From 49878743b06aba05c2ac5ad6e914eb0a3ac6aee9 Mon Sep 17 00:00:00 2001 From: Jamil Date: Tue, 21 Feb 2023 14:45:31 -0800 Subject: [PATCH] Fix broken link regression (#1449) --- .../controllers/json/user_controller.ex | 2 +- www/docs/reference/env-vars.mdx | 148 +++++++++--------- .../reference/rest-api/configurations.mdx | 12 +- www/docs/reference/rest-api/devices.mdx | 134 ++++++++-------- www/docs/reference/rest-api/rules.mdx | 60 +++---- www/docs/reference/rest-api/users.mdx | 92 +++++------ 6 files changed, 225 insertions(+), 223 deletions(-) diff --git a/apps/fz_http/lib/fz_http_web/controllers/json/user_controller.ex b/apps/fz_http/lib/fz_http_web/controllers/json/user_controller.ex index 5c055b1aa..2d585eb09 100644 --- a/apps/fz_http/lib/fz_http_web/controllers/json/user_controller.ex +++ b/apps/fz_http/lib/fz_http_web/controllers/json/user_controller.ex @@ -34,7 +34,7 @@ defmodule FzHttpWeb.JSON.UserController do This endpoint is useful in two cases: - 1. When [Local Authentication](/authenticate/local-auth/) is enabled (discouraged in + 1. When [Local Authentication](/docs/authenticate/local-auth/) is enabled (discouraged in production deployments), it allows an administrator to provision users with their passwords; 2. When `auto_create_users` in the associated OpenID or SAML configuration is disabled, it allows an administrator to provision users with their emails beforehand, effectively diff --git a/www/docs/reference/env-vars.mdx b/www/docs/reference/env-vars.mdx index ae2413dd4..01357b604 100644 --- a/www/docs/reference/env-vars.mdx +++ b/www/docs/reference/env-vars.mdx @@ -2,11 +2,12 @@ title: Environment Variables sidebar_position: 1 --- + Most day-to-day config of Firezone can be done via the Firezone Web UI, but for zero-touch deployments we allow to override most of configuration options using environment variables. -Read more about configuring Firezone in our [configure guide](/deploy/configure). +Read more about configuring Firezone in our [configure guide](/docs/deploy/configure). ## Errors @@ -30,115 +31,116 @@ It means that if environment variable is set, it will be used, regardless of the and UI to edit database value will be disabled. ## Environment Variable Listing + We recommend setting these in your Docker ENV file (`$HOME/.firezone/.env` by default). Required fields in **bold**. ### WebServer -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| **EXTERNAL_URL** | The external URL the web UI will be accessible at.

Must be a valid and public FQDN for ACME SSL issuance to function.

You can add a path suffix if you want to serve firezone from a non-root path, eg: `https://firezone.mycorp.com/vpn`. | string | | -| PHOENIX_SECURE_COOKIES | Enable or disable requiring secure cookies. Required for HTTPS. | boolean | true | -| PHOENIX_HTTP_PORT | Internal port to listen on for the Phoenix web server. | integer | 13000 | -| PHOENIX_EXTERNAL_TRUSTED_PROXIES | List of trusted reverse proxies.

This is used to determine the correct IP address of the client when the application is behind a reverse proxy by skipping a trusted proxy IP from a list of possible source IPs. | JSON-encoded list | `"[]"` | -| PHOENIX_PRIVATE_CLIENTS | List of trusted clients.

This is used to determine the correct IP address of the client when the application is behind a reverse proxy by picking a trusted client IP from a list of possible source IPs. | JSON-encoded list | `"[]"` | +| Env Key | Description | Format | Default | +| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------- | ------- | +| **EXTERNAL_URL** | The external URL the web UI will be accessible at.

Must be a valid and public FQDN for ACME SSL issuance to function.

You can add a path suffix if you want to serve firezone from a non-root path, eg: `https://firezone.mycorp.com/vpn`. | string | | +| PHOENIX_SECURE_COOKIES | Enable or disable requiring secure cookies. Required for HTTPS. | boolean | true | +| PHOENIX_HTTP_PORT | Internal port to listen on for the Phoenix web server. | integer | 13000 | +| PHOENIX_EXTERNAL_TRUSTED_PROXIES | List of trusted reverse proxies.

This is used to determine the correct IP address of the client when the application is behind a reverse proxy by skipping a trusted proxy IP from a list of possible source IPs. | JSON-encoded list | `"[]"` | +| PHOENIX_PRIVATE_CLIENTS | List of trusted clients.

This is used to determine the correct IP address of the client when the application is behind a reverse proxy by picking a trusted client IP from a list of possible source IPs. | JSON-encoded list | `"[]"` | ### Database -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| DATABASE_HOST | PostgreSQL host. | string | postgres | -| DATABASE_PORT | PostgreSQL port. | integer | 5432 | -| DATABASE_NAME | Name of the PostgreSQL database. | string | firezone | -| DATABASE_USER | User that will be used to access the PostgreSQL database. | string | postgres | -| DATABASE_PASSWORD | Password that will be used to access the PostgreSQL database. | string | | -| DATABASE_POOL_SIZE | Size of the connection pool to the PostgreSQL database. | integer | generated | -| DATABASE_SSL_ENABLED | Whether to connect to the database over SSL.

If this field is set to `true`, the `database_ssl_opts` config must be set too with at least `cacertfile` option present. | boolean | false | -| DATABASE_SSL_OPTS | SSL options for connecting to the PostgreSQL database.

Typically, to enabled SSL you want following options:
- `cacertfile` - path to the CA certificate file;
- `verify` - set to `verify_peer` to verify the server certificate;
- `fail_if_no_peer_cert` - set to `true` to require the server to present a certificate;
- `server_name_indication` - specify the hostname to be used in TLS Server Name Indication extension.

See [Ecto.Adapters.Postgres documentation](https://hexdocs.pm/ecto_sql/Ecto.Adapters.Postgres.html#module-connection-options). For list of all supported options, see the [`ssl`](http://erlang.org/doc/man/ssl.html#type-tls_client_option) module documentation. | JSON-encoded map | `{}` | +| Env Key | Description | Format | Default | +| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | --------- | +| DATABASE_HOST | PostgreSQL host. | string | postgres | +| DATABASE_PORT | PostgreSQL port. | integer | 5432 | +| DATABASE_NAME | Name of the PostgreSQL database. | string | firezone | +| DATABASE_USER | User that will be used to access the PostgreSQL database. | string | postgres | +| DATABASE_PASSWORD | Password that will be used to access the PostgreSQL database. | string | | +| DATABASE_POOL_SIZE | Size of the connection pool to the PostgreSQL database. | integer | generated | +| DATABASE_SSL_ENABLED | Whether to connect to the database over SSL.

If this field is set to `true`, the `database_ssl_opts` config must be set too with at least `cacertfile` option present. | boolean | false | +| DATABASE_SSL_OPTS | SSL options for connecting to the PostgreSQL database.

