rbac-api-client 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (180) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +9 -0
  3. data/README.md +175 -0
  4. data/Rakefile +10 -0
  5. data/client-meta.json +8 -0
  6. data/docs/Access.md +19 -0
  7. data/docs/AccessApi.md +68 -0
  8. data/docs/AccessPagination.md +21 -0
  9. data/docs/AccessPaginationAllOf.md +17 -0
  10. data/docs/AdditionalGroup.md +19 -0
  11. data/docs/Error.md +17 -0
  12. data/docs/Error403.md +17 -0
  13. data/docs/Group.md +19 -0
  14. data/docs/GroupApi.md +623 -0
  15. data/docs/GroupOut.md +33 -0
  16. data/docs/GroupPagination.md +21 -0
  17. data/docs/GroupPaginationAllOf.md +17 -0
  18. data/docs/GroupPrincipalIn.md +17 -0
  19. data/docs/GroupRoleIn.md +17 -0
  20. data/docs/GroupRolesPagination.md +21 -0
  21. data/docs/GroupWithPrincipals.md +27 -0
  22. data/docs/GroupWithPrincipalsAllOf.md +17 -0
  23. data/docs/GroupWithPrincipalsAndRoles.md +29 -0
  24. data/docs/GroupWithPrincipalsAndRolesAllOf.md +19 -0
  25. data/docs/InlineResponse200.md +17 -0
  26. data/docs/ListPagination.md +19 -0
  27. data/docs/PaginationLinks.md +23 -0
  28. data/docs/PaginationMeta.md +17 -0
  29. data/docs/Policy.md +19 -0
  30. data/docs/PolicyApi.md +283 -0
  31. data/docs/PolicyExtended.md +29 -0
  32. data/docs/PolicyExtendedAllOf.md +19 -0
  33. data/docs/PolicyIn.md +23 -0
  34. data/docs/PolicyInAllOf.md +19 -0
  35. data/docs/PolicyPagination.md +21 -0
  36. data/docs/PolicyPaginationAllOf.md +17 -0
  37. data/docs/Principal.md +25 -0
  38. data/docs/PrincipalApi.md +68 -0
  39. data/docs/PrincipalIn.md +17 -0
  40. data/docs/PrincipalOut.md +27 -0
  41. data/docs/PrincipalPagination.md +21 -0
  42. data/docs/PrincipalPaginationAllOf.md +17 -0
  43. data/docs/ResourceDefinition.md +17 -0
  44. data/docs/ResourceDefinitionFilter.md +21 -0
  45. data/docs/Role.md +19 -0
  46. data/docs/RoleApi.md +340 -0
  47. data/docs/RoleIn.md +21 -0
  48. data/docs/RoleInAllOf.md +17 -0
  49. data/docs/RoleOut.md +35 -0
  50. data/docs/RoleOutDynamic.md +39 -0
  51. data/docs/RoleOutDynamicAllOf.md +29 -0
  52. data/docs/RolePagination.md +21 -0
  53. data/docs/RolePaginationDynamic.md +21 -0
  54. data/docs/RolePaginationDynamicAllOf.md +17 -0
  55. data/docs/RoleWithAccess.md +37 -0
  56. data/docs/Status.md +27 -0
  57. data/docs/StatusApi.md +56 -0
  58. data/docs/Timestamped.md +19 -0
  59. data/docs/UUID.md +17 -0
  60. data/generate.sh +7 -0
  61. data/git_push.sh +58 -0
  62. data/lib/rbac-api-client.rb +93 -0
  63. data/lib/rbac-api-client/api/access_api.rb +104 -0
  64. data/lib/rbac-api-client/api/group_api.rb +800 -0
  65. data/lib/rbac-api-client/api/policy_api.rb +363 -0
  66. data/lib/rbac-api-client/api/principal_api.rb +104 -0
  67. data/lib/rbac-api-client/api/role_api.rb +445 -0
  68. data/lib/rbac-api-client/api/status_api.rb +76 -0
  69. data/lib/rbac-api-client/api_client.rb +386 -0
  70. data/lib/rbac-api-client/api_error.rb +57 -0
  71. data/lib/rbac-api-client/configuration.rb +248 -0
  72. data/lib/rbac-api-client/models/access.rb +227 -0
  73. data/lib/rbac-api-client/models/access_pagination.rb +239 -0
  74. data/lib/rbac-api-client/models/access_pagination_all_of.rb +213 -0
  75. data/lib/rbac-api-client/models/additional_group.rb +215 -0
  76. data/lib/rbac-api-client/models/error.rb +213 -0
  77. data/lib/rbac-api-client/models/error403.rb +213 -0
  78. data/lib/rbac-api-client/models/group.rb +220 -0
  79. data/lib/rbac-api-client/models/group_out.rb +341 -0
  80. data/lib/rbac-api-client/models/group_pagination.rb +239 -0
  81. data/lib/rbac-api-client/models/group_pagination_all_of.rb +213 -0
  82. data/lib/rbac-api-client/models/group_principal_in.rb +213 -0
  83. data/lib/rbac-api-client/models/group_role_in.rb +213 -0
  84. data/lib/rbac-api-client/models/group_roles_pagination.rb +239 -0
  85. data/lib/rbac-api-client/models/group_with_principals.rb +288 -0
  86. data/lib/rbac-api-client/models/group_with_principals_all_of.rb +213 -0
  87. data/lib/rbac-api-client/models/group_with_principals_and_roles.rb +304 -0
  88. data/lib/rbac-api-client/models/group_with_principals_and_roles_all_of.rb +229 -0
  89. data/lib/rbac-api-client/models/inline_response200.rb +213 -0
  90. data/lib/rbac-api-client/models/list_pagination.rb +215 -0
  91. data/lib/rbac-api-client/models/pagination_links.rb +233 -0
  92. data/lib/rbac-api-client/models/pagination_meta.rb +206 -0
  93. data/lib/rbac-api-client/models/policy.rb +220 -0
  94. data/lib/rbac-api-client/models/policy_extended.rb +302 -0
  95. data/lib/rbac-api-client/models/policy_extended_all_of.rb +227 -0
  96. data/lib/rbac-api-client/models/policy_in.rb +258 -0
  97. data/lib/rbac-api-client/models/policy_in_all_of.rb +227 -0
  98. data/lib/rbac-api-client/models/policy_pagination.rb +239 -0
  99. data/lib/rbac-api-client/models/policy_pagination_all_of.rb +213 -0
  100. data/lib/rbac-api-client/models/principal.rb +252 -0
  101. data/lib/rbac-api-client/models/principal_in.rb +211 -0
  102. data/lib/rbac-api-client/models/principal_out.rb +274 -0
  103. data/lib/rbac-api-client/models/principal_pagination.rb +239 -0
  104. data/lib/rbac-api-client/models/principal_pagination_all_of.rb +213 -0
  105. data/lib/rbac-api-client/models/resource_definition.rb +211 -0
  106. data/lib/rbac-api-client/models/resource_definition_filter.rb +273 -0
  107. data/lib/rbac-api-client/models/role.rb +220 -0
  108. data/lib/rbac-api-client/models/role_in.rb +244 -0
  109. data/lib/rbac-api-client/models/role_in_all_of.rb +213 -0
  110. data/lib/rbac-api-client/models/role_out.rb +352 -0
  111. data/lib/rbac-api-client/models/role_out_dynamic.rb +421 -0
  112. data/lib/rbac-api-client/models/role_out_dynamic_all_of.rb +346 -0
  113. data/lib/rbac-api-client/models/role_pagination.rb +239 -0
  114. data/lib/rbac-api-client/models/role_pagination_dynamic.rb +239 -0
  115. data/lib/rbac-api-client/models/role_pagination_dynamic_all_of.rb +213 -0
  116. data/lib/rbac-api-client/models/role_with_access.rb +367 -0
  117. data/lib/rbac-api-client/models/status.rb +256 -0
  118. data/lib/rbac-api-client/models/timestamped.rb +225 -0
  119. data/lib/rbac-api-client/models/uuid.rb +211 -0
  120. data/lib/rbac-api-client/version.rb +15 -0
  121. data/openapi.json +2613 -0
  122. data/rbac-api-client.gemspec +39 -0
  123. data/spec/api/access_api_spec.rb +49 -0
  124. data/spec/api/group_api_spec.rb +176 -0
  125. data/spec/api/policy_api_spec.rb +97 -0
  126. data/spec/api/principal_api_spec.rb +49 -0
  127. data/spec/api/role_api_spec.rb +110 -0
  128. data/spec/api/status_api_spec.rb +45 -0
  129. data/spec/api_client_spec.rb +226 -0
  130. data/spec/configuration_spec.rb +42 -0
  131. data/spec/models/access_pagination_all_of_spec.rb +41 -0
  132. data/spec/models/access_pagination_spec.rb +53 -0
  133. data/spec/models/access_spec.rb +47 -0
  134. data/spec/models/additional_group_spec.rb +47 -0
  135. data/spec/models/error403_spec.rb +41 -0
  136. data/spec/models/error_spec.rb +41 -0
  137. data/spec/models/group_out_spec.rb +89 -0
  138. data/spec/models/group_pagination_all_of_spec.rb +41 -0
  139. data/spec/models/group_pagination_spec.rb +53 -0
  140. data/spec/models/group_principal_in_spec.rb +41 -0
  141. data/spec/models/group_role_in_spec.rb +41 -0
  142. data/spec/models/group_roles_pagination_spec.rb +53 -0
  143. data/spec/models/group_spec.rb +47 -0
  144. data/spec/models/group_with_principals_all_of_spec.rb +41 -0
  145. data/spec/models/group_with_principals_and_roles_all_of_spec.rb +47 -0
  146. data/spec/models/group_with_principals_and_roles_spec.rb +77 -0
  147. data/spec/models/group_with_principals_spec.rb +71 -0
  148. data/spec/models/inline_response200_spec.rb +41 -0
  149. data/spec/models/list_pagination_spec.rb +47 -0
  150. data/spec/models/pagination_links_spec.rb +59 -0
  151. data/spec/models/pagination_meta_spec.rb +41 -0
  152. data/spec/models/policy_extended_all_of_spec.rb +47 -0
  153. data/spec/models/policy_extended_spec.rb +77 -0
  154. data/spec/models/policy_in_all_of_spec.rb +47 -0
  155. data/spec/models/policy_in_spec.rb +59 -0
  156. data/spec/models/policy_pagination_all_of_spec.rb +41 -0
  157. data/spec/models/policy_pagination_spec.rb +53 -0
  158. data/spec/models/policy_spec.rb +47 -0
  159. data/spec/models/principal_in_spec.rb +41 -0
  160. data/spec/models/principal_out_spec.rb +71 -0
  161. data/spec/models/principal_pagination_all_of_spec.rb +41 -0
  162. data/spec/models/principal_pagination_spec.rb +53 -0
  163. data/spec/models/principal_spec.rb +65 -0
  164. data/spec/models/resource_definition_filter_spec.rb +57 -0
  165. data/spec/models/resource_definition_spec.rb +41 -0
  166. data/spec/models/role_in_all_of_spec.rb +41 -0
  167. data/spec/models/role_in_spec.rb +53 -0
  168. data/spec/models/role_out_dynamic_all_of_spec.rb +77 -0
  169. data/spec/models/role_out_dynamic_spec.rb +107 -0
  170. data/spec/models/role_out_spec.rb +95 -0
  171. data/spec/models/role_pagination_dynamic_all_of_spec.rb +41 -0
  172. data/spec/models/role_pagination_dynamic_spec.rb +53 -0
  173. data/spec/models/role_pagination_spec.rb +53 -0
  174. data/spec/models/role_spec.rb +47 -0
  175. data/spec/models/role_with_access_spec.rb +101 -0
  176. data/spec/models/status_spec.rb +71 -0
  177. data/spec/models/timestamped_spec.rb +47 -0
  178. data/spec/models/uuid_spec.rb +41 -0
  179. data/spec/spec_helper.rb +111 -0
  180. metadata +338 -0
data/lib/rbac-api-client/models/uuid.rb ADDED
@@ -0,0 +1,211 @@
1
+ =begin
2
+ #Role Based Access Control
3
+
4
+ #The API for Role Based Access Control.
