: "#/components/schemas/Certificate" examples: certificate: $ref: '#/components/examples/certificate' /allocation/{tenant}/certificate/{id}/status: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/CertificateId" get: summary: returns a brief status description of a certificate allocation tags: - certificate responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' ####################################### # DATABASES # ####################################### /allocation/{tenant}/database: parameters: - $ref: "#/components/parameters/Tenant" get: summary: (beta release) lists ids of all databases of a tenant tags: - database responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /allocation/{tenant}/database/{id}: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/DatabaseId" get: summary: (beta release) gets overall status of a database allocation tags: - database responses: '200': description: the overall status of a specific database allocation along with the database's configured and actual state content: application/json: schema: $ref: "#/components/schemas/DatabaseStatus" examples: databaseStatus: $ref: '#/components/examples/databaseStatus' /allocation/{tenant}/database/{id}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/DatabaseId" get: summary: (beta release) gets configuration for a database allocation tags: - database responses: '200': description: returns the configuration for this database allocation content: application/json: schema: $ref: "#/components/schemas/Database" examples: database: $ref: '#/components/examples/database' delete: tags: - database summary: (beta release) deletes a database responses: '202': description: delete request has been accepted put: tags: - database summary: (beta release) creates a database configuration. It is impossible to update an existing database. requestBody: description: the JSON representation of the resource required: true content: application/json: schema: $ref: '#/components/schemas/Database' examples: database: $ref: '#/components/examples/database' responses: '202': description: create request has been accepted /allocation/{tenant}/database/{id}/actual: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/DatabaseId" get: summary: (beta release) gets actual state for a database allocation tags: - database responses: '200': description: configuration of a database allocation as it is actually deployed. This may differ from the wanted configuration content: application/json: schema: $ref: "#/components/schemas/Database" examples: database: $ref: '#/components/examples/database' /allocation/{tenant}/database/{id}/status: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/DatabaseId" get: summary: (beta release) gets status description of a database allocation tags: - database responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' ####################################### # DATACATALOG # ####################################### /allocation/{tenant}/datacatalog/asset/{kind}: $ref: "openapi-datacatalog.yml#/paths/allTenantDataCatalogAssets" /allocation/{tenant}/datacatalog/asset/{kind}/{name}: $ref: "openapi-datacatalog.yml#/paths/dataCatalogAssetOfTenant" /allocation/{tenant}/datacatalog/asset/{kind}/{name}/configuration: $ref: "openapi-datacatalog.yml#/paths/dataCatalogAssetConfiguration" ####################################### # FLINK CLUSTERS # ####################################### /allocation/{tenant}/flinkcluster: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns the overall status of a Flink Cluster tags: - flink cluster responses: '200': description: a JSON object containing a Flink Cluster's overall status, actual state and its configuration content: application/json: schema: $ref: "#/components/schemas/FlinkClusterStatus" examples: flinkClusterStatus: $ref: '#/components/examples/flinkClusterStatus' /allocation/{tenant}/flinkcluster/configuration: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns the configuration of a Flink Cluster tags: - flink cluster responses: '200': description: a JSON object containing the configuration of a Flink Cluster content: application/json: schema: $ref: "#/components/schemas/FlinkCluster" examples: flinkCluster: $ref: '#/components/examples/flinkCluster' delete: tags: - flink cluster summary: deletes a Flink Cluster. Since only one cluster can be created per tenant, only the tenants' name needs to be specified. responses: '202': description: delete request has been accepted put: tags: - flink cluster summary: create a new Flink Cluster. It is impossible to update an existing Flink Cluster. This requires a delete of the existing Flink Cluster and creation of a new one with the wanted configuration. requestBody: description: a JSON object containing the desired configuration of the Flink Cluster. Zone must be known to the platform. required: true content: application/json: schema: $ref: '#/components/schemas/FlinkCluster' examples: flinkCluster: $ref: '#/components/examples/flinkCluster' responses: '202': description: create/update request has been accepted /allocation/{tenant}/flinkcluster/actual: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns the actual configuration of a Flink Cluster. tags: - flink cluster responses: '200': description: a JSON object containing the configuration of a Flink Cluster as it is actually deployed. This may differ from the wanted configuration content: application/json: schema: $ref: "#/components/schemas/FlinkCluster" examples: flinkCluster: $ref: '#/components/examples/flinkCluster' /allocation/{tenant}/flinkcluster/status: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns a brief status description of a Flink Cluster tags: - flink cluster responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' ####################################### # KAFKA PROXY # ####################################### /allocation/{tenant}/kafkaproxy: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns a list of all kafka proxies of a tenant tags: - kafka proxy responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /allocation/{tenant}/kafkaproxy/{id}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/KafkaProxyId" get: tags: - kafka proxy summary: Returns the configuration of a certain kafka Proxy, specified by the tenant name and kafka Proxy name. responses: '200': description: Returns the service definition of a given kafka proxy content: application/json: schema: $ref: "#/components/schemas/KafkaProxy" examples: kafkaProxy: $ref: "#/components/examples/kafkaProxy" put: tags: - kafka proxy summary: update the value of the kafka proxy requestBody: description: the kafka proxy configuration options required: true content: application/json: schema: $ref: '#/components/schemas/KafkaProxy' examples: kafkaProxy: $ref: '#/components/examples/kafkaProxy' responses: '200': description: the secret value is updated delete: tags: - kafka proxy summary: deletes a kafka proxy responses: '202': description: delete request has been accepted ####################################### # Kafka ACL Group # ####################################### /allocation/{tenant}/aclgroup: parameters: - $ref: "#/components/parameters/Tenant" get: summary: list tenant Kafka ACL groups tags: - kafka acl group responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /allocation/{tenant}/aclgroup/{id}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/KafkaACLGroupId" get: summary: return the configuration of the Kafka ACl group tags: - kafka acl group responses: '200': description: Returns the Kafka ACL group definition content: application/json: schema: $ref: "#/components/schemas/KafkaAclGroup" put: summary: creates a new or updates an existing Kafka ACL group tags: - kafka acl group requestBody: description: the Kafka ACL group definition required: true content: application/json: schema: $ref: "#/components/schemas/KafkaAclGroup" responses: '202': description: create request has been accepted # delete: summary: deletes a Kafka ACL group tags: - kafka acl group responses: '202': description: delete request has been accepted ####################################### # ROBOT TOKEN # ####################################### /robot/{tenant}/generate-secret: parameters: - $ref: "#/components/parameters/Tenant" post: summary: generate new client secret for a tenant tags: - robot responses: '200': description: triggers the generation of a new Client Secret for the tenant’s robot account. __This automatically invalidates the existing client secret __, and returns a new client secret in the response body! content: application/json: schema: $ref: "#/components/schemas/ClientSecret" example: value: "7c75t59f-8b8b-4ec4-abn5-1dae68f38d4b" ####################################### # SECRETS # ####################################### /allocation/{tenant}/secret: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns a list of all secret names of a tenant tags: - secret responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' post: tags: - secret summary: create a new secret requestBody: description: a JSON object containing the name and the secret value required: true content: application/json: schema: $ref: '#/components/schemas/Secret' examples: secret: $ref: '#/components/examples/secret' responses: '201': description: the secret value is updated /allocation/{tenant}/secret/{id}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/SecretId" get: summary: returns the configuration of a secret allocation tags: - secret responses: '200': description: a JSON object containing the configuration of this secret allocation content: application/json: schema: $ref: "#/components/schemas/Empty" delete: tags: - secret summary: deletes a secret responses: '202': description: delete request has been accepted /allocation/{tenant}/secret/{id}/actual: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/SecretId" get: summary: returns the actual state of a secret. The