Skip to main content
POST
Test a Federation Configuration End-to-End

Body

application/json

The request body resource

config
object
required

Config is the candidate federation configuration to test. Required. Carries the plaintext admin_credentials_json the resolver will use to authenticate; the value never reaches persistence on this endpoint.

connection
object
required

Connection is the candidate connection the probe runs against. Required. The endpoint does NOT look up a persisted connection by name/id — the caller supplies the agent, command, script and envs directly so a wizard draft can be exercised before persistence.

user_email
string
required

UserEmail is the synthetic user to resolve. Required.

Example:

"alice@example.com"

user_id
string

UserID is the synthetic user ID. Optional; defaults to a deterministic UUID derived from UserEmail.

Example:

"00000000-0000-0000-0000-000000000001"

Response

OK

admin_principal
string

AdminPrincipal is the impersonator identity (e.g. admin SA email).

Example:

"hoop-admin@proj.iam.gserviceaccount.com"

env_var_keys
string[]

EnvVarKeys lists the env vars the resolver injected into the probe. Values are never returned.

Example:
error
string

Error is the human-readable failure reason when Success=false. Populated for federation-resolve failures; probe-side failures are reported via ProbeStatus + ProbeOutput.

Example:

"failed minting access token: permission denied"

probe_output
string

ProbeOutput is the agent's merged stdout+stderr from the smoke probe. Empty when ProbeStatus="skipped".

Example:

"+---+\n| f0_ |\n+---+\n| 1 |\n+---+"

probe_status
enum<string>

ProbeStatus reports the agent-side outcome. "success" when exit code was 0; "failed" otherwise; "skipped" when federation resolve failed and the probe was not dispatched.

Available options:
success,
failed,
skipped
Example:

"success"

resolved_principal
string

ResolvedPrincipal is the principal the resolver impersonated.

Example:

"alice@example.com"

success
boolean

Success is true only when federation resolved AND the agent probe returned exit code 0.

Example:

true

superseded_env_vars
string[]

SupersededEnvVars lists the candidate connection's static env var names that the provider's output supersedes and that were therefore stripped from the probe (and would be stripped from a real session). Lets the admin UI show "these legacy credentials were ignored" so the operator can confidently remove them from the persisted connection. Example: gcp_iam supersedes GOOGLE_APPLICATION_CREDENTIALS.

Example:
token_expires_at
string

TokenExpiresAt is the would-be credential expiry.

Example:

"2025-05-25T18:00:00Z"