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ OpenAPI Generator version: 4.2.2
10
+
11
+ =end
12
+
13
+ require 'date'
14
+
15
+ module RBACApiClient
16
+ class UUID
17
+ attr_accessor :uuid
18
+
19
+ # Attribute mapping from ruby-style variable name to JSON key.
20
+ def self.attribute_map
21
+ {
22
+ :'uuid' => :'uuid'
23
+ }
24
+ end
25
+
26
+ # Attribute type mapping.
27
+ def self.openapi_types
28
+ {
29
+ :'uuid' => :'String'
30
+ }
31
+ end
32
+
33
+ # List of attributes with nullable: true
34
+ def self.openapi_nullable
35
+ Set.new([
36
+ ])
37
+ end
38
+
39
+ # Initializes the object
40
+ # @param [Hash] attributes Model attributes in the form of hash
41
+ def initialize(attributes = {})
42
+ if (!attributes.is_a?(Hash))
43
+ fail ArgumentError, "The input argument (attributes) must be a hash in `RBACApiClient::UUID` initialize method"
44
+ end
45
+
46
+ # check to see if the attribute exists and convert string to symbol for hash key
47
+ attributes = attributes.each_with_object({}) { |(k, v), h|
48
+ if (!self.class.attribute_map.key?(k.to_sym))
49
+ fail ArgumentError, "`#{k}` is not a valid attribute in `RBACApiClient::UUID`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
50
+ end
51
+ h[k.to_sym] = v
52
+ }
53
+
54
+ if attributes.key?(:'uuid')
55
+ self.uuid = attributes[:'uuid']
56
+ end
57
+ end
58
+
59
+ # Show invalid properties with the reasons. Usually used together with valid?
60
+ # @return Array for valid properties with the reasons
61
+ def list_invalid_properties
62
+ invalid_properties = Array.new
63
+ if @uuid.nil?
64
+ invalid_properties.push('invalid value for "uuid", uuid cannot be nil.')
65
+ end
66
+
67
+ invalid_properties
68
+ end
69
+
70
+ # Check to see if the all the properties in the model are valid
71
+ # @return true if the model is valid
72
+ def valid?
73
+ return false if @uuid.nil?
74
+ true
75
+ end
76
+
77
+ # Checks equality by comparing each attribute.
78
+ # @param [Object] Object to be compared
79
+ def ==(o)
80
+ return true if self.equal?(o)
81
+ self.class == o.class &&
82
+ uuid == o.uuid
83
+ end
84
+
85
+ # @see the `==` method
86
+ # @param [Object] Object to be compared
87
+ def eql?(o)
88
+ self == o
89
+ end
90
+
91
+ # Calculates hash code according to all attributes.
92
+ # @return [Integer] Hash code
93
+ def hash
94
+ [uuid].hash
95
+ end
96
+
97
+ # Builds the object from hash
98
+ # @param [Hash] attributes Model attributes in the form of hash
99
+ # @return [Object] Returns the model itself
100
+ def self.build_from_hash(attributes)
101
+ new.build_from_hash(attributes)
102
+ end
103
+
104
+ # Builds the object from hash
105
+ # @param [Hash] attributes Model attributes in the form of hash
106
+ # @return [Object] Returns the model itself
107
+ def build_from_hash(attributes)
108
+ return nil unless attributes.is_a?(Hash)
109
+ self.class.openapi_types.each_pair do |key, type|
110
+ if type =~ /\AArray<(.*)>/i
111
+ # check to ensure the input is an array given that the attribute
112
+ # is documented as an array but the input is not
113
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
114
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
115
+ end
116
+ elsif !attributes[self.class.attribute_map[key]].nil?
117
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
118
+ end # or else data not found in attributes(hash), not an issue as the data can be optional
119
+ end
120
+
121
+ self
122
+ end
123
+
124
+ # Deserializes the data based on type
125
+ # @param string type Data type
126
+ # @param string value Value to be deserialized
127
+ # @return [Object] Deserialized data
128
+ def _deserialize(type, value)
129
+ case type.to_sym
130
+ when :DateTime
131
+ DateTime.parse(value)
132
+ when :Date
133
+ Date.parse(value)
134
+ when :String
135
+ value.to_s
136
+ when :Integer
137
+ value.to_i
138
+ when :Float
139
+ value.to_f
140
+ when :Boolean
141
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
142
+ true
143
+ else
144
+ false
145
+ end
146
+ when :Object
147
+ # generic object (usually a Hash), return directly
148
+ value
149
+ when /\AArray<(?<inner_type>.+)>\z/
150
+ inner_type = Regexp.last_match[:inner_type]
151
+ value.map { |v| _deserialize(inner_type, v) }
152
+ when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
153
+ k_type = Regexp.last_match[:k_type]
154
+ v_type = Regexp.last_match[:v_type]
155
+ {}.tap do |hash|
156
+ value.each do |k, v|
157
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
158
+ end
159
+ end
160
+ else # model
161
+ RBACApiClient.const_get(type).build_from_hash(value)
162
+ end
163
+ end
164
+
165
+ # Returns the string representation of the object
166
+ # @return [String] String presentation of the object
167
+ def to_s
168
+ to_hash.to_s
169
+ end
170
+
171
+ # to_body is an alias to to_hash (backward compatibility)
172
+ # @return [Hash] Returns the object in the form of hash
173
+ def to_body
174
+ to_hash
175
+ end
176
+
177
+ # Returns the object in the form of hash
178
+ # @return [Hash] Returns the object in the form of hash
179
+ def to_hash
180
+ hash = {}
181
+ self.class.attribute_map.each_pair do |attr, param|
182
+ value = self.send(attr)
183
+ if value.nil?
184
+ is_nullable = self.class.openapi_nullable.include?(attr)
185
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
186
+ end
187
+
188
+ hash[param] = _to_hash(value)
189
+ end
190
+ hash
191
+ end
192
+
193
+ # Outputs non-array value in the form of hash
194
+ # For object, use to_hash. Otherwise, just return the value
195
+ # @param [Object] value Any valid value
196
+ # @return [Hash] Returns the value in the form of hash
197
+ def _to_hash(value)
198
+ if value.is_a?(Array)
199
+ value.compact.map { |v| _to_hash(v) }
200
+ elsif value.is_a?(Hash)
201
+ {}.tap do |hash|
202
+ value.each { |k, v| hash[k] = _to_hash(v) }
203
+ end
204
+ elsif value.respond_to? :to_hash
205
+ value.to_hash
206
+ else
207
+ value
208
+ end
209
+ end
210
+ end
211
+ end
data/lib/rbac-api-client/version.rb ADDED
@@ -0,0 +1,15 @@
1
+ =begin
2
+ #Role Based Access Control
3
+
4
+ #The API for Role Based Access Control.