Typically, to enabled SSL you want following options:
- `cacertfile` - path to the CA certificate file;
- `verify` - set to `verify_peer` to verify the server certificate;
- `fail_if_no_peer_cert` - set to `true` to require the server to present a certificate;
- `server_name_indication` - specify the hostname to be used in TLS Server Name Indication extension.

See [Ecto.Adapters.Postgres documentation](https://hexdocs.pm/ecto_sql/Ecto.Adapters.Postgres.html#module-connection-options). For list of all supported options, see the [`ssl`](http://erlang.org/doc/man/ssl.html#type-tls_client_option) module documentation. | JSON-encoded map | `{}` | ### Admin Setup + Options responsible for initial admin provisioning and resetting the admin password. -For more details see [troubleshooting guide](/administer/troubleshoot/#admin-login-isnt-working). +For more details see [troubleshooting guide](/docs/administer/troubleshoot/#admin-login-isnt-working). - -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| RESET_ADMIN_ON_BOOT | Set this variable to `true` to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.

Note: This **will not** change the status of local authentication. | boolean | false | -| DEFAULT_ADMIN_EMAIL | Primary administrator email. | string | | -| DEFAULT_ADMIN_PASSWORD | Default password that will be used for creating or resetting the primary administrator account. | string | | +| Env Key | Description | Format | Default | +| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | ------- | +| RESET_ADMIN_ON_BOOT | Set this variable to `true` to create or reset the admin password every time Firezone starts. By default, the admin password is only set when Firezone is installed.

Note: This **will not** change the status of local authentication. | boolean | false | +| DEFAULT_ADMIN_EMAIL | Primary administrator email. | string | | +| DEFAULT_ADMIN_PASSWORD | Default password that will be used for creating or resetting the primary administrator account. | string | | ### Secrets and Encryption + Your secrets should be generated during installation automatically and persisted to `.env` file. All secrets should be a **base64-encoded string**. - -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| **GUARDIAN_SECRET_KEY** | Secret key used for signing JWTs. | string | | -| **DATABASE_ENCRYPTION_KEY** | Secret key used for encrypting sensitive data in the database. | string | | -| **SECRET_KEY_BASE** | Primary secret key base for the Phoenix application. | string | | -| **LIVE_VIEW_SIGNING_SALT** | Signing salt for Phoenix LiveView connection tokens. | string | | -| **COOKIE_SIGNING_SALT** | Encryption salt for cookies issued by the Phoenix web application. | string | | -| **COOKIE_ENCRYPTION_SALT** | Signing salt for cookies issued by the Phoenix web application. | string | | +| Env Key | Description | Format | Default | +| --------------------------- | ------------------------------------------------------------------ | ------ | ------- | +| **GUARDIAN_SECRET_KEY** | Secret key used for signing JWTs. | string | | +| **DATABASE_ENCRYPTION_KEY** | Secret key used for encrypting sensitive data in the database. | string | | +| **SECRET_KEY_BASE** | Primary secret key base for the Phoenix application. | string | | +| **LIVE_VIEW_SIGNING_SALT** | Signing salt for Phoenix LiveView connection tokens. | string | | +| **COOKIE_SIGNING_SALT** | Encryption salt for cookies issued by the Phoenix web application. | string | | +| **COOKIE_ENCRYPTION_SALT** | Signing salt for cookies issued by the Phoenix web application. | string | | ### Devices -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT | Enable or disable management of devices on unprivileged accounts. | boolean | true | -| ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION | Enable or disable configuration of device network settings for unprivileged users. | boolean | true | -| VPN_SESSION_DURATION | Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active. | integer | 0 | -| DEFAULT_CLIENT_PERSISTENT_KEEPALIVE | Interval for WireGuard [persistent keepalive](https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence).

If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value. | integer | 25 | -| DEFAULT_CLIENT_MTU | WireGuard interface MTU for devices. 1280 is a safe bet for most networks. Leave this blank to omit this field from generated configs. | integer | 1280 | -| DEFAULT_CLIENT_ENDPOINT | IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN. | one of `IP with port`, `string` | generated | -| DEFAULT_CLIENT_DNS | Comma-separated list of DNS servers to use for devices.

It can be either an IP address or a FQDN if you intend to use a DNS-over-TLS server.

Leave this blank to omit the `DNS` section from generated configs. | {:array, ",", {:one_of, [FzHttp.Types.IP, :string]}, [validate_unique: true]} | `[]` | -| DEFAULT_CLIENT_ALLOWED_IPS | Configures the default AllowedIPs setting for devices.

AllowedIPs determines which destination IPs get routed through Firezone.

Specify a comma-separated list of IPs or CIDRs here to achieve split tunneling, or use `0.0.0.0/0, ::/0` to route all device traffic through this Firezone server. | {:array, ",", {:one_of, [FzHttp.Types.CIDR, FzHttp.Types.IP]}, [validate_unique: true]} | `0.0.0.0/0, ::/0` | +| Env Key | Description | Format | Default | +| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- | ----------------- | +| ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT | Enable or disable management of devices on unprivileged accounts. | boolean | true | +| ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION | Enable or disable configuration of device network settings for unprivileged users. | boolean | true | +| VPN_SESSION_DURATION | Optionally require users to periodically authenticate to the Firezone web UI in order to keep their VPN sessions active. | integer | 0 | +| DEFAULT_CLIENT_PERSISTENT_KEEPALIVE | Interval for WireGuard [persistent keepalive](https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence).

If you experience NAT or firewall traversal problems, you can enable this to send a keepalive packet every 25 seconds. Otherwise, keep it disabled with a 0 default value. | integer | 25 | +| DEFAULT_CLIENT_MTU | WireGuard interface MTU for devices. 1280 is a safe bet for most networks. Leave this blank to omit this field from generated configs. | integer | 1280 | +| DEFAULT_CLIENT_ENDPOINT | IPv4, IPv6 address, or FQDN that devices will be configured to connect to. Defaults to this server's FQDN. | one of `IP with port`, `string` | generated | +| DEFAULT_CLIENT_DNS | Comma-separated list of DNS servers to use for devices.

It can be either an IP address or a FQDN if you intend to use a DNS-over-TLS server.

Leave this blank to omit the `DNS` section from generated configs. | {:array, ",", {:one_of, [FzHttp.Types.IP, :string]}, [validate_unique: true]} | `[]` | +| DEFAULT_CLIENT_ALLOWED_IPS | Configures the default AllowedIPs setting for devices.

AllowedIPs determines which destination IPs get routed through Firezone.

