Boundary controller HTTP API
Worker Service
Lists all Workers.
Query Parameters
scope_id string recursive boolean filter string Successful Response
id string Output only. The ID of the User.
scope_id string The ID of the Scope this resource is in.
id string The ID of the scope.
type string The type of the scope.
name string The name of the scope, if any.
description string The description of the scope, if any.
parent_scope_id string The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
created_time string Output only. The time this resource was created.
updated_time string Output only. The time this resource was last updated.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
address string Output only. The address that this worker is reachable at, as sourced from the worker's configuration file.
canonical_tags object Output only. The deduplicated union of the tags reported by the worker from its configuration and any tags added through other means. This is used when applying worker filters.
config_tags object Output only. The tags set in the worker's configuration file.
last_status_time string Output only. The time this worker daemon last reported its status.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
controller_generated_activation_token string Output only. An activation token that can be given to a worker to correlate it to the created resource.
active_connection_count integer Output only. The number of connections that this worker is currently handling.
type string Output only. The type of the worker, denoted by how it authenticates: pki
or kms.
api_tags object Output only. The api tags set for the worker.
release_version string Output only. The version of the Boundary binary the worker is running.
directly_connected_downstream_workers string[] authorized_actions string[] local_storage_state string Output only. The local_storage_state indicates the state of the local disk space of the worker. Possible values are:
- available: The worker local storage state is at an acceptable state
- low storage: The worker is below the minimum threshold for local storage
- critically low storage: The worker local storage state is below the critical minimum threshold for local storage
- out of storage: The worker is out of local disk space
- not configured: The worker does not have a local storage path configured
- unknown: The default local storage state of a worker. Used when the local storage state of a worker is not yet known
remote_storage_state object Output only. The remote_storage_state indicats the permission state of the storage buckets that the Worker is actively using. The possible permission state types include: write, read, and delete. The possible permission state values include: unknown, error, and ok.
Gets a single Worker.
Path Parameters
id string RequiredRequiredSuccessful Response
id string Output only. The ID of the User.
scope_id string The ID of the Scope this resource is in.
id string The ID of the scope.
type string The type of the scope.
name string The name of the scope, if any.
description string The description of the scope, if any.
parent_scope_id string The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
created_time string Output only. The time this resource was created.
updated_time string Output only. The time this resource was last updated.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
address string Output only. The address that this worker is reachable at, as sourced from the worker's configuration file.
canonical_tags object Output only. The deduplicated union of the tags reported by the worker from its configuration and any tags added through other means. This is used when applying worker filters.
config_tags object Output only. The tags set in the worker's configuration file.
last_status_time string Output only. The time this worker daemon last reported its status.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
controller_generated_activation_token string Output only. An activation token that can be given to a worker to correlate it to the created resource.
active_connection_count integer Output only. The number of connections that this worker is currently handling.
type string Output only. The type of the worker, denoted by how it authenticates: pki
or kms.
api_tags object Output only. The api tags set for the worker.
release_version string Output only. The version of the Boundary binary the worker is running.
directly_connected_downstream_workers string[] authorized_actions string[] local_storage_state string Output only. The local_storage_state indicates the state of the local disk space of the worker. Possible values are:
- available: The worker local storage state is at an acceptable state
- low storage: The worker is below the minimum threshold for local storage
- critically low storage: The worker local storage state is below the critical minimum threshold for local storage
- out of storage: The worker is out of local disk space
- not configured: The worker does not have a local storage path configured
- unknown: The default local storage state of a worker. Used when the local storage state of a worker is not yet known
remote_storage_state object Output only. The remote_storage_state indicats the permission state of the storage buckets that the Worker is actively using. The possible permission state types include: write, read, and delete. The possible permission state values include: unknown, error, and ok.
Deletes a Worker.
Path Parameters
id string RequiredRequiredSuccessful Response
Updates a Worker.