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ OpenAPI Generator version: 4.2.2
10
+
11
+ =end
12
+
13
+ module RBACApiClient
14
+ VERSION = '1.0.0'
15
+ end
data/openapi.json ADDED
@@ -0,0 +1,2613 @@
1
+ {
2
+ "openapi": "3.0.0",
3
+ "info": {
4
+ "description": "The API for Role Based Access Control.",
5
+ "version": "1.0.0",
6
+ "title": "Role Based Access Control",
7
+ "license": {
8
+ "name": "AGPL-3.0",
9
+ "url": "https://opensource.org/licenses/AGPL-3.0"
10
+ }
11
+ },
12
+ "security": [
13
+ {
14
+ "basic_auth": []
15
+ }
16
+ ],
17
+ "tags": [
18
+ {
19
+ "name": "Principal",
20
+ "description": "Operations about principals"
21
+ },
22
+ {
23
+ "name": "Group",
24
+ "description": "Operations about groups"
25
+ },
26
+ {
27
+ "name": "Role",
28
+ "description": "Operations about roles"
29
+ },
30
+ {
31
+ "name": "Policy",
32
+ "description": "Operations about policies"
33
+ },
34
+ {
35
+ "name": "Access",
36
+ "description": "Operations about access"
37
+ },
38
+ {
39
+ "name": "Status",
40
+ "description": "Operations about status"
41
+ }
42
+ ],
43
+ "paths": {
44
+ "/status/": {
45
+ "get": {
46
+ "tags": [
47
+ "Status"
48
+ ],
49
+ "summary": "Obtain server status",
50
+ "operationId": "getStatus",
51
+ "responses": {
52
+ "200": {
53
+ "description": "An object describing the server status",
54
+ "content": {
55
+ "application/json": {
56
+ "schema": {
57
+ "$ref": "#/components/schemas/Status"
58
+ }
59
+ }
60
+ }
61
+ },
62
+ "500": {
63
+ "description": "Unexpected Error",
64
+ "content": {
65
+ "application/json": {
66
+ "schema": {
67
+ "$ref": "#/components/schemas/Error"
68
+ }
69
+ }
70
+ }
71
+ }
72
+ }
73
+ }
74
+ },
75
+ "/principals/": {
76
+ "get": {
77
+ "tags": [
78
+ "Principal"
79
+ ],
80
+ "summary": "List the principals for a tenant",
81
+ "operationId": "listPrincipals",
82
+ "parameters": [
83
+ {
84
+ "$ref": "#/components/parameters/QueryLimit"
85
+ },
86
+ {
87
+ "$ref": "#/components/parameters/QueryOffset"
88
+ },
89
+ {
90
+ "name": "usernames",
91
+ "in": "query",
92
+ "description": "Usernames of principals to get",
93
+ "required": false,
94
+ "schema": {
95
+ "type": "string"
96
+ }
97
+ },
98
+ {
99
+ "name": "sort_order",
100
+ "in": "query",
101
+ "description": "The sort order of the query, either ascending or descending",
102
+ "required": false,
103
+ "schema": {
104
+ "type": "string",
105
+ "enum": ["asc", "desc"]
106
+ }
107
+ }
108
+ ],
109
+ "responses": {
110
+ "200": {
111
+ "description": "A paginated list of principals",
112
+ "content": {
113
+ "application/json": {
114
+ "schema": {
115
+ "$ref": "#/components/schemas/PrincipalPagination"
116
+ }
117
+ }
118
+ }
119
+ },
120
+ "401": {
121
+ "description": "Unauthorized"
122
+ },
123
+ "403": {
124
+ "description": "Insufficient permissions to list principals",
125
+ "content": {
126
+ "application/json": {
127
+ "schema": {
128
+ "$ref": "#/components/schemas/Error403"
129
+ }
130
+ }
131
+ }
132
+ },
133
+ "500": {
134
+ "description": "Unexpected Error",
135
+ "content": {
136
+ "application/json": {
137
+ "schema": {
138
+ "$ref": "#/components/schemas/Error"
139
+ }
140
+ }
141
+ }
142
+ }
143
+ }
144
+ }
145
+ },
146
+ "/groups/": {
147
+ "post": {
148
+ "tags": [
149
+ "Group"
150
+ ],
151
+ "summary": "Create a group in a tenant",
152
+ "operationId": "createGroup",
153
+ "requestBody": {
154
+ "content": {
155
+ "application/json": {
156
+ "schema": {
157
+ "$ref": "#/components/schemas/Group"
158
+ }
159
+ }
160
+ },
161
+ "description": "Group to create in tenant",
162
+ "required": true
163
+ },
164
+ "responses": {
165
+ "201": {
166
+ "description": "An object describing the group",
167
+ "content": {
168
+ "application/json": {
169
+ "schema": {
170
+ "$ref": "#/components/schemas/GroupOut"
171
+ }
172
+ }
173
+ }
174
+ },
175
+ "401": {
176
+ "description": "Unauthorized"
177
+ },
178
+ "403": {
179
+ "description": "Insufficient permissions to create group",
180
+ "content": {
181
+ "application/json": {
182
+ "schema": {
183
+ "$ref": "#/components/schemas/Error403"
184
+ }
185
+ }
186
+ }
187
+ },
188
+ "500": {
189
+ "description": "Unexpected Error",
190
+ "content": {
191
+ "application/json": {
192
+ "schema": {
193
+ "$ref": "#/components/schemas/Error"
194
+ }
195
+ }
196
+ }
197
+ }
198
+ }
199
+ },
200
+ "get": {
201
+ "tags": [
202
+ "Group"
203
+ ],
204
+ "summary": "List the groups for a tenant",
205
+ "operationId": "listGroups",
206
+ "parameters": [
207
+ {
208
+ "$ref": "#/components/parameters/QueryLimit"
209
+ },
210
+ {
211
+ "$ref": "#/components/parameters/QueryOffset"
212
+ },
213
+ {
214
+ "$ref": "#/components/parameters/NameFilter"
215
+ },
216
+ {
217
+ "$ref": "#/components/parameters/ScopeFilter"
218
+ },
219
+ {
220
+ "name": "username",
221
+ "in": "query",
222
+ "description": "A username for a principal to filter for groups",
223
+ "required": false,
224
+ "schema": {
225
+ "type": "string"
226
+ }
227
+ },
228
+ {
229
+ "name": "uuid",
230
+ "in": "query",
231
+ "description": "A list of UUIDs to filter listed groups.",
232
+ "required": false,
233
+ "schema": {
234
+ "type": "array",
235
+ "items": {
236
+ "type": "string"
237
+ }
238
+ },
239
+ "explode": false,
240
+ "style": "form"
241
+ },
242
+ {
243
+ "name": "role_names",
244
+ "in": "query",
245
+ "description": "List of role name to filter for groups. It is exact match but case-insensitive",
246
+ "required": false,
247
+ "schema": {
248
+ "type": "array",
249
+ "items": {
250
+ "type": "string"
251
+ }
252
+ },
253
+ "explode": false,
254
+ "style": "form"
255
+ },
256
+ {
257
+ "name": "role_discriminator",
258
+ "in": "query",
259
+ "description": "Discriminator that works with role_names to indicate matching all/any of the role names",
260
+ "required": false,
261
+ "schema": {
262
+ "type": "string",
263
+ "enum": ["all", "any"]
264
+ }
265
+ },
266
+ {
267
+ "$ref": "#/components/parameters/OrderByFilter"
268
+ }
269
+ ],
270
+ "responses": {
271
+ "200": {
272
+ "description": "A paginated list of group objects",
273
+ "content": {
274
+ "application/json": {
275
+ "schema": {
276
+ "$ref": "#/components/schemas/GroupPagination"
277
+ }
278
+ }
279
+ }
280
+ },
281
+ "401": {
282
+ "description": "Unauthorized"
283
+ },
284
+ "403": {
285
+ "description": "Insufficient permissions to list groups",
286
+ "content": {
287
+ "application/json": {
288
+ "schema": {
289
+ "$ref": "#/components/schemas/Error403"
290
+ }
291
+ }
292
+ }
293
+ },
294
+ "500": {
295
+ "description": "Unexpected Error",
296
+ "content": {
297
+ "application/json": {
298
+ "schema": {
299
+ "$ref": "#/components/schemas/Error"
300
+ }
301
+ }
302
+ }
303
+ }
304
+ }
305
+ }
306
+ },
307
+ "/groups/{uuid}/": {
308
+ "get": {
309
+ "tags": [
310
+ "Group"
311
+ ],
312
+ "summary": "Get a group in the tenant",
313
+ "operationId": "getGroup",
314
+ "parameters": [
315
+ {
316
+ "name": "uuid",
317
+ "in": "path",
318
+ "description": "ID of group to get",
319
+ "required": true,
320
+ "schema": {
321
+ "type": "string",
322
+ "format": "uuid"
323
+ }
324
+ }
325
+ ],
326
+ "responses": {
327
+ "200": {
328
+ "description": "A Group object",
329
+ "content": {
330
+ "application/json": {
331
+ "schema": {
332
+ "$ref": "#/components/schemas/GroupWithPrincipalsAndRoles"
333
+ }
334
+ }
335
+ }
336
+ },
337
+ "401": {
338
+ "description": "Unauthorized"
339
+ },
340
+ "403": {
341
+ "description": "Insufficient permissions to get group",
342
+ "content": {
343
+ "application/json": {
344
+ "schema": {
345
+ "$ref": "#/components/schemas/Error403"
346
+ }
347
+ }
348
+ }
349
+ },
350
+ "404": {
351
+ "description": "Not Found",
352
+ "content": {
353
+ "application/json": {
354
+ "schema": {
355
+ "$ref": "#/components/schemas/Error"
356
+ }
357
+ }
358
+ }
359
+ },
360
+ "500": {
361
+ "description": "Unexpected Error",
362
+ "content": {
363
+ "application/json": {
364
+ "schema": {
365
+ "$ref": "#/components/schemas/Error"
366
+ }
367
+ }
368
+ }
369
+ }
370
+ }
371
+ },
372
+ "put": {
373
+ "tags": [
374
+ "Group"
375
+ ],
376
+ "summary": "Udate a group in the tenant",
377
+ "operationId": "updateGroup",
378
+ "parameters": [
379
+ {
380
+ "name": "uuid",
381
+ "in": "path",
382
+ "description": "ID of group to update",
383
+ "required": true,
384
+ "schema": {
385
+ "type": "string",
386
+ "format": "uuid"
387
+ }
388
+ }
389
+ ],
390
+ "requestBody": {
391
+ "content": {
392
+ "application/json": {
393
+ "schema": {
394
+ "$ref": "#/components/schemas/Group"
395
+ }
396
+ }
397
+ },
398
+ "description": "Group to update in tenant",
399
+ "required": true