Specify a comma-separated list of IPs or CIDRs here to achieve split tunneling, or use `0.0.0.0/0, ::/0` to route all device traffic through this Firezone server. | {:array, ",", {:one_of, [FzHttp.Types.CIDR, FzHttp.Types.IP]}, [validate_unique: true]} | `0.0.0.0/0, ::/0` | ### Authorization -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| LOCAL_AUTH_ENABLED | Enable or disable the local authentication method for all users. | boolean | true | -| DISABLE_VPN_ON_OIDC_ERROR | Enable or disable auto disabling VPN connection on OIDC refresh error. | boolean | false | -| SAML_ENTITY_ID | Entity ID for SAML authentication. | string | urn:firezone.dev:firezone-app | -| SAML_KEYFILE_PATH | Path to the SAML keyfile inside the container. Should be either a PEM or DER-encoded private key, with file extension `.pem` or `.key`. | string | /var/firezone/saml.key | -| SAML_CERTFILE_PATH | Path to the SAML certificate file inside the container. Should be either a PEM or DER-encoded certificate, with file extension `.crt` or `.pem`. | string | /var/firezone/saml.crt | -| OPENID_CONNECT_PROVIDERS | List of OpenID Connect identity providers configurations.

For example:

``` [ { "auto_create_users": false, "id": "google", "label": "google", "client_id": "test-id", "client_secret": "test-secret", "discovery_document_uri": "https://accounts.google.com/.well-known/openid-configuration", "redirect_uri": "https://invalid", "response_type": "response-type", "scope": "oauth email profile" } ] ```

For more details see https://docs.firezone.dev/authenticate/oidc/. | JSON-encoded list | `"[]"` | -| SAML_IDENTITY_PROVIDERS | List of SAML identity providers configurations.

For example:

``` [ { "auto_create_users": false, "base_url": "https://saml", "id": "okta", "label": "okta", "metadata": "...", "sign_metadata": false, "sign_requests": false, "signed_assertion_in_resp": false, "signed_envelopes_in_resp": false } ] ```

For more details see https://docs.firezone.dev/authenticate/saml/. | JSON-encoded list | `"[]"` | +| Env Key | Description | Format | Default | +| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | ----------------------------- | +| LOCAL_AUTH_ENABLED | Enable or disable the local authentication method for all users. | boolean | true | +| DISABLE_VPN_ON_OIDC_ERROR | Enable or disable auto disabling VPN connection on OIDC refresh error. | boolean | false | +| SAML_ENTITY_ID | Entity ID for SAML authentication. | string | urn:firezone.dev:firezone-app | +| SAML_KEYFILE_PATH | Path to the SAML keyfile inside the container. Should be either a PEM or DER-encoded private key, with file extension `.pem` or `.key`. | string | /var/firezone/saml.key | +| SAML_CERTFILE_PATH | Path to the SAML certificate file inside the container. Should be either a PEM or DER-encoded certificate, with file extension `.crt` or `.pem`. | string | /var/firezone/saml.crt | +| OPENID_CONNECT_PROVIDERS | List of OpenID Connect identity providers configurations.

For example:

`[ { "auto_create_users": false, "id": "google", "label": "google", "client_id": "test-id", "client_secret": "test-secret", "discovery_document_uri": "https://accounts.google.com/.well-known/openid-configuration", "redirect_uri": "https://invalid", "response_type": "response-type", "scope": "oauth email profile" } ]`

For more details see https://docs.firezone.dev/authenticate/oidc/. | JSON-encoded list | `"[]"` | +| SAML_IDENTITY_PROVIDERS | List of SAML identity providers configurations.

For example:

`[ { "auto_create_users": false, "base_url": "https://saml", "id": "okta", "label": "okta", "metadata": "...", "sign_metadata": false, "sign_requests": false, "signed_assertion_in_resp": false, "signed_envelopes_in_resp": false } ]`

For more details see https://docs.firezone.dev/authenticate/saml/. | JSON-encoded list | `"[]"` | ### WireGuard -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| WIREGUARD_PORT | A port on which WireGuard will listen for incoming connections. | integer | 51820 | -| WIREGUARD_IPV4_ENABLED | Enable or disable IPv4 support for WireGuard. | boolean | true | -| WIREGUARD_IPV6_ENABLED | Enable or disable IPv6 support for WireGuard. | boolean | true | +| Env Key | Description | Format | Default | +| ---------------------- | --------------------------------------------------------------- | ------- | ------- | +| WIREGUARD_PORT | A port on which WireGuard will listen for incoming connections. | integer | 51820 | +| WIREGUARD_IPV4_ENABLED | Enable or disable IPv4 support for WireGuard. | boolean | true | +| WIREGUARD_IPV6_ENABLED | Enable or disable IPv6 support for WireGuard. | boolean | true | ### Outbound Emails -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| OUTBOUND_EMAIL_FROM | From address to use for sending outbound emails. If not set, sending email will be disabled (default). | string | generated | -| OUTBOUND_EMAIL_ADAPTER | Method to use for sending outbound email. | One of `Swoosh.Adapters.AmazonSES`, `Swoosh.Adapters.CustomerIO`, `Swoosh.Adapters.Dyn`, `Swoosh.Adapters.ExAwsAmazonSES`, `Swoosh.Adapters.Gmail`, `Swoosh.Adapters.MailPace`, `Swoosh.Adapters.Mailgun`, `Swoosh.Adapters.Mailjet`, `Swoosh.Adapters.Mandrill`, `Swoosh.Adapters.Postmark`, `Swoosh.Adapters.ProtonBridge`, `Swoosh.Adapters.SMTP`, `Swoosh.Adapters.SMTP2GO`, `Swoosh.Adapters.Sendgrid`, `Swoosh.Adapters.Sendinblue`, `Swoosh.Adapters.Sendmail`, `Swoosh.Adapters.SocketLabs`, `Swoosh.Adapters.SparkPost`, `FzHttpWeb.Mailer.NoopAdapter` | `FzHttpWeb.Mailer.NoopAdapter` | -| OUTBOUND_EMAIL_ADAPTER_OPTS | Adapter configuration, for list of options see [Swoosh Adapters](https://github.com/swoosh/swoosh#adapters). | JSON-encoded map | `{}` | +| Env Key | Description | Format | Default | +| --------------------------- | ------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| OUTBOUND_EMAIL_FROM | From address to use for sending outbound emails. If not set, sending email will be disabled (default). | string | generated | +| OUTBOUND_EMAIL_ADAPTER | Method to use for sending outbound email. | One of `Swoosh.Adapters.AmazonSES`, `Swoosh.Adapters.CustomerIO`, `Swoosh.Adapters.Dyn`, `Swoosh.Adapters.ExAwsAmazonSES`, `Swoosh.Adapters.Gmail`, `Swoosh.Adapters.MailPace`, `Swoosh.Adapters.Mailgun`, `Swoosh.Adapters.Mailjet`, `Swoosh.Adapters.Mandrill`, `Swoosh.Adapters.Postmark`, `Swoosh.Adapters.ProtonBridge`, `Swoosh.Adapters.SMTP`, `Swoosh.Adapters.SMTP2GO`, `Swoosh.Adapters.Sendgrid`, `Swoosh.Adapters.Sendinblue`, `Swoosh.Adapters.Sendmail`, `Swoosh.Adapters.SocketLabs`, `Swoosh.Adapters.SparkPost`, `FzHttpWeb.Mailer.NoopAdapter` | `FzHttpWeb.Mailer.NoopAdapter` | +| OUTBOUND_EMAIL_ADAPTER_OPTS | Adapter configuration, for list of options see [Swoosh Adapters](https://github.com/swoosh/swoosh#adapters). | JSON-encoded map | `{}` | ### Connectivity Checks -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| CONNECTIVITY_CHECKS_ENABLED | Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate `Endpoint` fields. | boolean | true | -| CONNECTIVITY_CHECKS_INTERVAL | Periodicity in seconds to check for egress connectivity. | integer | 43200 | +| Env Key | Description | Format | Default | +| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------- | ------- | +| CONNECTIVITY_CHECKS_ENABLED | Enable / disable periodic checking for egress connectivity. Determines the instance's public IP to populate `Endpoint` fields. | boolean | true | +| CONNECTIVITY_CHECKS_INTERVAL | Periodicity in seconds to check for egress connectivity. | integer | 43200 | ### Telemetry -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| TELEMETRY_ENABLED | Enable or disable the Firezone telemetry collection.