response body will always be empty because we cannot share the secret value, but the response code will tell you more about its state. tags: - secret responses: '200': description: The response body will be empty, but a 200 response indicates that the secret is created. content: application/json: schema: $ref: "#/components/schemas/Empty" /allocation/{tenant}/secret/{id}/status: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/SecretId" get: summary: returns a brief status description of a secret allocation tags: - secret responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' /allocation/{tenant}/secret/{id}: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/SecretId" get: summary: returns the value of a secret tags: - secret responses: '200': description: the secret value as a string content: text/plain: schema: type: string put: tags: - secret summary: update the value of a secret requestBody: description: the secret value as a string required: true content: text/plain: schema: type: string example: "my new secret value" responses: '200': description: the secret value is updated ####################################### # TASKS # ####################################### /allocation/{tenant}/task: parameters: - $ref: "#/components/parameters/Tenant" get: summary: return a list containing the ids of all applications with derived tasks tags: - application responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /allocation/{tenant}/task/{appid}: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppID" get: summary: return a list containing the ids of an application's derived tasks tags: - application responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /allocation/{tenant}/task/{appid}/{id}: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppID" - $ref: "#/components/parameters/TaskId" get: summary: returns overall status of a task tags: - application responses: '200': description: a JSON object containing the overall status of a specific task allocation along with the task's configured and actual state content: application/json: schema: $ref: "#/components/schemas/TaskStatus" examples: taskStatus: $ref: '#/components/examples/taskStatus' /allocation/{tenant}/task/{appid}/{id}/actual: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppID" - $ref: "#/components/parameters/TaskId" get: summary: returns the actual state of a specific task tags: - application responses: '200': description: a JSON object containing the actual state of a specific task. This may differ from the task's configured state content: application/json: schema: $ref: "#/components/schemas/Task" examples: task: $ref: '#/components/examples/task' /allocation/{tenant}/task/{appid}/{id}/status: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/AppID" - $ref: "#/components/parameters/TaskId" get: summary: returns a brief status description of a task tags: - application responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' ####################################### # BUCKET CONCESSION # ####################################### /allocation/{tenant}/bucket/fromthirdparty: $ref: "openapi-buckets.yml#/paths/onlyTenantBucketsFromThirdPartyConcessions" /allocation/{tenant}/thirdpartybucketconcession: $ref: "openapi-buckets.yml#/paths/allTenantThirdPartyBucketConcessions" /allocation/{tenant}/thirdpartybucketconcession/{id}: $ref: "openapi-buckets.yml#/paths/thirdPartyBucketConcession" /allocation/{tenant}/thirdpartybucketconcession/{id}/configuration: $ref: "openapi-buckets.yml#/paths/thirdPartyBucketConcessionConfig" /allocation/{tenant}/thirdpartybucketconcession/{id}/actual: $ref: "openapi-buckets.yml#/paths/thirdPartyBucketConcessionActual" /allocation/{tenant}/thirdpartybucketconcession/{id}/status: $ref: "openapi-buckets.yml#/paths/thirdPartyBucketConcessionAllocStatus" ####################################### # TOPICS # ####################################### /allocation/{tenant}/topic: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns a list of topics of a tenant tags: - topic responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /allocation/{tenant}/topic/{id}: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/TopicId" get: summary: returns the overall status of a topic allocation tags: - topic responses: '200': description: a JSON object containing the overall status of a specific topic allocation along with the topic's configured and actual state content: application/json: schema: $ref: "#/components/schemas/TopicStatus" examples: topicStatus: $ref: '#/components/examples/topicStatus' /allocation/{tenant}/topic/{id}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/TopicId" get: summary: returns the configuration of a topic allocation tags: - topic responses: '200': description: a JSON object containing the configuration of a topic allocation content: application/json: schema: $ref: "#/components/schemas/Topic" examples: topic: $ref: '#/components/examples/topic' delete: tags: - topic summary: deletes a topic responses: '202': description: delete request has been accepted put: tags: - topic summary: create a new topic. It is impossible to update an existing topic. This requires a delete of the existing topic and creation of a new one with the wanted configuration. requestBody: description: the JSON object containing the configuration of the desired topic required: true content: application/json: schema: $ref: '#/components/schemas/Topic' examples: topic: $ref: '#/components/examples/topic' responses: '202': description: create/update request has been accepted /allocation/{tenant}/topic/{id}/actual: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/TopicId" get: summary: returns actual configuration of a topic allocation tags: - topic responses: '200': description: a JSON object containing the configuration of a topic allocation as it is actually deployed. This may differ from the wanted configuration content: application/json: schema: $ref: "#/components/schemas/Topic" examples: topic: $ref: '#/components/examples/topic' /allocation/{tenant}/topic/{id}/status: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/TopicId" get: summary: returns a brief status description of a topic allocation tags: - topic responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' ####################################### # VOLUMES # ####################################### /allocation/{tenant}/volume: parameters: - $ref: "#/components/parameters/Tenant" get: summary: returns a list containing the ids of all volumes of a given tenant tags: - volume responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /allocation/{tenant}/volume/{id}: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/VolumeId" get: summary: returns the overall status of a volume allocation tags: - volume responses: '200': description: a JSON object containing the overall status of a specific volume allocation along with the volume's configured and actual state content: application/json: schema: $ref: "#/components/schemas/VolumeStatus" examples: volumeStatus: $ref: '#/components/examples/volumeStatus' /allocation/{tenant}/volume/{id}/configuration: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/VolumeId" get: summary: returns the configuration for a volume allocation tags: - volume responses: '200': description: a JSON object containing the configuration for a volume allocation content: application/json: schema: $ref: "#/components/schemas/Volume" examples: volume: $ref: '#/components/examples/volume' delete: tags: - volume summary: deletes a volume responses: '202': description: delete request has been accepted put: tags: - volume summary: create a new volume configuration. It is impossible to update an existing volume. This requires a delete of the existing volume and creation of a new one with the wanted configuration. requestBody: description: the JSON object containing the desired configuration of a volume allocation required: true content: application/json: schema: $ref: '#/components/schemas/Volume' examples: volume: $ref: '#/components/examples/volume' responses: '202': description: create request has been accepted /allocation/{tenant}/volume/{id}/actual: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/VolumeId" get: summary: returns the actual state for a volume allocation tags: - volume responses: '200': description: a JSOn object containing the configuration of a volume allocation as it is actually deployed. This may differ from the wanted configuration content: application/json: schema: $ref: "#/components/schemas/Volume" examples: volume: $ref: '#/components/examples/volume' /allocation/{tenant}/volume/{id}/status: parameters: - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/VolumeId" get: summary: returns a brief status description of a volume allocation tags: - volume responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' ####################################### # MANAGED TENANT # ####################################### /manage/{manager}/tenant: parameters: - $ref: "#/components/parameters/Manager" get: summary: returns a list of tenants managed by the `manager` tenant tags: - managed tenant responses: '200': $ref: 'openapi-common.yml#/components/responses/200-ChildList' /manage/{manager}/tenant/{tenant}/configuration: parameters: - $ref: "#/components/parameters/Manager" - $ref: "#/components/parameters/Tenant" get: summary: returns the configuration of tenant as managed by the manager tags: - managed tenant responses: '200': description: a JSON object containing the configuration of a managed tenant as it is configured on the current system. This may differ from the wanted configuration. content: application/json: schema: $ref: '#/components/schemas/ManagedTenant' examples: managedTenant: $ref: '#/components/examples/managedTenant' put: summary: creates and/or updates a managed tenant for managing tenant or update its configuration tags: - managed tenant requestBody: description: the JSON object containing the configuration of the managed tenant required: true content: application/json: schema: $ref: '#/components/schemas/ManagedTenant' examples: managedTenant: $ref: '#/components/examples/managedTenant' responses: '202': description: create/update request has been accepted '400': description: The provided input was rejected delete: tags: - managed tenant summary: deletes a managed tenant for the managing tenant responses: '202': description: delete request has been accepted /manage/{manager}/tenant/{tenant}/actual: parameters: - $ref: "#/components/parameters/Manager" - $ref: "#/components/parameters/Tenant" get: summary: returns the actual state for a managed tenant allocation tags: - managed tenant responses: '200': description: a JSOn object containing the configuration of a managed tenant allocation as it is actually deployed. This may differ from the wanted configuration. content: application/json: schema: $ref: '#/components/schemas/ManagedTenant' examples: managedTenant: $ref: '#/components/examples/managedTenant' /manage/{manager}/tenant/{tenant}/status: parameters: - $ref: "#/components/parameters/Manager" - $ref: "#/components/parameters/Tenant" get: summary: returns a brief status description of a managed tenant allocation tags: - managed tenant responses: '200': $ref: 'openapi-common.yml#/components/responses/200-AllocationStatus' /manage/{manager}/tenant/{tenant}/limit: parameters: - $ref: "#/components/parameters/Manager" - $ref: "#/components/parameters/Tenant" get: summary: get all limits of a managed tenant tags: - managed tenant limits responses: '200': description: a JSON list with all limits of the managed tenant content: application/json: schema: type: array items: $ref: "#/components/schemas/LimitValue" examples: allLimits: $ref: '#/components/examples/managedTenantLimitListAll' patch: summary: update multiple limits of a managed tenant tags: - managed tenant limits requestBody: description: a JSON list with multiple limits of the managed tenant required: true content: application/json: schema: type: array items: $ref: "#/components/schemas/LimitValue" examples: someLimits: $ref: '#/components/examples/managedTenantLimitListSome' allLimits: $ref: '#/components/examples/managedTenantLimitListAll' responses: '202': description: create/update request has been accepted for each limit '400': description: the provided input was rejected for one or more limits /manage/{manager}/tenant/{tenant}/limit/{kind}: parameters: - $ref: "#/components/parameters/Manager" - $ref: "#/components/parameters/Tenant" - $ref: "#/components/parameters/LimitKind" get: summary: get a specific managed tenant limit set by the managing tenant tags: - managed tenant limits responses: '200': description: a JSON object containing the specified limit kind value of a managed tenant content: application/json: schema: $ref: '#/components/schemas/LimitValue' examples: cpu: $ref: '#/components/examples/managedTenantLimitCpu' mem: $ref: '#/components/examples/managedTenantLimitMem' certificatecount: $ref: '#/components/examples/managedTenantLimitCertificateCount' secretcount: $ref: '#/components/examples/managedTenantLimitSecretCount' topiccount: $ref: '#/components/examples/managedTenantLimitTopicCount' partitioncount: $ref: '#/components/examples/managedTenantLimitPartitionCount' consumerrate: $ref: '#/components/examples/managedTenantLimitConsumerRate' producerrate: $ref: '#/components/examples/managedTenantLimitProducerRate' requestrate: $ref: '#/components/examples/managedTenantLimitRequestRate' put: summary: create and/or update the configured limits for a managed tenant tags: - managed tenant limits requestBody: description: the JSON object containing the limit configuration of the managed tenant required: true content: application/json: schema: $ref: '#/components/schemas/LimitValue' examples: cpu: $ref: '#/components/examples/managedTenantLimitCpu' mem: $ref: '#/components/examples/managedTenantLimitMem' certificatecount: $ref: '#/components/examples/managedTenantLimitCertificateCount' secretcount: $ref: '#/components/examples/managedTenantLimitSecretCount' topiccount: $ref: '#/components/examples/managedTenantLimitTopicCount' partitioncount: $ref: '#/components/examples/managedTenantLimitPartitionCount' consumerrate: $ref: '#/components/examples/managedTenantLimitConsumerRate' producerrate: $ref: '#/components/examples/managedTenantLimitProducerRate' requestrate: $ref: '#/components/examples/managedTenantLimitRequestRate' responses: '202': description: create/update request has been accepted '400': description: the provided input was rejected /manage/{manager}/stream: parameters: - $ref: '#/components/parameters/Manager' get: summary: get a list of streams managed by the managing tenant tags: - managed streams responses: '200': description: a list of stream id's content: application/json: schema: type: array items: $ref: '#/components/schemas/ManagedStreamId' /manage/{manager}/stream/public/{streamId}/configuration: parameters: - $ref: '#/components/parameters/Manager' - $ref: '#/components/parameters/ManagedPublicStreamId' get: summary: Get the configuration for a public managed stream tags: - managed streams responses: '200': description: managed stream configuration content: application/json: schema: $ref: '#/components/schemas/PublicManagedStream' examples: publicManagedStreamWithDefaultKafkaPartitioner: $ref: '#/components/examples/publicManagedStreamWithDefaultKafkaPartitioner' publicManagedStreamWithTopicLevelPartitioner: $ref: '#/components/examples/publicManagedStreamWithTopicLevelPartitioner' '404': description: managed stream not found post: summary: Create a public managed stream tags: - managed streams requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PublicManagedStream' examples: publicManagedStreamWithDefaultKafkaPartitioner: $ref: '#/components/examples/publicManagedStreamWithDefaultKafkaPartitioner' publicManagedStreamWithTopicLevelPartitioner: $ref: '#/components/examples/publicManagedStreamWithTopicLevelPartitioner' responses: '202': description: Configuration was accepted, stream is being created '400': description: Configuration was rejected delete: summary: Delete a public managed stream tags: - managed streams responses: '202': description: Delete request was accepted /manage/{manager}/stream/internal/{streamId}/configuration: parameters: - $ref: '#/components/parameters/Manager' - $ref: '#/components/parameters/ManagedInternalStreamId' get: summary: Get the configuration for an internal managed stream tags: - managed streams responses: '200': description: managed stream configuration content: application/json: schema: $ref: '#/components/schemas/InternalManagedStream' examples: managedInternalStream: $ref: '#/components/examples/managedInternalStream' '404': description: managed stream not found post: summary: Create an internal managed stream tags: - managed streams requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/InternalManagedStream' examples: managedInternalStream: $ref: '#/components/examples/managedInternalStream' responses: '202': description: Configuration was accepted, stream is being created '400': description: Configuration was rejected delete: summary: Delete an internal managed stream tags: - managed streams responses: '202': description: Delete request was accepted /manage/{manager}/stream/{streamId}/access/write: parameters: - $ref: '#/components/parameters/Manager' - $ref: '#/components/parameters/ManagedStreamId' get: summary: get a list of all tenants that have write access to the stream tags: - managed streams access responses: '200': description: A list of all names of tenants that have write access to the stream content: application/json: schema: type: array items: type: string description: Tenant name example: "sometenant" /manage/{manager}/stream/{streamId}/access/write/{tenant}: parameters: - $ref: '#/components/parameters/Manager' - $ref: '#/components/parameters/ManagedStreamId' - $ref: '#/components/parameters/Tenant' head: summary: Check whether the tenant has write access to the stream tags: - managed streams access responses: '204': description: The tenant has write access to the stream '404': description: The tenant does not have write access to the stream put: summary: Grant the tenant write access to the stream tags: - managed streams access responses: '202': description: Write access to the stream is granted to the tenant delete: summary: Revoke write access for the tenant on the stream tags: - managed streams access responses: '202': description: Write access to the stream has been revoked for the tenant /manage/{manager}/stream/{streamId}/access/read: parameters: - $ref: '#/components/parameters/Manager' - $ref: '#/components/parameters/ManagedStreamId' get: summary: get a list of all tenants that have read access to the stream tags: - managed streams access responses: '200': description: A list of all names of tenants that have read access to the stream content: application/json: schema: type: array items: type: string description: Tenant name example: "sometenant" /manage/{manager}/stream/{streamId}/access/read/{tenant}: parameters: - $ref: '#/components/parameters/Manager' - $ref: '#/components/parameters/ManagedStreamId' - $ref: '#/components/parameters/Tenant' head: summary: Check whether the tenant has read access to the stream tags: - managed streams access responses: '204': description: The tenant has read access to the stream '404': description: The tenant does not have read access to the stream put: summary: Grant the tenant write access to the stream tags: - managed streams access responses: '202': description: Read access to the stream is granted to the tenant delete: summary: Revoke read access for the tenant on the stream tags: - managed streams access responses: '202': description: Read access to the stream has been revoked for the tenant