400
+ },
401
+ "responses": {
402
+ "200": {
403
+ "description": "Group updated",
404
+ "content": {
405
+ "application/json": {
406
+ "schema": {
407
+ "$ref": "#/components/schemas/GroupOut"
408
+ }
409
+ }
410
+ }
411
+ },
412
+ "401": {
413
+ "description": "Unauthorized"
414
+ },
415
+ "403": {
416
+ "description": "Insufficient permissions to update group",
417
+ "content": {
418
+ "application/json": {
419
+ "schema": {
420
+ "$ref": "#/components/schemas/Error403"
421
+ }
422
+ }
423
+ }
424
+ },
425
+ "404": {
426
+ "description": "Not Found",
427
+ "content": {
428
+ "*/*": {
429
+ "schema": {
430
+ "$ref": "#/components/schemas/Error"
431
+ }
432
+ }
433
+ }
434
+ },
435
+ "500": {
436
+ "description": "Unexpected Error",
437
+ "content": {
438
+ "*/*": {
439
+ "schema": {
440
+ "$ref": "#/components/schemas/Error"
441
+ }
442
+ }
443
+ }
444
+ }
445
+ }
446
+ },
447
+ "delete": {
448
+ "tags": [
449
+ "Group"
450
+ ],
451
+ "summary": "Delete a group in the tenant",
452
+ "operationId": "deleteGroup",
453
+ "parameters": [
454
+ {
455
+ "name": "uuid",
456
+ "in": "path",
457
+ "description": "ID of group to delete",
458
+ "required": true,
459
+ "schema": {
460
+ "type": "string",
461
+ "format": "uuid"
462
+ }
463
+ }
464
+ ],
465
+ "responses": {
466
+ "204": {
467
+ "description": "Group deleted"
468
+ },
469
+ "401": {
470
+ "description": "Unauthorized"
471
+ },
472
+ "403": {
473
+ "description": "Insufficient permissions to delete group",
474
+ "content": {
475
+ "application/json": {
476
+ "schema": {
477
+ "$ref": "#/components/schemas/Error403"
478
+ }
479
+ }
480
+ }
481
+ },
482
+ "404": {
483
+ "description": "Not Found",
484
+ "content": {
485
+ "*/*": {
486
+ "schema": {
487
+ "$ref": "#/components/schemas/Error"
488
+ }
489
+ }
490
+ }
491
+ },
492
+ "500": {
493
+ "description": "Unexpected Error",
494
+ "content": {
495
+ "*/*": {
496
+ "schema": {
497
+ "$ref": "#/components/schemas/Error"
498
+ }
499
+ }
500
+ }
501
+ }
502
+ }
503
+ }
504
+ },
505
+ "/groups/{uuid}/principals/": {
506
+ "post": {
507
+ "tags": [
508
+ "Group"
509
+ ],
510
+ "summary": "Add a principal to a group in the tenant",
511
+ "operationId": "addPrincipalToGroup",
512
+ "parameters": [
513
+ {
514
+ "name": "uuid",
515
+ "in": "path",
516
+ "description": "ID of group to update",
517
+ "required": true,
518
+ "schema": {
519
+ "type": "string",
520
+ "format": "uuid"
521
+ }
522
+ }
523
+ ],
524
+ "requestBody": {
525
+ "$ref": "#/components/requestBodies/GroupPrincipalIn"
526
+ },
527
+ "responses": {
528
+ "200": {
529
+ "description": "Group updated",
530
+ "content": {
531
+ "application/json": {
532
+ "schema": {
533
+ "$ref": "#/components/schemas/GroupWithPrincipalsAndRoles"
534
+ }
535
+ }
536
+ }
537
+ },
538
+ "400": {
539
+ "description": "Bad Input"
540
+ },
541
+ "401": {
542
+ "description": "Unauthorized"
543
+ },
544
+ "403": {
545
+ "description": "Insufficient permissions to update principals in group",
546
+ "content": {
547
+ "application/json": {
548
+ "schema": {
549
+ "$ref": "#/components/schemas/Error403"
550
+ }
551
+ }
552
+ }
553
+ },
554
+ "404": {
555
+ "description": "Not Found",
556
+ "content": {
557
+ "application/json": {
558
+ "schema": {
559
+ "$ref": "#/components/schemas/Error"
560
+ }
561
+ }
562
+ }
563
+ },
564
+ "500": {
565
+ "description": "Unexpected Error",
566
+ "content": {
567
+ "application/json": {
568
+ "schema": {
569
+ "$ref": "#/components/schemas/Error"
570
+ }
571
+ }
572
+ }
573
+ }
574
+ }
575
+ },
576
+ "get": {
577
+ "tags": [
578
+ "Group"
579
+ ],
580
+ "summary": "Get a list of principals from a group in the tenant",
581
+ "operationId": "getPrincipalsFromGroup",
582
+ "parameters": [
583
+ {
584
+ "name": "uuid",
585
+ "in": "path",
586
+ "description": "ID of group from which to get principals",
587
+ "required": true,
588
+ "schema": {
589
+ "type": "string",
590
+ "format": "uuid"
591
+ }
592
+ },
593
+ {
594
+ "name": "principal_username",
595
+ "in": "query",
596
+ "required": false,
597
+ "description": "Parameter for filtering group principals by principal `username` using string contains search.",
598
+ "schema": {
599
+ "type": "string"
600
+ }
601
+ }
602
+ ],
603
+ "responses": {
604
+ "200": {
605
+ "description": "List of principals attached to group",
606
+ "content": {
607
+ "application/json": {
608
+ "schema": {
609
+ "$ref": "#/components/schemas/PrincipalPagination"
610
+ }
611
+ }
612
+ }
613
+ },
614
+ "400": {
615
+ "description": "Bad Input"
616
+ },
617
+ "401": {
618
+ "description": "Unauthorized"
619
+ },
620
+ "404": {
621
+ "description": "Not Found",
622
+ "content": {
623
+ "application/json": {
624
+ "schema": {
625
+ "$ref": "#/components/schemas/Error"
626
+ }
627
+ }
628
+ }
629
+ },
630
+ "500": {
631
+ "description": "Unexpected Error",
632
+ "content": {
633
+ "application/json": {
634
+ "schema": {
635
+ "$ref": "#/components/schemas/Error"
636
+ }
637
+ }
638
+ }
639
+ }
640
+ }
641
+ },
642
+ "delete": {
643
+ "tags": [
644
+ "Group"
645
+ ],
646
+ "summary": "Remove a principal from a group in the tenant",
647
+ "operationId": "deletePrincipalFromGroup",
648
+ "parameters": [
649
+ {
650
+ "name": "uuid",
651
+ "in": "path",
652
+ "description": "ID of group to update",
653
+ "required": true,
654
+ "schema": {
655
+ "type": "string",
656
+ "format": "uuid"
657
+ }
658
+ },
659
+ {
660
+ "name": "usernames",
661
+ "in": "query",
662
+ "description": "A comma separated list of usernames for principals to remove from the group",
663
+ "required": true,
664
+ "schema": {
665
+ "type": "string"
666
+ }
667
+ }
668
+ ],
669
+ "responses": {
670
+ "204": {
671
+ "description": "Principals removed from group"
672
+ },
673
+ "400": {
674
+ "description": "Bad Input"
675
+ },
676
+ "401": {
677
+ "description": "Unauthorized"
678
+ },
679
+ "403": {
680
+ "description": "Insufficient permissions to remove principals from group",
681
+ "content": {
682
+ "application/json": {
683
+ "schema": {
684
+ "$ref": "#/components/schemas/Error403"
685
+ }
686
+ }
687
+ }
688
+ },
689
+ "404": {
690
+ "description": "Not Found",
691
+ "content": {
692
+ "application/json": {
693
+ "schema": {
694
+ "$ref": "#/components/schemas/Error"
695
+ }
696
+ }
697
+ }
698
+ },
699
+ "500": {
700
+ "description": "Unexpected Error",
701
+ "content": {
702
+ "application/json": {
703
+ "schema": {
704
+ "$ref": "#/components/schemas/Error"
705
+ }
706
+ }
707
+ }
708
+ }
709
+ }
710
+ }
711
+ },
712
+ "/groups/{uuid}/roles/": {
713
+ "get": {
714
+ "tags": [
715
+ "Group"
716
+ ],
717
+ "summary": "List the roles for a group in the tenant",
718
+ "operationId": "listRolesForGroup",
719
+ "parameters": [
720
+ {
721
+ "name": "uuid",
722
+ "in": "path",
723
+ "description": "ID of group",
724
+ "required": true,
725
+ "schema": {
726
+ "type": "string",
727
+ "format": "uuid"
728
+ }
729
+ },
730
+ {
731
+ "name": "exclude",
732
+ "in": "query",
733
+ "description": "If this is set to true, the result would be roles excluding the ones in the group",
734
+ "required": false,
735
+ "schema": {
736
+ "type": "boolean",
737
+ "default": false
738
+ }
739
+ },
740
+ {
741
+ "name": "role_name",
742
+ "in": "query",
743
+ "required": false,
744
+ "description": "Parameter for filtering group roles by role `name` using string contains search.",
745
+ "schema": {
746
+ "type": "string"
747
+ }
748
+ },
749
+ {
750
+ "name": "role_description",
751
+ "in": "query",
752
+ "required": false,
753
+ "description": "Parameter for filtering group roles by role `description` using string contains search.",
754
+ "schema": {
755
+ "type": "string"
756
+ }
757
+ },
758
+ {
759
+ "$ref": "#/components/parameters/QueryLimit"
760
+ },
761
+ {
762
+ "$ref": "#/components/parameters/QueryOffset"
763
+ },
764
+ {
765
+ "in": "query",
766
+ "name": "order_by",
767
+ "required": false,
768
+ "description": "Parameter for ordering resource by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name",
769
+ "schema": {
770
+ "type": "string",
771
+ "enum": [
772
+ "name",
773
+ "modified",
774
+ "policyCount"
775
+ ]
776
+ }
777
+ }
778
+ ],
779
+ "responses": {
780
+ "200": {
781
+ "description": "A list of roles for a group",
782
+ "content": {
783
+ "application/json": {
784
+ "schema": {
785
+ "$ref": "#/components/schemas/GroupRolesPagination"
786
+ }
787
+ }
788
+ }
789
+ },
790
+ "401": {
791
+ "description": "Unauthorized"
792
+ },
793
+ "403": {
794
+ "description": "Insufficient permissions to list roles for group",
795
+ "content": {
796
+ "application/json": {
797
+ "schema": {
798