For more details see https://docs.firezone.dev/reference/telemetry/. | boolean | true | +| Env Key | Description | Format | Default | +| ----------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------- | ------- | +| TELEMETRY_ENABLED | Enable or disable the Firezone telemetry collection.

For more details see https://docs.firezone.dev/reference/telemetry/. | boolean | true | ### Other -| Env Key | Description | Format | Default | -| ------ | --------------- | ------ | ------- | -| LOGO | The path to a logo image file to replace default Firezone logo. | {:embed, FzHttp.Config.Logo} | `` | +| Env Key | Description | Format | Default | +| ------- | --------------------------------------------------------------- | ---------------------------- | ------- | +| LOGO | The path to a logo image file to replace default Firezone logo. | {:embed, FzHttp.Config.Logo} | `` | diff --git a/www/docs/reference/rest-api/configurations.mdx b/www/docs/reference/rest-api/configurations.mdx index c1f521610..54a0b121a 100644 --- a/www/docs/reference/rest-api/configurations.mdx +++ b/www/docs/reference/rest-api/configurations.mdx @@ -39,13 +39,13 @@ Content-Type: application/json; charset=utf-8 "default_client_mtu": 1280, "default_client_persistent_keepalive": 25, "disable_vpn_on_oidc_error": false, - "id": "1c5b3594-1309-4779-b01d-cd21bee561b8", - "inserted_at": "2023-02-16T17:31:21.614660Z", + "id": "9fe70a6b-8af7-46e3-88d2-050804edca94", + "inserted_at": "2023-02-21T19:41:56.505552Z", "local_auth_enabled": true, "logo": {}, "openid_connect_providers": [], "saml_identity_providers": [], - "updated_at": "2023-02-16T17:31:21.614660Z", + "updated_at": "2023-02-21T19:41:56.505552Z", "vpn_session_duration": 0 } } @@ -126,8 +126,8 @@ Content-Type: application/json; charset=utf-8 "default_client_mtu": 1100, "default_client_persistent_keepalive": 1, "disable_vpn_on_oidc_error": true, - "id": "1c5b3594-1309-4779-b01d-cd21bee561b8", - "inserted_at": "2023-02-16T17:31:21.614660Z", + "id": "9fe70a6b-8af7-46e3-88d2-050804edca94", + "inserted_at": "2023-02-21T19:41:56.505552Z", "local_auth_enabled": false, "logo": {}, "openid_connect_providers": [ @@ -156,7 +156,7 @@ Content-Type: application/json; charset=utf-8 "signed_envelopes_in_resp": false } ], - "updated_at": "2023-02-18T18:55:51.972476Z", + "updated_at": "2023-02-21T19:42:17.438639Z", "vpn_session_duration": 100 } } diff --git a/www/docs/reference/rest-api/devices.mdx b/www/docs/reference/rest-api/devices.mdx index 65279cb4b..02478f37c 100644 --- a/www/docs/reference/rest-api/devices.mdx +++ b/www/docs/reference/rest-api/devices.mdx @@ -34,27 +34,27 @@ Content-Type: application/json; charset=utf-8 "1.0.0.1" ], "endpoint": "localhost:51820", - "id": "3e768884-c957-482c-8467-08e457f4acea", - "inserted_at": "2023-02-18T18:55:51.295135Z", - "ipv4": "100.104.159.238", - "ipv6": "fd00::d:a98a", + "id": "2b6c28a8-ca1b-4ecc-8133-b3d6619d47af", + "inserted_at": "2023-02-21T19:42:16.612776Z", + "ipv4": "100.93.194.179", + "ipv6": "fd00::22:71ab", "latest_handshake": null, "mtu": 1280, - "name": "factory 3555", + "name": "factory 4135", "persistent_keepalive": 25, - "preshared_key": "Ev+p0ASEswYRzLVtZX+cAhadlOPmAhH1/coj/i4Mrug=", - "public_key": "IwJeJ05UPKacEUKoQazEfzVMySiUa0prvRxZYCSteQs=", + "preshared_key": "r8nGfWLQWzp2AyCKMfVfrU9AzNtCbcExQt/Xv15UnPA=", + "public_key": "qNBDIg99AQV5Zr3I3gOtCjBpf+8y5g1wft8r55ZPCSg=", "remote_ip": null, "rx_bytes": null, "server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=", "tx_bytes": null, - "updated_at": "2023-02-18T18:55:51.295135Z", + "updated_at": "2023-02-21T19:42:16.612776Z", "use_default_allowed_ips": true, "use_default_dns": true, "use_default_endpoint": true, "use_default_mtu": true, "use_default_persistent_keepalive": true, - "user_id": "e555125b-9831-470e-adbd-b4bffcdcfa8e" + "user_id": "7c69c4a8-e335-40e0-b946-088a793873a9" }, { "allowed_ips": [ @@ -67,27 +67,27 @@ Content-Type: application/json; charset=utf-8 "1.0.0.1" ], "endpoint": "localhost:51820", - "id": "c49e49ad-0a23-4857-9a70-c2b47d399f8c", - "inserted_at": "2023-02-18T18:55:51.272421Z", - "ipv4": "100.97.251.99", - "ipv6": "fd00::10:70ff", + "id": "c570ecf3-bf90-449e-9396-e11f3f5e1c3c", + "inserted_at": "2023-02-21T19:42:16.619638Z", + "ipv4": "100.66.157.239", + "ipv6": "fd00::1a:8b94", "latest_handshake": null, "mtu": 1280, - "name": "factory 3395", + "name": "factory 3428", "persistent_keepalive": 25, - "preshared_key": "IwAp9NXPyuVbWhqT2YnMydKKxzZM/azEQlcn8uNC9UA=", - "public_key": "wyiIyos+4gsK1FovaHji5tDsNZHz9eqPuP+aXQvaKKc=", + "preshared_key": "iPVrNTAmZIaptYD9kqgDSy3etX02PrKP2xDEwaU0CTk=", + "public_key": "5XHK3GYXPD5/rqND52mgYL9VjY64M1O/0xtl3w21p+E=", "remote_ip": null, "rx_bytes": null, "server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=", "tx_bytes": null, - "updated_at": "2023-02-18T18:55:51.272421Z", + "updated_at": "2023-02-21T19:42:16.619638Z", "use_default_allowed_ips": true, "use_default_dns": true, "use_default_endpoint": true, "use_default_mtu": true, "use_default_persistent_keepalive": true, - "user_id": "84ae42a2-00b6-4518-a02e-636846a2b517" + "user_id": "3c5c32d8-913c-44ca-9211-9c401dffc0ee" }, { "allowed_ips": [ @@ -100,27 +100,27 @@ Content-Type: application/json; charset=utf-8 "1.0.0.1" ], "endpoint": "localhost:51820", - "id": "2803d77b-5f34-4277-ab15-afc452792d53", - "inserted_at": "2023-02-18T18:55:51.280811Z", - "ipv4": "100.124.65.64", - "ipv6": "fd00::10:c793", + "id": "d07e42e0-205c-495b-bee7-bbd29a7cb22c", + "inserted_at": "2023-02-21T19:42:16.625365Z", + "ipv4": "100.98.252.135", + "ipv6": "fd00::33:7a15", "latest_handshake": null, "mtu": 1280, - "name": "factory 3301", + "name": "factory 5186", "persistent_keepalive": 25, - "preshared_key": "p1xB8mSPSYqWeQ88zuomTe3/qP/dGNHIWMuhZV35aNw=", - "public_key": "kjnSbt1PzVNxy2Zk0WU61+euwB47PhkYGVjPH3Qu3ws=", + "preshared_key": "PwcToalzmZ+aDXT7HDDOC+YsK+HzSdw8pX/e9FtdUQ4=", + "public_key": "LrWe6VAmNrI4lU2GtlS8W//U3lEu5LmnpXzEAPgu2K0=", "remote_ip": null, "rx_bytes": null, "server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=", "tx_bytes": null, - "updated_at": "2023-02-18T18:55:51.280811Z", + "updated_at": "2023-02-21T19:42:16.625365Z", "use_default_allowed_ips": true, "use_default_dns": true, "use_default_endpoint": true, "use_default_mtu": true, "use_default_persistent_keepalive": true, - "user_id": "8b93ed2e-0413-4aa4-8141-d47ab9a44489" + "user_id": "0e67b63f-0c4d-499f-9c82-aeb8e15d46c1" }, { "allowed_ips": [ @@ -133,27 +133,27 @@ Content-Type: application/json; charset=utf-8 "1.0.0.1" ], "endpoint": "localhost:51820", - "id": "e40913be-777b-4c8c-b046-729691d3ab3d", - "inserted_at": "2023-02-18T18:55:51.288043Z", - "ipv4": "100.110.155.13", - "ipv6": "fd00::36:ad92", + "id": "73e897da-7e96-4839-a1b3-3c22b517cd87", + "inserted_at": "2023-02-21T19:42:16.630393Z", + "ipv4": "100.127.77.200", + "ipv6": "fd00::13:a5da", "latest_handshake": null, "mtu": 1280, - "name": "factory 3461", + "name": "factory 5250", "persistent_keepalive": 25, - "preshared_key": "81ZGYaMfpDMGJ1NSAA6X2m82WcHrj/JYSSUxHcEGtNc=", - "public_key": "e9zG3QTAFUx+3TixOgtTc1K3xLqmz+2ePIjQC6yvfiw=", + "preshared_key": "p0ZePh6jGs2cnxhampSudq/qyWDTqZUvAmuDuQzIhg8=", + "public_key": "Xi4k6cp5bWF3it3sHKlu7/Pc4PQ/0CNhFDC/4e1QJ8c=", "remote_ip": null, "rx_bytes": null, "server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=", "tx_bytes": null, - "updated_at": "2023-02-18T18:55:51.288043Z", + "updated_at": "2023-02-21T19:42:16.630393Z", "use_default_allowed_ips": true, "use_default_dns": true, "use_default_endpoint": true, "use_default_mtu": true, "use_default_persistent_keepalive": true, - "user_id": "dc94df4e-a0f6-4982-9964-c266eb2b9760" + "user_id": "219cc61b-a9fc-40f6-960c-9dc49b6a9285" }, { "allowed_ips": [ @@ -166,27 +166,27 @@ Content-Type: application/json; charset=utf-8 "1.0.0.1" ], "endpoint": "localhost:51820", - "id": "ac9b4b14-2931-462b-8f69-0eaab1e09c79", - "inserted_at": "2023-02-18T18:55:51.306250Z", - "ipv4": "100.127.98.215", - "ipv6": "fd00::3:ba30", + "id": "0264a1e7-d856-427a-bdab-56b27dad953e", + "inserted_at": "2023-02-21T19:42:16.635042Z", + "ipv4": "100.82.95.202", + "ipv6": "fd00::8:ee28", "latest_handshake": null, "mtu": 1280, - "name": "factory 3651", + "name": "factory 3493", "persistent_keepalive": 25, - "preshared_key": "zVx8+DzRh8k3RcdadCmN+Rv7tMYBeB6NssRZKXiDPJU=", - "public_key": "itqdVYUfCY48iWiSfNR6+fidTKK2WXeWLwJybMiv3Mc=", + "preshared_key": "LG/iIPIUfoGcXSCSYuw+DGJVYJkdwjNtqZCzvIgGsWw=", + "public_key": "Ypxx0s+69Zrcrm9V+EpXDSOnZ2vhYfeVaKL6ayZ+xWA=", "remote_ip": null, "rx_bytes": null, "server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=", "tx_bytes": null, - "updated_at": "2023-02-18T18:55:51.306250Z", + "updated_at": "2023-02-21T19:42:16.635042Z", "use_default_allowed_ips": true, "use_default_dns": true, "use_default_endpoint": true, "use_default_mtu": true, "use_default_persistent_keepalive": true, - "user_id": "49e2e587-f979-4aae-bad5-a513872526b5" + "user_id": "f60df8f7-9274-49a4-a5d3-9c772b7e81bb" } ] } @@ -226,14 +226,14 @@ $ curl -i \ "use_default_endpoint": false, "use_default_mtu": false, "use_default_persistent_keepalive": false, - "user_id": "6b657ede-8018-4b00-b8a0-28c6de4337dc" + "user_id": "037f7617-93f1-4f7b-b8d5-db0512a7de10" } }' EOF HTTP/1.1 201 Content-Type: application/json; charset=utf-8 -Location: /v0/devices/9341237e-8d5c-4b88-8a04-90f622d79b88 +Location: /v0/devices/fe5e53fd-faac-4436-9e6e-76c00d2e7f47 { "data": { @@ -247,8 +247,8 @@ Location: /v0/devices/9341237e-8d5c-4b88-8a04-90f622d79b88 "9.9.9.8" ], "endpoint": "9.9.9.9", - "id": "9341237e-8d5c-4b88-8a04-90f622d79b88", - "inserted_at": "2023-02-18T18:55:51.232890Z", + "id": "fe5e53fd-faac-4436-9e6e-76c00d2e7f47", + "inserted_at": "2023-02-21T19:42:16.821122Z", "ipv4": "100.64.0.2", "ipv6": "fd00::2", "latest_handshake": null, @@ -261,13 +261,13 @@ Location: /v0/devices/9341237e-8d5c-4b88-8a04-90f622d79b88 "rx_bytes": null, "server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=", "tx_bytes": null, - "updated_at": "2023-02-18T18:55:51.232890Z", + "updated_at": "2023-02-21T19:42:16.821122Z", "use_default_allowed_ips": false, "use_default_dns": false, "use_default_endpoint": false, "use_default_mtu": false, "use_default_persistent_keepalive": false, - "user_id": "6b657ede-8018-4b00-b8a0-28c6de4337dc" + "user_id": "037f7617-93f1-4f7b-b8d5-db0512a7de10" } } ``` @@ -278,7 +278,7 @@ Location: /v0/devices/9341237e-8d5c-4b88-8a04-90f622d79b88 #### Example **URI Parameters:** - - `id`: `996f3a7e-8314-4caa-88ca-67b0a798810b` + - `id`: `a8ede14d-7ffd-42b1-a0c4-28d4aa5d0749` ```bash $ curl -i \ -X GET "https://{firezone_host}/v0/devices/{id}" \ @@ -300,27 +300,27 @@ Content-Type: application/json; charset=utf-8 "1.0.0.1" ], "endpoint": "localhost:51820", - "id": "996f3a7e-8314-4caa-88ca-67b0a798810b", - "inserted_at": "2023-02-18T18:55:49.480530Z", - "ipv4": "100.115.46.241", - "ipv6": "fd00::13:a505", + "id": "a8ede14d-7ffd-42b1-a0c4-28d4aa5d0749", + "inserted_at": "2023-02-21T19:42:16.861814Z", + "ipv4": "100.67.104.45", + "ipv6": "fd00::30:dad3", "latest_handshake": null, "mtu": 1280, - "name": "factory 2050", + "name": "factory 4581", "persistent_keepalive": 25, - "preshared_key": "zwYGMjuBBLZk4YkBlDx5LZHOf6gf35b6/2SoFZIc8a0=", - "public_key": "CZz2mwmaCyNrjAcANfOCPpozFrIOkDvCaaoeb6O3hvw=", + "preshared_key": "G1UmGBirIP2XiBOVb0OcKnLjvhNQrUXq5WcwpYozzsc=", + "public_key": "dDRr56ECg6sLBKT4+wDVkkL6JhzcmI+jOfgbp1NBydY=", "remote_ip": null, "rx_bytes": null, "server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=", "tx_bytes": null, - "updated_at": "2023-02-18T18:55:49.480530Z", + "updated_at": "2023-02-21T19:42:16.861814Z", "use_default_allowed_ips": true, "use_default_dns": true, "use_default_endpoint": true, "use_default_mtu": true, "use_default_persistent_keepalive": true, - "user_id": "1e4c2c8b-914a-4cd7-b3f0-fd2b2c401e17" + "user_id": "a7182e3d-be17-4833-9669-c0efe861541a" } } ``` @@ -331,7 +331,7 @@ Content-Type: application/json; charset=utf-8 #### Example **URI Parameters:** - - `id`: `f8dccb0b-2b2a-463c-a5f0-630df7c2ea53` + - `id`: `d87aae90-e4b2-4e2b-92c2-728f02053745` ```bash $ curl -i \ -X PUT "https://{firezone_host}/v0/devices/{id}" \ @@ -381,8 +381,8 @@ Content-Type: application/json; charset=utf-8 "9.9.9.8" ], "endpoint": "9.9.9.9", - "id": "f8dccb0b-2b2a-463c-a5f0-630df7c2ea53", - "inserted_at": "2023-02-18T18:55:51.243689Z", + "id": "d87aae90-e4b2-4e2b-92c2-728f02053745", + "inserted_at": "2023-02-21T19:42:16.734558Z", "ipv4": "100.64.0.2", "ipv6": "fd00::2", "latest_handshake": null, @@ -395,13 +395,13 @@ Content-Type: application/json; charset=utf-8 "rx_bytes": null, "server_public_key": "is+0ov0/SZ9I+qyDD+adVoH9LreWHa85QQgpt6RUtA4=", "tx_bytes": null, - "updated_at": "2023-02-18T18:55:51.255811Z", + "updated_at": "2023-02-21T19:42:16.744067Z", "use_default_allowed_ips": false, "use_default_dns": false, "use_default_endpoint": false, "use_default_mtu": false, "use_default_persistent_keepalive": false, - "user_id": "1233e2d4-c9ba-4d2a-bb8b-ac23050eba78" + "user_id": "e3199f2c-8bf1-4371-8217-b7277bfedae6" } } ``` @@ -412,7 +412,7 @@ Content-Type: application/json; charset=utf-8 #### Example **URI Parameters:** - - `id`: `1385934c-17f4-4129-9e66-cbba1e4c1734` + - `id`: `8a7e0c57-7e12-433c-8a6c-151359c5b3e3` ```bash $ curl -i \ -X DELETE "https://{firezone_host}/v0/devices/{id}" \ diff --git a/www/docs/reference/rest-api/rules.mdx b/www/docs/reference/rest-api/rules.mdx index d5e2c5d0b..c4f1c5694 100644 --- a/www/docs/reference/rest-api/rules.mdx +++ b/www/docs/reference/rest-api/rules.mdx @@ -26,51 +26,51 @@ Content-Type: application/json; charset=utf-8 { "action": "drop", "destination": "10.3.2.1", - "id": "f0f6bd4e-f68b-4347-ada6-4d024787aae9", - "inserted_at": "2023-02-18T18:55:51.352217Z", + "id": "db5a18ef-a033-48fb-a318-af054c8d3ace", + "inserted_at": "2023-02-21T19:42:16.822620Z", "port_range": null, "port_type": null, - "updated_at": "2023-02-18T18:55:51.352217Z", + "updated_at": "2023-02-21T19:42:16.822620Z", "user_id": null }, { "action": "drop", "destination": "10.3.2.2", - "id": "0d2b5c4d-92e0-4271-adf3-9ad852d2bda7", - "inserted_at": "2023-02-18T18:55:51.353801Z", + "id": "2b02c33b-4589-4912-bf38-44bc3853a611", + "inserted_at": "2023-02-21T19:42:16.824085Z", "port_range": null, "port_type": null, - "updated_at": "2023-02-18T18:55:51.353801Z", + "updated_at": "2023-02-21T19:42:16.824085Z", "user_id": null }, { "action": "drop", "destination": "10.3.2.3", - "id": "1b9e57f4-0510-46c5-8440-ce1fec30af66", - "inserted_at": "2023-02-18T18:55:51.354824Z", + "id": "2b93d655-f870-4c2e-942d-529234f58289", + "inserted_at": "2023-02-21T19:42:16.825104Z", "port_range": null, "port_type": null, - "updated_at": "2023-02-18T18:55:51.354824Z", + "updated_at": "2023-02-21T19:42:16.825104Z", "user_id": null }, { "action": "drop", "destination": "10.3.2.4", - "id": "99d86823-1b87-49f5-8522-c1c2ba7d42b3", - "inserted_at": "2023-02-18T18:55:51.355740Z", + "id": "fb74d75b-6ce3-420b-9d15-532832110c58", + "inserted_at": "2023-02-21T19:42:16.826185Z", "port_range": null, "port_type": null, - "updated_at": "2023-02-18T18:55:51.355740Z", + "updated_at": "2023-02-21T19:42:16.826185Z", "user_id": null }, { "action": "drop", "destination": "10.3.2.5", - "id": "57e0237f-1dc2-4f6c-849c-5c24e47efd23", - "inserted_at": "2023-02-18T18:55:51.356725Z", + "id": "392cee84-07ef-4ecd-9c9f-b916e2aff155", + "inserted_at": "2023-02-21T19:42:16.827016Z", "port_range": null, "port_type": null, - "updated_at": "2023-02-18T18:55:51.356725Z", + "updated_at": "2023-02-21T19:42:16.827016Z", "user_id": null } ] @@ -93,25 +93,25 @@ $ curl -i \ "destination": "1.1.1.1/24", "port_range": "1 - 2", "port_type": "udp", - "user_id": "d6e0fef3-8b87-496a-aa63-34178d559b71" + "user_id": "a80e866c-bee5-4dfd-adc0-3847b67b9d56" } }' EOF HTTP/1.1 201 Content-Type: application/json; charset=utf-8 -Location: /v0/rules/cac89e93-00d3-4d98-ad50-b75a60b0a464 +Location: /v0/rules/c9a8a01e-d852-49c0-bcdb-5ea5f70ad932 { "data": { "action": "accept", "destination": "1.1.1.1/24", - "id": "cac89e93-00d3-4d98-ad50-b75a60b0a464", - "inserted_at": "2023-02-18T18:55:51.290304Z", + "id": "c9a8a01e-d852-49c0-bcdb-5ea5f70ad932", + "inserted_at": "2023-02-21T19:42:16.853089Z", "port_range": "1 - 2", "port_type": "udp", - "updated_at": "2023-02-18T18:55:51.290304Z", - "user_id": "d6e0fef3-8b87-496a-aa63-34178d559b71" + "updated_at": "2023-02-21T19:42:16.853089Z", + "user_id": "a80e866c-bee5-4dfd-adc0-3847b67b9d56" } } ``` @@ -122,7 +122,7 @@ Location: /v0/rules/cac89e93-00d3-4d98-ad50-b75a60b0a464 #### Example **URI Parameters:** - - `id`: `7b91d771-8c4a-45aa-8b6f-0cb5b7e486fc` + - `id`: `cf77ba9e-604d-408d-a444-4fcee57662d3` ```bash $ curl -i \ -X GET "https://{firezone_host}/v0/rules/{id}" \ @@ -136,11 +136,11 @@ Content-Type: application/json; charset=utf-8 "data": { "action": "drop", "destination": "10.10.10.0/24", - "id": "7b91d771-8c4a-45aa-8b6f-0cb5b7e486fc", - "inserted_at": "2023-02-18T18:55:51.211234Z", + "id": "cf77ba9e-604d-408d-a444-4fcee57662d3", + "inserted_at": "2023-02-21T19:42:16.881405Z", "port_range": null, "port_type": null, - "updated_at": "2023-02-18T18:55:51.211234Z", + "updated_at": "2023-02-21T19:42:16.881405Z", "user_id": null } } @@ -152,7 +152,7 @@ Content-Type: application/json; charset=utf-8 #### Example **URI Parameters:** - - `id`: `ca67b973-2ee6-4bc5-942c-848990eaae49` + - `id`: `21275ade-d14e-4421-8cdf-49bca4d84d63` ```bash $ curl -i \ -X PUT "https://{firezone_host}/v0/rules/{id}" \ @@ -176,11 +176,11 @@ Content-Type: application/json; charset=utf-8 "data": { "action": "accept", "destination": "1.1.1.1/24", - "id": "ca67b973-2ee6-4bc5-942c-848990eaae49", - "inserted_at": "2023-02-18T18:55:51.294125Z", + "id": "21275ade-d14e-4421-8cdf-49bca4d84d63", + "inserted_at": "2023-02-21T19:42:16.786969Z", "port_range": "1 - 2", "port_type": "udp", - "updated_at": "2023-02-18T18:55:51.313846Z", + "updated_at": "2023-02-21T19:42:16.795630Z", "user_id": null } } @@ -192,7 +192,7 @@ Content-Type: application/json; charset=utf-8 #### Example **URI Parameters:** - - `id`: `7e8a2c10-3a34-4e94-bc10-70c1ba265f99` + - `id`: `526b66e7-6433-4607-af87-9046a3c801e9` ```bash $ curl -i \ -X DELETE "https://{firezone_host}/v0/rules/{id}" \ diff --git a/www/docs/reference/rest-api/users.mdx b/www/docs/reference/rest-api/users.mdx index 17cae19b3..36cb691cd 100644 --- a/www/docs/reference/rest-api/users.mdx +++ b/www/docs/reference/rest-api/users.mdx @@ -40,43 +40,43 @@ Content-Type: application/json; charset=utf-8 "data": [ { "disabled_at": null, - "email": "test-4578@test", - "id": "61598ea6-acaa-4308-b12f-2da95b312387", - "inserted_at": "2023-02-18T18:55:50.972304Z", + "email": "test-8357@test", + "id": "97b501a3-3d19-4755-9355-e69e8343e3fe", + "inserted_at": "2023-02-21T19:42:17.788005Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "admin", - "updated_at": "2023-02-18T18:55:50.972304Z" + "updated_at": "2023-02-21T19:42:17.788005Z" }, { "disabled_at": null, - "email": "test-2280@test", - "id": "9cde3f7f-db18-49b7-84de-b88675c6ab73", - "inserted_at": "2023-02-18T18:55:50.973729Z", + "email": "test-8389@test", + "id": "95de026c-85cb-437f-9f65-7598eecd2500", + "inserted_at": "2023-02-21T19:42:17.789353Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "admin", - "updated_at": "2023-02-18T18:55:50.973729Z" + "updated_at": "2023-02-21T19:42:17.789353Z" }, { "disabled_at": null, - "email": "test-2312@test", - "id": "820eb7eb-354e-4f6f-8fdc-acbab6e35e7b", - "inserted_at": "2023-02-18T18:55:50.975468Z", + "email": "test-8421@test", + "id": "7318786c-00ef-4cb1-afde-5a36698abc5a", + "inserted_at": "2023-02-21T19:42:17.791365Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "admin", - "updated_at": "2023-02-18T18:55:50.975468Z" + "updated_at": "2023-02-21T19:42:17.791365Z" }, { "disabled_at": null, - "email": "test-2344@test", - "id": "a2b12d92-9498-4b88-b2fc-215b612714c4", - "inserted_at": "2023-02-18T18:55:50.976834Z", + "email": "test-8453@test", + "id": "c930b715-b9f6-40af-970a-cf02da7d7f89", + "inserted_at": "2023-02-21T19:42:17.792835Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "admin", - "updated_at": "2023-02-18T18:55:50.976834Z" + "updated_at": "2023-02-21T19:42:17.792835Z" } ] } @@ -88,7 +88,7 @@ Create a new User. This endpoint is useful in two cases: - 