Path Parameters
id string RequiredRequiredBody Parameters
scope_id string The ID of the Scope this resource is in.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
Successful Response
id string Output only. The ID of the User.
scope_id string The ID of the Scope this resource is in.
id string The ID of the scope.
type string The type of the scope.
name string The name of the scope, if any.
description string The description of the scope, if any.
parent_scope_id string The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
created_time string Output only. The time this resource was created.
updated_time string Output only. The time this resource was last updated.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
address string Output only. The address that this worker is reachable at, as sourced from the worker's configuration file.
canonical_tags object Output only. The deduplicated union of the tags reported by the worker from its configuration and any tags added through other means. This is used when applying worker filters.
config_tags object Output only. The tags set in the worker's configuration file.
last_status_time string Output only. The time this worker daemon last reported its status.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
controller_generated_activation_token string Output only. An activation token that can be given to a worker to correlate it to the created resource.
active_connection_count integer Output only. The number of connections that this worker is currently handling.
type string Output only. The type of the worker, denoted by how it authenticates: pki
or kms.
api_tags object Output only. The api tags set for the worker.
release_version string Output only. The version of the Boundary binary the worker is running.
directly_connected_downstream_workers string[] authorized_actions string[] local_storage_state string Output only. The local_storage_state indicates the state of the local disk space of the worker. Possible values are:
- available: The worker local storage state is at an acceptable state
- low storage: The worker is below the minimum threshold for local storage
- critically low storage: The worker local storage state is below the critical minimum threshold for local storage
- out of storage: The worker is out of local disk space
- not configured: The worker does not have a local storage path configured
- unknown: The default local storage state of a worker. Used when the local storage state of a worker is not yet known
remote_storage_state object Output only. The remote_storage_state indicats the permission state of the storage buckets that the Worker is actively using. The possible permission state types include: write, read, and delete. The possible permission state values include: unknown, error, and ok.
Adds api tags to an existing Worker.
Path Parameters
id string RequiredRequiredBody Parameters
version integer Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
api_tags object Successful Response
id string Output only. The ID of the User.
scope_id string The ID of the Scope this resource is in.
id string The ID of the scope.
type string The type of the scope.
name string The name of the scope, if any.
description string The description of the scope, if any.
parent_scope_id string The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
created_time string Output only. The time this resource was created.
updated_time string Output only. The time this resource was last updated.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
address string Output only. The address that this worker is reachable at, as sourced from the worker's configuration file.
canonical_tags object Output only. The deduplicated union of the tags reported by the worker from its configuration and any tags added through other means. This is used when applying worker filters.
config_tags object Output only. The tags set in the worker's configuration file.
last_status_time string Output only. The time this worker daemon last reported its status.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
controller_generated_activation_token string Output only. An activation token that can be given to a worker to correlate it to the created resource.
active_connection_count integer Output only. The number of connections that this worker is currently handling.
type string Output only. The type of the worker, denoted by how it authenticates: pki
or kms.
api_tags object Output only. The api tags set for the worker.
release_version string Output only. The version of the Boundary binary the worker is running.
directly_connected_downstream_workers string[] authorized_actions string[] local_storage_state string Output only. The local_storage_state indicates the state of the local disk space of the worker. Possible values are:
- available: The worker local storage state is at an acceptable state
- low storage: The worker is below the minimum threshold for local storage
- critically low storage: The worker local storage state is below the critical minimum threshold for local storage
- out of storage: The worker is out of local disk space
- not configured: The worker does not have a local storage path configured
- unknown: The default local storage state of a worker. Used when the local storage state of a worker is not yet known
remote_storage_state object Output only. The remote_storage_state indicats the permission state of the storage buckets that the Worker is actively using. The possible permission state types include: write, read, and delete. The possible permission state values include: unknown, error, and ok.
Removes api tags from an existing Worker.