+ "$ref": "#/components/schemas/Error403"
799
+ }
800
+ }
801
+ }
802
+ },
803
+ "500": {
804
+ "description": "Unexpected Error",
805
+ "content": {
806
+ "application/json": {
807
+ "schema": {
808
+ "$ref": "#/components/schemas/Error"
809
+ }
810
+ }
811
+ }
812
+ }
813
+ }
814
+ },
815
+ "post": {
816
+ "tags": [
817
+ "Group"
818
+ ],
819
+ "summary": "Add a role to a group in the tenant",
820
+ "operationId": "addRoleToGroup",
821
+ "parameters": [
822
+ {
823
+ "name": "uuid",
824
+ "in": "path",
825
+ "description": "ID of group to update",
826
+ "required": true,
827
+ "schema": {
828
+ "type": "string",
829
+ "format": "uuid"
830
+ }
831
+ }
832
+ ],
833
+ "requestBody": {
834
+ "$ref": "#/components/requestBodies/GroupRoleIn"
835
+ },
836
+ "responses": {
837
+ "200": {
838
+ "description": "Group updated",
839
+ "content": {
840
+ "application/json": {
841
+ "schema": {
842
+ "type": "object",
843
+ "required": [
844
+ "data"
845
+ ],
846
+ "properties": {
847
+ "data": {
848
+ "type": "array",
849
+ "items": {
850
+ "$ref": "#/components/schemas/RoleOut"
851
+ }
852
+ }
853
+ }
854
+ }
855
+ }
856
+ }
857
+ },
858
+ "400": {
859
+ "description": "Bad Input"
860
+ },
861
+ "401": {
862
+ "description": "Unauthorized"
863
+ },
864
+ "403": {
865
+ "description": "Insufficient permissions to update roles for group",
866
+ "content": {
867
+ "application/json": {
868
+ "schema": {
869
+ "$ref": "#/components/schemas/Error403"
870
+ }
871
+ }
872
+ }
873
+ },
874
+ "404": {
875
+ "description": "Not Found",
876
+ "content": {
877
+ "application/json": {
878
+ "schema": {
879
+ "$ref": "#/components/schemas/Error"
880
+ }
881
+ }
882
+ }
883
+ },
884
+ "500": {
885
+ "description": "Unexpected Error",
886
+ "content": {
887
+ "application/json": {
888
+ "schema": {
889
+ "$ref": "#/components/schemas/Error"
890
+ }
891
+ }
892
+ }
893
+ }
894
+ }
895
+ },
896
+ "delete": {
897
+ "tags": [
898
+ "Group"
899
+ ],
900
+ "summary": "Remove a role from a group in the tenant",
901
+ "operationId": "deleteRoleFromGroup",
902
+ "parameters": [
903
+ {
904
+ "name": "uuid",
905
+ "in": "path",
906
+ "description": "ID of group to update",
907
+ "required": true,
908
+ "schema": {
909
+ "type": "string",
910
+ "format": "uuid"
911
+ }
912
+ },
913
+ {
914
+ "name": "roles",
915
+ "in": "query",
916
+ "description": "A comma separated list of role UUIDs for roles to remove from the group",
917
+ "required": true,
918
+ "schema": {
919
+ "type": "string"
920
+ }
921
+ }
922
+ ],
923
+ "responses": {
924
+ "204": {
925
+ "description": "Roles removed from group"
926
+ },
927
+ "400": {
928
+ "description": "Bad Input"
929
+ },
930
+ "401": {
931
+ "description": "Unauthorized"
932
+ },
933
+ "403": {
934
+ "description": "Insufficient permissions to remove roles from group",
935
+ "content": {
936
+ "application/json": {
937
+ "schema": {
938
+ "$ref": "#/components/schemas/Error403"
939
+ }
940
+ }
941
+ }
942
+ },
943
+ "404": {
944
+ "description": "Not Found",
945
+ "content": {
946
+ "application/json": {
947
+ "schema": {
948
+ "$ref": "#/components/schemas/Error"
949
+ }
950
+ }
951
+ }
952
+ },
953
+ "500": {
954
+ "description": "Unexpected Error",
955
+ "content": {
956
+ "application/json": {
957
+ "schema": {
958
+ "$ref": "#/components/schemas/Error"
959
+ }
960
+ }
961
+ }
962
+ }
963
+ }
964
+ }
965
+ },
966
+ "/roles/": {
967
+ "post": {
968
+ "tags": [
969
+ "Role"
970
+ ],
971
+ "summary": "Create a roles for a tenant",
972
+ "operationId": "createRoles",
973
+ "requestBody": {
974
+ "content": {
975
+ "application/json": {
976
+ "schema": {
977
+ "$ref": "#/components/schemas/RoleIn"
978
+ }
979
+ }
980
+ },
981
+ "description": "Role to create",
982
+ "required": true
983
+ },
984
+ "responses": {
985
+ "201": {
986
+ "description": "An object describing the role",
987
+ "content": {
988
+ "application/json": {
989
+ "schema": {
990
+ "$ref": "#/components/schemas/RoleWithAccess"
991
+ }
992
+ }
993
+ }
994
+ },
995
+ "401": {
996
+ "description": "Unauthorized"
997
+ },
998
+ "403": {
999
+ "description": "Insufficient permissions to create role",
1000
+ "content": {
1001
+ "application/json": {
1002
+ "schema": {
1003
+ "$ref": "#/components/schemas/Error403"
1004
+ }
1005
+ }
1006
+ }
1007
+ },
1008
+ "500": {
1009
+ "description": "Unexpected Error",
1010
+ "content": {
1011
+ "application/json": {
1012
+ "schema": {
1013
+ "$ref": "#/components/schemas/Error"
1014
+ }
1015
+ }
1016
+ }
1017
+ }
1018
+ }
1019
+ },
1020
+ "get": {
1021
+ "tags": [
1022
+ "Role"
1023
+ ],
1024
+ "summary": "List the roles for a tenant",
1025
+ "operationId": "listRoles",
1026
+ "parameters": [
1027
+ {
1028
+ "$ref": "#/components/parameters/QueryLimit"
1029
+ },
1030
+ {
1031
+ "$ref": "#/components/parameters/QueryOffset"
1032
+ },
1033
+ {
1034
+ "$ref": "#/components/parameters/NameFilter"
1035
+ },
1036
+ {
1037
+ "$ref": "#/components/parameters/ScopeFilter"
1038
+ },
1039
+ {
1040
+ "$ref": "#/components/parameters/OrderByFilter"
1041
+ },
1042
+ {
1043
+ "name": "add_fields",
1044
+ "in": "query",
1045
+ "required": false,
1046
+ "description": "Parameter for add list of fields to display for roles.",
1047
+ "schema": {
1048
+ "type": "array",
1049
+ "items": {
1050
+ "type": "string",
1051
+ "enum": [
1052
+ "groups_in",
1053
+ "groups_in_count"
1054
+ ]
1055
+ }
1056
+ },
1057
+ "explode": false,
1058
+ "style": "form"
1059
+ },
1060
+ {
1061
+ "name": "username",
1062
+ "in": "query",
1063
+ "description": "Unique username of the principal to obtain roles for (only available for admins, and if supplied, takes precedence over the identity header).",
1064
+ "required": false,
1065
+ "schema": {
1066
+ "type": "string"
1067
+ }
1068
+ }
1069
+ ],
1070
+ "responses": {
1071
+ "200": {
1072
+ "description": "A paginated list of role objects",
1073
+ "content": {
1074
+ "application/json": {
1075
+ "schema": {
1076
+ "$ref": "#/components/schemas/RolePaginationDynamic"
1077
+ }
1078
+ }
1079
+ }
1080
+ },
1081
+ "401": {
1082
+ "description": "Unauthorized"
1083
+ },
1084
+ "403": {
1085
+ "description": "Insufficient permissions to list roles",
1086
+ "content": {
1087
+ "application/json": {
1088
+ "schema": {
1089
+ "$ref": "#/components/schemas/Error403"
1090
+ }
1091
+ }
1092
+ }
1093
+ },
1094
+ "500": {
1095
+ "description": "Unexpected Error",
1096
+ "content": {
1097
+ "application/json": {
1098
+ "schema": {
1099
+ "$ref": "#/components/schemas/Error"
1100
+ }
1101
+ }
1102
+ }
1103
+ }
1104
+ }
1105
+ }
1106
+ },
1107
+ "/roles/{uuid}/": {
1108
+ "get": {
1109
+ "tags": [
1110
+ "Role"
1111
+ ],
1112
+ "summary": "Get a role in the tenant",
1113
+ "operationId": "getRole",
1114
+ "parameters": [
1115
+ {
1116
+ "name": "uuid",
1117
+ "in": "path",
1118
+ "description": "ID of role to get",
1119
+ "required": true,
1120
+ "schema": {
1121
+ "type": "string",
1122
+ "format": "uuid"
1123
+ }
1124
+ }
1125
+ ],
1126
+ "responses": {
1127
+ "200": {
1128
+ "description": "A Role object",
1129
+ "content": {
1130
+ "application/json": {
1131
+ "schema": {
1132
+ "$ref": "#/components/schemas/RoleWithAccess"
1133
+ }
1134
+ }
1135
+ }
1136
+ },
1137
+ "401": {
1138
+ "description": "Unauthorized"
1139
+ },
1140
+ "403": {
1141
+ "description": "Insufficient permissions to get role",
1142
+ "content": {
1143
+ "application/json": {
1144
+ "schema": {
1145
+ "$ref": "#/components/schemas/Error403"
1146
+ }
1147
+ }
1148
+ }
1149
+ },
1150
+ "404": {
1151
+ "description": "Not Found",
1152
+ "content": {
1153
+ "application/json": {
1154
+ "schema": {
1155
+ "$ref": "#/components/schemas/Error"
1156
+ }
1157
+ }
1158
+ }
1159
+ },
1160
+ "500": {
1161
+ "description": "Unexpected Error",
1162
+ "content": {
1163
+ "application/json": {
1164
+ "schema": {
1165
+ "$ref": "#/components/schemas/Error"
1166
+ }
1167
+ }
1168
+ }
1169
+ }
1170
+ }
1171
+ },
1172
+ "delete": {
1173
+ "tags": [
1174
+ "Role"
1175
+ ],
1176
+ "summary": "Delete a role in the tenant",
1177
+ "operationId": "deleteRole",
1178
+ "parameters": [
1179
+ {
1180
+ "name": "uuid",
1181
+ "in": "path",
1182
+ "description": "ID of role to delete",
1183
+ "required": true,
1184
+ "schema": {
1185
+ "type": "string",
1186
+ "format": "uuid"
1187
+ }
1188
+ }
1189
+ ],
1190
+ "responses": {
1191
+ "204": {
1192
+ "description": "Role deleted"
1193
+ },
1194
+ "401": {
1195
+ "description": "Unauthorized"
1196
+ },
1197
+ "403": {
1198
+ "description": "Insufficient permissions to delete role",
1199
+ "content": {
1200
+ "application/json": {
1201
+ "schema": {
1202
+ "$ref": "#/components/schemas/Error403"