1. When [Local Authentication](/authenticate/local-auth/) is enabled (discouraged in + 1. When [Local Authentication](/docs/authenticate/local-auth/) is enabled (discouraged in production deployments), it allows an administrator to provision users with their passwords; 2. When `auto_create_users` in the associated OpenID or SAML configuration is disabled, it allows an administrator to provision users with their emails beforehand, effectively @@ -126,18 +126,18 @@ EOF HTTP/1.1 201 Content-Type: application/json; charset=utf-8 -Location: /v0/users/1c4476d8-b3ed-4e2a-a327-43d8a8145902 +Location: /v0/users/98a7f35a-b517-44fb-8381-9ca84d9adebb { "data": { "disabled_at": null, "email": "new-user@test", - "id": "1c4476d8-b3ed-4e2a-a327-43d8a8145902", - "inserted_at": "2023-02-18T18:55:51.312737Z", + "id": "98a7f35a-b517-44fb-8381-9ca84d9adebb", + "inserted_at": "2023-02-21T19:42:17.682511Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "unprivileged", - "updated_at": "2023-02-18T18:55:51.312737Z" + "updated_at": "2023-02-21T19:42:17.682511Z" } } ``` @@ -158,18 +158,18 @@ EOF HTTP/1.1 201 Content-Type: application/json; charset=utf-8 -Location: /v0/users/b0c662db-fe4b-4be6-8cba-b96e6de85d3c +Location: /v0/users/ccd53707-1edf-4a4f-b4e8-26aa6ef9adec { "data": { "disabled_at": null, "email": "new-user@test", - "id": "b0c662db-fe4b-4be6-8cba-b96e6de85d3c", - "inserted_at": "2023-02-18T18:55:51.143811Z", + "id": "ccd53707-1edf-4a4f-b4e8-26aa6ef9adec", + "inserted_at": "2023-02-21T19:42:17.704086Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "unprivileged", - "updated_at": "2023-02-18T18:55:51.143811Z" + "updated_at": "2023-02-21T19:42:17.704086Z" } } ``` @@ -190,18 +190,18 @@ EOF HTTP/1.1 201 Content-Type: application/json; charset=utf-8 -Location: /v0/users/859b1c5f-d25e-4e15-bdba-1cb90de3b4f1 +Location: /v0/users/16ea7401-4eb8-4b48-a711-172ae117ac05 { "data": { "disabled_at": null, "email": "new-user@test", - "id": "859b1c5f-d25e-4e15-bdba-1cb90de3b4f1", - "inserted_at": "2023-02-18T18:55:51.071112Z", + "id": "16ea7401-4eb8-4b48-a711-172ae117ac05", + "inserted_at": "2023-02-21T19:42:17.745811Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "admin", - "updated_at": "2023-02-18T18:55:51.071112Z" + "updated_at": "2023-02-21T19:42:17.745811Z" } } ``` @@ -241,7 +241,7 @@ Content-Type: application/json; charset=utf-8 #### An email can be used instead of ID. **URI Parameters:** - - `id`: `test-2757@test` + - `id`: `test-6725@test` ```bash $ curl -i \ -X GET "https://{firezone_host}/v0/users/{id}" \ @@ -254,13 +254,13 @@ Content-Type: application/json; charset=utf-8 { "data": { "disabled_at": null, - "email": "test-2757@test", - "id": "a6150251-3d5d-4eef-b918-feefbb18e986", - "inserted_at": "2023-02-18T18:55:51.102821Z", + "email": "test-6725@test", + "id": "da45a8d6-581c-4e63-96ee-61de158829e4", + "inserted_at": "2023-02-21T19:42:17.575002Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "admin", - "updated_at": "2023-02-18T18:55:51.102821Z" + "updated_at": "2023-02-21T19:42:17.575002Z" } } ``` @@ -272,7 +272,7 @@ For details please see [Create a User](#create-a-user-post-v0users) section. #### Update by email **URI Parameters:** - - `id`: `test-4452@test` + - `id`: `test-5315@test` ```bash $ curl -i \ -X PUT "https://{firezone_host}/v0/users/{id}" \ @@ -290,20 +290,20 @@ Content-Type: application/json; charset=utf-8 { "data": { "disabled_at": null, - "email": "test-4452@test", - "id": "18fcbb10-af71-45fd-841e-8419f5d48a76", - "inserted_at": "2023-02-18T18:55:51.316849Z", + "email": "test-5315@test", + "id": "784d4612-c3d0-4072-bb90-036b51db5df5", + "inserted_at": "2023-02-21T19:42:17.585416Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "unprivileged", - "updated_at": "2023-02-18T18:55:51.316849Z" + "updated_at": "2023-02-21T19:42:17.585416Z" } } ``` #### Update by ID **URI Parameters:** - - `id`: `43838f3c-47e6-4368-851b-4004d389d0e2` + - `id`: `966311e8-c718-47e2-9b20-7c87bda1ed83` ```bash $ curl -i \ -X PUT "https://{firezone_host}/v0/users/{id}" \ @@ -321,13 +321,13 @@ Content-Type: application/json; charset=utf-8 { "data": { "disabled_at": null, - "email": "test-5026@test", - "id": "43838f3c-47e6-4368-851b-4004d389d0e2", - "inserted_at": "2023-02-18T18:55:51.074271Z", + "email": "test-4262@test", + "id": "966311e8-c718-47e2-9b20-7c87bda1ed83", + "inserted_at": "2023-02-21T19:42:17.487017Z", "last_signed_in_at": null, "last_signed_in_method": null, "role": "unprivileged", - "updated_at": "2023-02-18T18:55:51.074271Z" + "updated_at": "2023-02-21T19:42:17.487017Z" } } ``` @@ -338,7 +338,7 @@ Content-Type: application/json; charset=utf-8 #### Example **URI Parameters:** - - `id`: `65871243-ac8a-4c46-97b7-01e710d6e05e` + - `id`: `a1a32c77-d55a-47a5-94ba-6ea065efdc18` ```bash $ curl -i \ -X DELETE "https://{firezone_host}/v0/users/{id}" \ @@ -351,7 +351,7 @@ Content-Type: application/json; charset=utf-8 #### An email can be used instead of ID. **URI Parameters:** - - `id`: `test-4866@test` + - `id`: `test-7109@test` ```bash $ curl -i \ -X DELETE "https://{firezone_host}/v0/users/{id}" \