Path Parameters
id string RequiredRequiredBody Parameters
version integer Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
api_tags object Successful Response
id string Output only. The ID of the User.
scope_id string The ID of the Scope this resource is in.
id string The ID of the scope.
type string The type of the scope.
name string The name of the scope, if any.
description string The description of the scope, if any.
parent_scope_id string The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
created_time string Output only. The time this resource was created.
updated_time string Output only. The time this resource was last updated.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
address string Output only. The address that this worker is reachable at, as sourced from the worker's configuration file.
canonical_tags object Output only. The deduplicated union of the tags reported by the worker from its configuration and any tags added through other means. This is used when applying worker filters.
config_tags object Output only. The tags set in the worker's configuration file.
last_status_time string Output only. The time this worker daemon last reported its status.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
controller_generated_activation_token string Output only. An activation token that can be given to a worker to correlate it to the created resource.
active_connection_count integer Output only. The number of connections that this worker is currently handling.
type string Output only. The type of the worker, denoted by how it authenticates: pki
or kms.
api_tags object Output only. The api tags set for the worker.
release_version string Output only. The version of the Boundary binary the worker is running.
directly_connected_downstream_workers string[] authorized_actions string[] local_storage_state string Output only. The local_storage_state indicates the state of the local disk space of the worker. Possible values are:
- available: The worker local storage state is at an acceptable state
- low storage: The worker is below the minimum threshold for local storage
- critically low storage: The worker local storage state is below the critical minimum threshold for local storage
- out of storage: The worker is out of local disk space
- not configured: The worker does not have a local storage path configured
- unknown: The default local storage state of a worker. Used when the local storage state of a worker is not yet known
remote_storage_state object Output only. The remote_storage_state indicats the permission state of the storage buckets that the Worker is actively using. The possible permission state types include: write, read, and delete. The possible permission state values include: unknown, error, and ok.
Sets api tags for an existing Worker.
Path Parameters
id string RequiredRequiredBody Parameters
version integer Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
api_tags object Successful Response
id string Output only. The ID of the User.
scope_id string The ID of the Scope this resource is in.
id string The ID of the scope.
type string The type of the scope.
name string The name of the scope, if any.
description string The description of the scope, if any.
parent_scope_id string The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
created_time string Output only. The time this resource was created.
updated_time string Output only. The time this resource was last updated.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
address string Output only. The address that this worker is reachable at, as sourced from the worker's configuration file.
canonical_tags object Output only. The deduplicated union of the tags reported by the worker from its configuration and any tags added through other means. This is used when applying worker filters.
config_tags object Output only. The tags set in the worker's configuration file.
last_status_time string Output only. The time this worker daemon last reported its status.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
controller_generated_activation_token string Output only. An activation token that can be given to a worker to correlate it to the created resource.
active_connection_count integer Output only. The number of connections that this worker is currently handling.
type string Output only. The type of the worker, denoted by how it authenticates: pki
or kms.
api_tags object Output only. The api tags set for the worker.
release_version string Output only. The version of the Boundary binary the worker is running.
directly_connected_downstream_workers string[] authorized_actions string[] local_storage_state string Output only. The local_storage_state indicates the state of the local disk space of the worker. Possible values are:
- available: The worker local storage state is at an acceptable state
- low storage: The worker is below the minimum threshold for local storage
- critically low storage: The worker local storage state is below the critical minimum threshold for local storage
- out of storage: The worker is out of local disk space
- not configured: The worker does not have a local storage path configured
- unknown: The default local storage state of a worker. Used when the local storage state of a worker is not yet known
remote_storage_state object Output only. The remote_storage_state indicats the permission state of the storage buckets that the Worker is actively using. The possible permission state types include: write, read, and delete. The possible permission state values include: unknown, error, and ok.
Creates a single Worker.
Body Parameters
scope_id string The ID of the Scope this resource is in.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
Successful Response
id string Output only. The ID of the User.
scope_id string The ID of the Scope this resource is in.
id string The ID of the scope.
type string The type of the scope.
name string The name of the scope, if any.
description string The description of the scope, if any.
parent_scope_id string The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
created_time string Output only. The time this resource was created.
updated_time string Output only. The time this resource was last updated.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
address string Output only. The address that this worker is reachable at, as sourced from the worker's configuration file.
canonical_tags object Output only. The deduplicated union of the tags reported by the worker from its configuration and any tags added through other means. This is used when applying worker filters.
config_tags object Output only. The tags set in the worker's configuration file.
last_status_time string Output only. The time this worker daemon last reported its status.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
controller_generated_activation_token string Output only. An activation token that can be given to a worker to correlate it to the created resource.