1203
+ }
1204
+ }
1205
+ }
1206
+ },
1207
+ "404": {
1208
+ "description": "Not Found",
1209
+ "content": {
1210
+ "application/json": {
1211
+ "schema": {
1212
+ "$ref": "#/components/schemas/Error"
1213
+ }
1214
+ }
1215
+ }
1216
+ },
1217
+ "500": {
1218
+ "description": "Unexpected Error",
1219
+ "content": {
1220
+ "application/json": {
1221
+ "schema": {
1222
+ "$ref": "#/components/schemas/Error"
1223
+ }
1224
+ }
1225
+ }
1226
+ }
1227
+ }
1228
+ },
1229
+ "put": {
1230
+ "tags": [
1231
+ "Role"
1232
+ ],
1233
+ "summary": "Update a Role in the tenant",
1234
+ "operationId": "updateRole",
1235
+ "parameters": [
1236
+ {
1237
+ "name": "uuid",
1238
+ "in": "path",
1239
+ "description": "ID of role to update",
1240
+ "required": true,
1241
+ "schema": {
1242
+ "type": "string",
1243
+ "format": "uuid"
1244
+ }
1245
+ }
1246
+ ],
1247
+ "requestBody": {
1248
+ "content": {
1249
+ "application/json": {
1250
+ "schema": {
1251
+ "$ref": "#/components/schemas/RoleWithAccess"
1252
+ }
1253
+ }
1254
+ },
1255
+ "description": "Update to a Role",
1256
+ "required": true
1257
+ },
1258
+ "responses": {
1259
+ "200": {
1260
+ "description": "Role updated"
1261
+ },
1262
+ "401": {
1263
+ "description": "Unauthorized"
1264
+ },
1265
+ "403": {
1266
+ "description": "Insufficient permissions to update role",
1267
+ "content": {
1268
+ "application/json": {
1269
+ "schema": {
1270
+ "$ref": "#/components/schemas/Error403"
1271
+ }
1272
+ }
1273
+ }
1274
+ },
1275
+ "404": {
1276
+ "description": "Not Found",
1277
+ "content": {
1278
+ "application/json": {
1279
+ "schema": {
1280
+ "$ref": "#/components/schemas/Error"
1281
+ }
1282
+ }
1283
+ }
1284
+ },
1285
+ "500": {
1286
+ "description": "Unexpected Error",
1287
+ "content": {
1288
+ "application/json": {
1289
+ "schema": {
1290
+ "$ref": "#/components/schemas/Error"
1291
+ }
1292
+ }
1293
+ }
1294
+ }
1295
+ }
1296
+ }
1297
+ },
1298
+ "/roles/{uuid}/access/": {
1299
+ "get": {
1300
+ "tags": [
1301
+ "Role"
1302
+ ],
1303
+ "summary": "Get access for a role in the tenant",
1304
+ "operationId": "getRoleAccess",
1305
+ "parameters": [
1306
+ {
1307
+ "name": "uuid",
1308
+ "in": "path",
1309
+ "description": "ID of the role",
1310
+ "required": true,
1311
+ "schema": {
1312
+ "type": "string",
1313
+ "format": "uuid"
1314
+ }
1315
+ },
1316
+ {
1317
+ "$ref": "#/components/parameters/QueryLimit"
1318
+ },
1319
+ {
1320
+ "$ref": "#/components/parameters/QueryOffset"
1321
+ }
1322
+ ],
1323
+ "responses": {
1324
+ "200": {
1325
+ "description": "A paginated list of the access objects for a role",
1326
+ "content": {
1327
+ "application/json": {
1328
+ "schema": {
1329
+ "$ref": "#/components/schemas/AccessPagination"
1330
+ }
1331
+ }
1332
+ }
1333
+ },
1334
+ "401": {
1335
+ "description": "Unauthorized"
1336
+ },
1337
+ "403": {
1338
+ "description": "Insufficient permissions to get access for role",
1339
+ "content": {
1340
+ "application/json": {
1341
+ "schema": {
1342
+ "$ref": "#/components/schemas/Error403"
1343
+ }
1344
+ }
1345
+ }
1346
+ },
1347
+ "404": {
1348
+ "description": "Not Found",
1349
+ "content": {
1350
+ "application/json": {
1351
+ "schema": {
1352
+ "$ref": "#/components/schemas/Error"
1353
+ }
1354
+ }
1355
+ }
1356
+ },
1357
+ "500": {
1358
+ "description": "Unexpected Error",
1359
+ "content": {
1360
+ "application/json": {
1361
+ "schema": {
1362
+ "$ref": "#/components/schemas/Error"
1363
+ }
1364
+ }
1365
+ }
1366
+ }
1367
+ }
1368
+ }
1369
+ },
1370
+ "/policies/": {
1371
+ "post": {
1372
+ "tags": [
1373
+ "Policy"
1374
+ ],
1375
+ "summary": "Create a policy in a tenant",
1376
+ "operationId": "createPolicies",
1377
+ "requestBody": {
1378
+ "content": {
1379
+ "application/json": {
1380
+ "schema": {
1381
+ "$ref": "#/components/schemas/PolicyIn"
1382
+ }
1383
+ }
1384
+ },
1385
+ "description": "Policy to create",
1386
+ "required": true
1387
+ },
1388
+ "responses": {
1389
+ "201": {
1390
+ "description": "An object describing the policy",
1391
+ "content": {
1392
+ "application/json": {
1393
+ "schema": {
1394
+ "$ref": "#/components/schemas/PolicyExtended"
1395
+ }
1396
+ }
1397
+ }
1398
+ },
1399
+ "401": {
1400
+ "description": "Unauthorized"
1401
+ },
1402
+ "500": {
1403
+ "description": "Unexpected Error",
1404
+ "content": {
1405
+ "application/json": {
1406
+ "schema": {
1407
+ "$ref": "#/components/schemas/Error"
1408
+ }
1409
+ }
1410
+ }
1411
+ }
1412
+ }
1413
+ },
1414
+ "get": {
1415
+ "tags": [
1416
+ "Policy"
1417
+ ],
1418
+ "summary": "List the policies in the tenant",
1419
+ "operationId": "listPolicies",
1420
+ "parameters": [
1421
+ {
1422
+ "$ref": "#/components/parameters/QueryLimit"
1423
+ },
1424
+ {
1425
+ "$ref": "#/components/parameters/QueryOffset"
1426
+ },
1427
+ {
1428
+ "$ref": "#/components/parameters/NameFilter"
1429
+ },
1430
+ {
1431
+ "$ref": "#/components/parameters/ScopeFilter"
1432
+ },
1433
+ {
1434
+ "$ref": "#/components/parameters/GroupNameFilter"
1435
+ },
1436
+ {
1437
+ "$ref": "#/components/parameters/GroupUUIDFilter"
1438
+ },
1439
+ {
1440
+ "$ref": "#/components/parameters/OrderByFilter"
1441
+ }
1442
+ ],
1443
+ "responses": {
1444
+ "200": {
1445
+ "description": "A paginated list of policy objects",
1446
+ "content": {
1447
+ "application/json": {
1448
+ "schema": {
1449
+ "$ref": "#/components/schemas/PolicyPagination"
1450
+ }
1451
+ }
1452
+ }
1453
+ },
1454
+ "401": {
1455
+ "description": "Unauthorized"
1456
+ },
1457
+ "500": {
1458
+ "description": "Unexpected Error",
1459
+ "content": {
1460
+ "application/json": {
1461
+ "schema": {
1462
+ "$ref": "#/components/schemas/Error"
1463
+ }
1464
+ }
1465
+ }
1466
+ }
1467
+ }
1468
+ }
1469
+ },
1470
+ "/policies/{uuid}/": {
1471
+ "get": {
1472
+ "tags": [
1473
+ "Policy"
1474
+ ],
1475
+ "summary": "Get a policy in the tenant",
1476
+ "operationId": "getPolicy",
1477
+ "parameters": [
1478
+ {
1479
+ "name": "uuid",
1480
+ "in": "path",
1481
+ "description": "ID of policy to get",
1482
+ "required": true,
1483
+ "schema": {
1484
+ "type": "string",
1485
+ "format": "uuid"
1486
+ }
1487
+ }
1488
+ ],
1489
+ "responses": {
1490
+ "200": {
1491
+ "description": "A Policy object",
1492
+ "content": {
1493
+ "application/json": {
1494
+ "schema": {
1495
+ "$ref": "#/components/schemas/PolicyExtended"
1496
+ }
1497
+ }
1498
+ }
1499
+ },
1500
+ "401": {
1501
+ "description": "Unauthorized"
1502
+ },
1503
+ "404": {
1504
+ "description": "Not Found",
1505
+ "content": {
1506
+ "application/json": {
1507
+ "schema": {
1508
+ "$ref": "#/components/schemas/Error"
1509
+ }
1510
+ }
1511
+ }
1512
+ },
1513
+ "500": {
1514
+ "description": "Unexpected Error",
1515
+ "content": {
1516
+ "application/json": {
1517
+ "schema": {
1518
+ "$ref": "#/components/schemas/Error"
1519
+ }
1520
+ }
1521
+ }
1522
+ }
1523
+ }
1524
+ },
1525
+ "put": {
1526
+ "tags": [
1527
+ "Policy"
1528
+ ],
1529
+ "summary": "Update a policy in the tenant",
1530
+ "operationId": "updatePolicy",
1531
+ "parameters": [
1532
+ {
1533
+ "name": "uuid",
1534
+ "in": "path",
1535
+ "description": "ID of policy to update",
1536
+ "required": true,
1537
+ "schema": {
1538
+ "type": "string",
1539
+ "format": "uuid"
1540
+ }
1541
+ }
1542
+ ],
1543
+ "requestBody": {
1544
+ "content": {
1545
+ "application/json": {
1546
+ "schema": {
1547
+ "$ref": "#/components/schemas/PolicyIn"
1548
+ }
1549
+ }
1550
+ },
1551
+ "description": "Policy to update",
1552
+ "required": true
1553
+ },
1554
+ "responses": {
1555
+ "200": {
1556
+ "description": "A Policy object",
1557
+ "content": {
1558
+ "application/json": {
1559
+ "schema": {
1560
+ "$ref": "#/components/schemas/PolicyExtended"
1561
+ }
1562
+ }
1563
+ }
1564
+ },
1565
+ "401": {
1566
+ "description": "Unauthorized"
1567
+ },
1568
+ "404": {
1569
+ "description": "Not Found",
1570
+ "content": {
1571
+ "application/json": {
1572
+ "schema": {
1573
+ "$ref": "#/components/schemas/Error"
1574
+ }
1575
+ }
1576
+ }
1577
+ },
1578
+ "500": {
1579
+ "description": "Unexpected Error",
1580
+ "content": {
1581
+ "application/json": {
1582
+ "schema": {
1583
+ "$ref": "#/components/schemas/Error"
1584
+ }
1585
+ }
1586
+ }
1587
+ }
1588
+ }
1589
+ },
1590
+ "delete": {
1591
+ "tags": [
1592
+ "Policy"
1593
+ ],
1594
+ "summary": "Delete a policy in the tenant",
1595
+ "operationId": "deletePolicy",
1596
+ "parameters": [
1597
+ {
1598
+ "name": "uuid",
1599
+ "in": "path",
1600
+ "description": "ID of policy to delete",
1601
+ "required": true,
1602
+ "schema": {
1603
+ "type": "string",
1604
+ "format": "uuid"
1605
+ }
1606
+ }
1607
+ ],
1608
+ "responses": {
1609
+ "204": {
1610
+ "description": "Policy deleted"
1611
+ },
1612
+ "401": {
1613
+ "description": "Unauthorized"
1614
+ },
1615
+ "404": {
1616
+ "description": "Not Found",
1617
+ "content": {
1618
+ "application/json": {
1619
+ "schema": {
1620
+ "$ref": "#/components/schemas/Error"
1621
+ }
1622
+ }
1623
+ }
1624
+ },
1625
+ "500": {
1626
+ "description": "Unexpected Error",
1627
+ "content": {
1628
+ "application/json": {
1629
+ "schema": {
1630
+ "$ref": "#/components/schemas/Error"
1631
+ }
1632
+ }
1633
+ }
1634
+ }
1635
+ }
1636
+ }
1637
+ },
1638
+ "/access/": {
1639
+ "get": {
1640
+ "tags": [
1641
+ "Access"
1642
+ ],
1643
+ "summary": "Get the permitted access for a principal in the tenant (defaults to principal from the identity header)",
1644
+ "operationId": "getPrincipalAccess",
1645
+ "parameters": [
1646
+ {
1647
+ "name": "application",
1648
+ "in": "query",
1649
+ "description": "The application name to obtain access for the principal",
1650
+ "required": true,
1651
+ "schema": {
1652
+ "type": "string"
1653
+ }
1654
+ },
1655
+ {
1656
+ "name": "username",
1657
+ "in": "query",
1658
+ "description": "Unique username of the principal to obtain access for (only available for admins, and if supplied, takes precedence over the identity header).",
1659
+ "required": false,
1660
+ "schema": {
1661
+ "type": "string"
1662
+ }
1663
+ },
1664
+ {
1665
+ "$ref": "#/components/parameters/QueryLimit"
1666
+ },
1667
+ {
1668
+ "$ref": "#/components/parameters/QueryOffset"
1669
+ }
1670
+ ],
1671
+ "responses": {
1672
+ "200": {
1673
+ "description": "A paginated list of access objects",
1674
+ "content": {
1675
+ "application/json": {
1676
+ "schema": {
1677
+ "$ref": "#/components/schemas/AccessPagination"
1678
+ }
1679
+ }
1680
+ }
1681
+ },
1682
+ "401": {
1683
+ "description": "Unauthorized"
1684
+ },
1685
+ "404": {
1686
+ "description": "Not Found",
1687
+ "content": {
1688
+ "application/json": {
1689
+ "schema": {
1690
+ "$ref": "#/components/schemas/Error"
1691
+ }
1692
+ }
1693
+ }
1694
+ },
1695
+ "500": {
1696
+ "description": "Unexpected Error",
1697
+ "content": {
1698
+ "application/json": {
1699
+ "schema": {
1700
+ "$ref": "#/components/schemas/Error"
1701
+ }
1702
+ }
1703
+ }
1704
+ }
1705
+ }
1706
+ }
1707
+ }
1708
+ },
1709
+ "servers": [
1710
+ {
1711
+ "url": "/api/rbac/v1"
1712
+ }
1713
+ ],
1714
+ "components": {
1715
+ "parameters": {
1716
+ "QueryOffset": {
1717
+ "in": "query",
1718
+ "name": "offset",
1719
+ "required": false,
1720
+ "description": "Parameter for selecting the offset of data.",
1721
+ "schema": {
1722
+ "type": "integer",
1723
+ "default": 0,
1724
+ "minimum": 0
1725
+ }
1726
+ },
1727
+ "QueryLimit": {
1728
+ "in": "query",
1729
+ "name": "limit",
1730
+ "required": false,
1731
+ "description": "Parameter for selecting the amount of data returned.",
1732
+ "schema": {
1733
+ "type": "integer",
1734
+ "default": 10,
1735
+ "minimum": 1,
1736
+ "maximum": 1000
1737
+ }
1738
+ },
1739
+ "NameFilter": {
1740
+ "in": "query",
1741
+ "name": "name",
1742
+ "required": false,
1743
+ "description": "Parameter for filtering resource by name using string contains search.",
1744
+ "schema": {
1745
+ "type": "string"
1746
+ }
1747
+ },
1748
+ "GroupNameFilter": {
1749
+ "in": "query",
1750
+ "name": "group_name",
1751
+ "required": false,
1752
+ "description": "Parameter for filtering resource by group name using string contains search.",
1753
+ "schema": {
1754
+ "type": "string"
1755
+ }
1756
+ },
1757
+ "GroupUUIDFilter": {
1758
+ "in": "query",
1759
+ "name": "group_uuid",
1760
+ "required": false,
1761
+ "description": "Parameter for filtering resource by group uuid using UUID exact match.",
1762
+ "schema": {
1763
+ "type": "string",
1764
+ "format": "uuid"
1765
+ }
1766
+ },
1767
+ "OrderByFilter": {
1768
+ "in": "query",
1769
+ "name": "order_by",
1770
+ "required": false,
1771
+ "description": "Parameter for ordering resource by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name",
1772
+ "schema": {
1773
+ "type": "string"
1774
+ }
1775
+ },
1776
+ "ScopeFilter": {
1777
+ "in": "query",
1778
+ "name": "scope",
1779
+ "required": false,
1780
+ "description": "Parameter for filtering resource by scope.",
1781
+ "schema": {
1782
+ "type": "string",
1783
+ "enum": [
1784
+ "account",
1785
+ "principal"
1786
+ ],
1787
+ "default": "account"
1788
+ }
1789
+ }
1790
+ },
1791
+ "requestBodies": {
1792
+ "GroupPrincipalIn": {
1793
+ "content": {
1794
+ "application/json": {
1795
+ "schema": {
1796
+ "$ref": "#/components/schemas/GroupPrincipalIn"
1797
+ }
1798
+ }
1799
+ },
1800
+ "description": "Principal to add to a group",
1801
+ "required": true
1802
+ },
1803
+ "GroupRoleIn": {
1804
+ "content": {
1805
+ "application/json": {
1806
+ "schema": {
1807
+ "$ref": "#/components/schemas/GroupRoleIn"
1808
+ }
1809
+ }
1810
+ },
1811
+ "description": "Role to add to a group",
1812
+ "required": true
1813
+ }
1814
+ },
1815
+ "securitySchemes": {
1816
+ "basic_auth": {
1817
+ "type": "http",
1818
+ "description": "The userid/password is needed when accessing this API externally",
1819
+ "scheme": "basic"
1820
+ }
1821
+ },
1822
+ "schemas": {
1823
+ "Error": {
1824
+ "required": [
1825
+ "errors"
1826
+ ],
1827
+ "properties": {
1828
+ "errors": {
1829
+ "type": "array",
1830
+ "items": {
1831
+ "type": "object",
1832
+ "example": {
1833
+ "detail": "Not Found.",
1834
+ "status": 404
1835
+ }
1836
+ }
1837
+ }
1838
+ }
1839
+ },
1840
+ "Error403": {
1841
+ "required": [
1842
+ "errors"
1843
+ ],
1844
+ "properties": {
1845
+ "errors": {
1846
+ "type": "array",
1847
+ "items": {
1848
+ "type": "object",
1849
+ "example": {
1850
+ "detail": "You do not have permission to perform this action.",
1851
+ "source": "detail",
1852
+ "status": 403
1853
+ }
1854
+ }
1855
+ }
1856
+ }
1857
+ },
1858
+ "UUID": {
1859
+ "type": "object",
1860
+ "required": [
1861
+ "uuid"
1862
+ ],
1863
+ "properties": {
1864
+ "uuid": {
1865
+ "type": "string",
1866
+ "format": "uuid",
1867
+ "example": "57e60f90-8c0c-4bd1-87a0-2143759aae1c"
1868
+ }
1869
+ }
1870
+ },
1871
+ "Timestamped": {
1872
+ "type": "object",
1873
+ "required": [
1874
+ "created",
1875
+ "modified"
1876
+ ],
1877
+ "properties": {
1878
+ "created": {
1879
+ "type": "string",
1880
+ "format": "date-time",
1881
+ "example": "2019-01-21T17:32:28Z"
1882
+ },
1883
+ "modified": {
1884
+ "type": "string",
1885
+ "format": "date-time",
1886
+ "example": "2019-03-04T07:25:58Z"
1887
+ }
1888
+ }
1889
+ },
1890
+ "PaginationMeta": {
1891
+ "properties": {
1892
+ "count": {
1893
+ "type": "integer",
1894
+ "format": "int64",
1895
+ "example": 30
1896
+ }
1897
+ }
1898
+ },
1899
+ "PaginationLinks": {
1900
+ "properties": {
1901
+ "first": {
1902
+ "type": "string",
1903
+ "format": "uri",
1904
+ "example": "/api/v1/(resources)/?offset=0&limit=10"
1905
+ },
1906
+ "previous": {
1907
+ "type": "string",
1908
+ "format": "uri",
1909
+ "example": "/api/v1/(resources)/?offset=20&limit=10"
1910
+ },
1911
+ "next": {
1912
+ "type": "string",
1913
+ "format": "uri",
1914
+ "example": "/api/v1/(resources)/?offset=40&limit=10"
1915
+ },
1916
+ "last": {
1917
+ "type": "string",
1918
+ "format": "uri",
1919
+ "example": "/api/v1/(resources)/?offset=90&limit=10"
1920
+ }
1921
+ }
1922
+ },
1923
+ "ListPagination": {
1924
+ "properties": {
1925
+ "meta": {
1926
+ "$ref": "#/components/schemas/PaginationMeta"
1927
+ },
1928
+ "links": {
1929
+ "$ref": "#/components/schemas/PaginationLinks"
1930
+ }
1931
+ }
1932
+ },
1933
+ "Principal": {
1934
+ "required": [
1935
+ "username",
1936
+ "email"
1937
+ ],
1938
+ "properties": {
1939
+ "username": {
1940
+ "type": "string",
1941
+ "example": "smithj"
1942
+ },
1943
+ "email": {
1944
+ "type": "string",
1945
+ "format": "email",
1946
+ "example": "smithj@mytechco.com"
1947
+ },
1948
+ "first_name": {
1949
+ "type": "string",
1950
+ "example": "John"
1951
+ },
1952
+ "last_name": {
1953
+ "type": "string",
1954
+ "example": "Smith"
1955
+ },
1956
+ "is_active": {
1957
+ "type": "boolean"
1958
+ }
1959
+ }
1960
+ },
1961
+ "PrincipalIn": {
1962
+ "required": [
1963
+ "username"
1964
+ ],
1965
+ "properties": {
1966
+ "username": {
1967
+ "type": "string",
1968
+ "example": "smithj"
1969
+ }
1970
+ }
1971
+ },
1972
+ "PrincipalOut": {
1973
+ "allOf": [
1974
+ {
1975
+ "$ref": "#/components/schemas/Principal"
1976
+ },
1977
+ {
1978
+ "$ref": "#/components/schemas/UUID"
1979
+ }
1980
+ ]
1981
+ },
1982
+ "PrincipalPagination": {
1983
+ "allOf": [
1984
+ {
1985
+ "$ref": "#/components/schemas/ListPagination"
1986
+ },
1987
+ {
1988
+ "type": "object",
1989
+ "required": [