active_connection_count integer Output only. The number of connections that this worker is currently handling.
type string Output only. The type of the worker, denoted by how it authenticates: pki
or kms.
api_tags object Output only. The api tags set for the worker.
release_version string Output only. The version of the Boundary binary the worker is running.
directly_connected_downstream_workers string[] authorized_actions string[] local_storage_state string Output only. The local_storage_state indicates the state of the local disk space of the worker. Possible values are:
- available: The worker local storage state is at an acceptable state
- low storage: The worker is below the minimum threshold for local storage
- critically low storage: The worker local storage state is below the critical minimum threshold for local storage
- out of storage: The worker is out of local disk space
- not configured: The worker does not have a local storage path configured
- unknown: The default local storage state of a worker. Used when the local storage state of a worker is not yet known
remote_storage_state object Output only. The remote_storage_state indicats the permission state of the storage buckets that the Worker is actively using. The possible permission state types include: write, read, and delete. The possible permission state values include: unknown, error, and ok.
Creates a single Worker.
Body Parameters
scope_id string The ID of the Scope this resource is in.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
Successful Response
id string Output only. The ID of the User.
scope_id string The ID of the Scope this resource is in.
id string The ID of the scope.
type string The type of the scope.
name string The name of the scope, if any.
description string The description of the scope, if any.
parent_scope_id string The ID of the parent scope, if any. This field is empty if it is the "global" scope.
name string Optional name for identification purposes. Can only be set through the API
for pki-type workers; read-only for kms-type workers.
description string Optional user-set description for identification purposes. Can only be set
through the API for pki-type workers; read-only for kms-type workers.
created_time string Output only. The time this resource was created.
updated_time string Output only. The time this resource was last updated.
version integer Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
address string Output only. The address that this worker is reachable at, as sourced from the worker's configuration file.
canonical_tags object Output only. The deduplicated union of the tags reported by the worker from its configuration and any tags added through other means. This is used when applying worker filters.
config_tags object Output only. The tags set in the worker's configuration file.
last_status_time string Output only. The time this worker daemon last reported its status.
worker_generated_auth_token string worker_generated_auth_token is input only. Supports the worker led node enrollment flow where this credentials token is produced by a worker. This token is a base58 encoded types.FetchNodeCredentialsRequest from https://github.com/hashicorp/nodeenrollment
controller_generated_activation_token string Output only. An activation token that can be given to a worker to correlate it to the created resource.
active_connection_count integer Output only. The number of connections that this worker is currently handling.
type string Output only. The type of the worker, denoted by how it authenticates: pki
or kms.
api_tags object Output only. The api tags set for the worker.
release_version string Output only. The version of the Boundary binary the worker is running.
directly_connected_downstream_workers string[] authorized_actions string[] local_storage_state string Output only. The local_storage_state indicates the state of the local disk space of the worker. Possible values are:
- available: The worker local storage state is at an acceptable state
- low storage: The worker is below the minimum threshold for local storage
- critically low storage: The worker local storage state is below the critical minimum threshold for local storage
- out of storage: The worker is out of local disk space
- not configured: The worker does not have a local storage path configured
- unknown: The default local storage state of a worker. Used when the local storage state of a worker is not yet known
remote_storage_state object Output only. The remote_storage_state indicats the permission state of the storage buckets that the Worker is actively using. The possible permission state types include: write, read, and delete. The possible permission state values include: unknown, error, and ok.
Retrieves root certificates used for worker authentication.
Query Parameters
scope_id string Successful Response
id string Output only. The ID of the certificate
public_key_sha256 string Output only. The public key of the cert authority
not_before_time string Output only. The time before which this CA is invalid
not_after_time string Output only. The time after which this CA is invalid
Reinitializes root certificates used for worker authentication.
Query Parameters
scope_id string Successful Response
id string Output only. The ID of the certificate
public_key_sha256 string Output only. The public key of the cert authority
not_before_time string Output only. The time before which this CA is invalid
not_after_time string Output only. The time after which this CA is invalid