1990
+ "data"
1991
+ ],
1992
+ "properties": {
1993
+ "data": {
1994
+ "type": "array",
1995
+ "items": {
1996
+ "$ref": "#/components/schemas/Principal"
1997
+ }
1998
+ }
1999
+ }
2000
+ }
2001
+ ]
2002
+ },
2003
+ "Group": {
2004
+ "required": [
2005
+ "name"
2006
+ ],
2007
+ "properties": {
2008
+ "name": {
2009
+ "type": "string",
2010
+ "example": "GroupA"
2011
+ },
2012
+ "description": {
2013
+ "type": "string",
2014
+ "example": "A description of GroupA"
2015
+ }
2016
+ }
2017
+ },
2018
+ "AdditionalGroup": {
2019
+ "properties": {
2020
+ "name": {
2021
+ "type": "string",
2022
+ "example": "GroupA"
2023
+ },
2024
+ "uuid": {
2025
+ "type": "string",
2026
+ "example": "234df936-abb4-4238-a1c9-d91fc540c702"
2027
+ }
2028
+ }
2029
+ },
2030
+ "GroupOut": {
2031
+ "allOf": [
2032
+ {
2033
+ "$ref": "#/components/schemas/Group"
2034
+ },
2035
+ {
2036
+ "$ref": "#/components/schemas/UUID"
2037
+ },
2038
+ {
2039
+ "$ref": "#/components/schemas/Timestamped"
2040
+ },
2041
+ {
2042
+ "properties": {
2043
+ "principalCount": {
2044
+ "type": "integer",
2045
+ "minimum": 0
2046
+ },
2047
+ "roleCount": {
2048
+ "type": "integer",
2049
+ "minimum": 0
2050
+ },
2051
+ "system": {
2052
+ "type": "boolean",
2053
+ "default": false
2054
+ },
2055
+ "platform_default": {
2056
+ "type": "boolean",
2057
+ "default": false
2058
+ }
2059
+ }
2060
+ }
2061
+ ]
2062
+ },
2063
+ "GroupPrincipalIn": {
2064
+ "required": [
2065
+ "principals"
2066
+ ],
2067
+ "properties": {
2068
+ "principals": {
2069
+ "type": "array",
2070
+ "items": {
2071
+ "$ref": "#/components/schemas/PrincipalIn"
2072
+ }
2073
+ }
2074
+ }
2075
+ },
2076
+ "GroupRoleIn": {
2077
+ "required": [
2078
+ "roles"
2079
+ ],
2080
+ "properties": {
2081
+ "roles": {
2082
+ "type": "array",
2083
+ "items": {
2084
+ "type": "string",
2085
+ "format": "uuid",
2086
+ "example": "94846f2f-cced-474f-b7f3-47e2ec51dd11"
2087
+ }
2088
+ }
2089
+ }
2090
+ },
2091
+ "GroupWithPrincipals": {
2092
+ "allOf": [
2093
+ {
2094
+ "$ref": "#/components/schemas/Group"
2095
+ },
2096
+ {
2097
+ "$ref": "#/components/schemas/UUID"
2098
+ },
2099
+ {
2100
+ "$ref": "#/components/schemas/Timestamped"
2101
+ },
2102
+ {
2103
+ "type": "object",
2104
+ "required": [
2105
+ "principals"
2106
+ ],
2107
+ "properties": {
2108
+ "principals": {
2109
+ "type": "array",
2110
+ "items": {
2111
+ "$ref": "#/components/schemas/Principal"
2112
+ }
2113
+ }
2114
+ }
2115
+ }
2116
+ ]
2117
+ },
2118
+ "GroupWithPrincipalsAndRoles": {
2119
+ "allOf": [
2120
+ {
2121
+ "$ref": "#/components/schemas/Group"
2122
+ },
2123
+ {
2124
+ "$ref": "#/components/schemas/UUID"
2125
+ },
2126
+ {
2127
+ "$ref": "#/components/schemas/Timestamped"
2128
+ },
2129
+ {
2130
+ "type": "object",
2131
+ "required": [
2132
+ "principals",
2133
+ "roles"
2134
+ ],
2135
+ "properties": {
2136
+ "principals": {
2137
+ "type": "array",
2138
+ "items": {
2139
+ "$ref": "#/components/schemas/Principal"
2140
+ }
2141
+ },
2142
+ "roles": {
2143
+ "type": "array",
2144
+ "items": {
2145
+ "$ref": "#/components/schemas/RoleOut"
2146
+ }
2147
+ }
2148
+ }
2149
+ }
2150
+ ]
2151
+ },
2152
+ "GroupRolesPagination": {
2153
+ "allOf": [
2154
+ {
2155
+ "$ref": "#/components/schemas/ListPagination"
2156
+ },
2157
+ {
2158
+ "type": "object",
2159
+ "required": [
2160
+ "data"
2161
+ ],
2162
+ "properties": {
2163
+ "data": {
2164
+ "type": "array",
2165
+ "items": {
2166
+ "$ref": "#/components/schemas/RoleOut"
2167
+ }
2168
+ }
2169
+ }
2170
+ }
2171
+ ]
2172
+ },
2173
+ "GroupPagination": {
2174
+ "allOf": [
2175
+ {
2176
+ "$ref": "#/components/schemas/ListPagination"
2177
+ },
2178
+ {
2179
+ "type": "object",
2180
+ "required": [
2181
+ "data"
2182
+ ],
2183
+ "properties": {
2184
+ "data": {
2185
+ "type": "array",
2186
+ "items": {
2187
+ "$ref": "#/components/schemas/GroupOut"
2188
+ }
2189
+ }
2190
+ }
2191
+ }
2192
+ ]
2193
+ },
2194
+ "ResourceDefinitionFilter": {
2195
+ "required": [
2196
+ "key",
2197
+ "operation",
2198
+ "value"
2199
+ ],
2200
+ "properties": {
2201
+ "key": {
2202
+ "type": "string",
2203
+ "example": "cost-management.aws.account"
2204
+ },
2205
+ "operation": {
2206
+ "type": "string",
2207
+ "enum": [
2208
+ "equal",
2209
+ "in"
2210
+ ]
2211
+ },
2212
+ "value": {
2213
+ "type": "string",
2214
+ "example": "123456"
2215
+ }
2216
+ }
2217
+ },
2218
+ "ResourceDefinition": {
2219
+ "required": [
2220
+ "attributeFilter"
2221
+ ],
2222
+ "properties": {
2223
+ "attributeFilter": {
2224
+ "$ref": "#/components/schemas/ResourceDefinitionFilter"
2225
+ }
2226
+ }
2227
+ },
2228
+ "Access": {
2229
+ "required": [
2230
+ "permission",
2231
+ "resourceDefinitions"
2232
+ ],
2233
+ "properties": {
2234
+ "permission": {
2235
+ "type": "string",
2236
+ "example": "cost-management:*:read"
2237
+ },
2238
+ "resourceDefinitions": {
2239
+ "type": "array",
2240
+ "items": {
2241
+ "$ref": "#/components/schemas/ResourceDefinition"
2242
+ }
2243
+ }
2244
+ }
2245
+ },
2246
+ "Role": {
2247
+ "required": [
2248
+ "name"
2249
+ ],
2250
+ "properties": {
2251
+ "name": {
2252
+ "type": "string",
2253
+ "example": "RoleA"
2254
+ },
2255
+ "description": {
2256
+ "type": "string",
2257
+ "example": "A description of RoleA"
2258
+ }
2259
+ }
2260
+ },
2261
+ "RoleIn": {
2262
+ "allOf": [
2263
+ {
2264
+ "$ref": "#/components/schemas/Role"
2265
+ },
2266
+ {
2267
+ "type": "object",
2268
+ "required": [
2269
+ "access"
2270
+ ],
2271
+ "properties": {
2272
+ "access": {
2273
+ "type": "array",
2274
+ "items": {
2275
+ "$ref": "#/components/schemas/Access"
2276
+ }
2277
+ }
2278
+ }
2279
+ }
2280
+ ]
2281
+ },
2282
+ "RolePagination": {
2283
+ "allOf": [
2284
+ {
2285
+ "$ref": "#/components/schemas/ListPagination"
2286
+ },
2287
+ {
2288
+ "type": "object",
2289
+ "required": [
2290
+ "data"
2291
+ ],
2292
+ "properties": {
2293
+ "data": {
2294
+ "type": "array",
2295
+ "items": {
2296
+ "$ref": "#/components/schemas/RoleOut"
2297
+ }
2298
+ }
2299
+ }
2300
+ }
2301
+ ]
2302
+ },
2303
+ "RolePaginationDynamic": {
2304
+ "allOf": [
2305
+ {
2306
+ "$ref": "#/components/schemas/ListPagination"
2307
+ },
2308
+ {
2309
+ "type": "object",
2310
+ "required": [
2311
+ "data"
2312
+ ],
2313
+ "properties": {
2314
+ "data": {
2315
+ "type": "array",
2316
+ "items": {
2317
+ "$ref": "#/components/schemas/RoleOutDynamic"
2318
+ }
2319
+ }
2320
+ }
2321
+ }
2322
+ ]
2323
+ },
2324
+ "RoleOut": {
2325
+ "allOf": [
2326
+ {
2327
+ "$ref": "#/components/schemas/Role"
2328
+ },
2329
+ {
2330
+ "$ref": "#/components/schemas/UUID"
2331
+ },
2332
+ {
2333
+ "$ref": "#/components/schemas/Timestamped"
2334
+ },
2335
+ {
2336
+ "properties": {
2337
+ "policyCount": {
2338
+ "type": "integer",
2339
+ "minimum": 0
2340
+ },
2341
+ "accessCount": {
2342
+ "type": "integer",
2343
+ "minimum": 0
2344
+ },
2345
+ "applications": {
2346
+ "type": "array",
2347
+ "items": {
2348
+ "type": "string",
2349
+ "example": "catalog"
2350
+ }
2351
+ },
2352
+ "system": {
2353
+ "type": "boolean",
2354
+ "default": false
2355
+ },
2356
+ "platform_default": {
2357
+ "type": "boolean",
2358
+ "default": false
2359
+ }
2360
+ }
2361
+ }
2362
+ ]
2363
+ },
2364
+ "RoleOutDynamic": {
2365
+ "allOf": [
2366
+ {
2367
+ "$ref": "#/components/schemas/Role"
2368
+ },
2369
+ {
2370
+ "$ref": "#/components/schemas/UUID"
2371
+ },
2372
+ {
2373
+ "$ref": "#/components/schemas/Timestamped"
2374
+ },
2375
+ {
2376
+ "type": "object",
2377
+ "required": [
2378
+ "policyCount",
2379
+ "accessCount",
2380
+ "applications",
2381
+ "system",
2382
+ "platform_default"
2383
+ ],
2384
+ "properties": {
2385
+ "policyCount": {
2386
+ "type": "integer",
2387
+ "minimum": 0
2388
+ },
2389
+ "accessCount": {
2390
+ "type": "integer",
2391
+ "minimum": 0
2392
+ },
2393
+ "applications": {
2394
+ "type": "array",
2395
+ "items": {
2396
+ "type": "string",
2397
+ "example": "catalog"
2398
+ }
2399
+ },
2400
+ "system": {
2401
+ "type": "boolean",
2402
+ "default": false
2403
+ },
2404
+ "platform_default": {
2405
+ "type": "boolean",
2406
+ "default": false
2407
+ },
2408
+ "groups_in_count": {
2409
+ "type": "integer",
2410
+ "minimum": 0
2411
+ },
2412
+ "groups_in": {
2413
+ "type": "array",
2414
+ "items": {
2415
+ "$ref": "#/components/schemas/AdditionalGroup"
2416
+ }
2417
+ }
2418
+ }
2419
+ }
2420
+ ]
2421
+ },
2422
+ "RoleWithAccess": {
2423
+ "allOf": [
2424
+ {
2425
+ "$ref": "#/components/schemas/RoleOut"
2426
+ },
2427
+ {
2428
+ "type": "object",
2429
+ "required": [
2430
+ "access"
2431
+ ],
2432
+ "properties": {
2433
+ "access": {
2434
+ "type": "array",
2435
+ "items": {
2436
+ "$ref": "#/components/schemas/Access"
2437
+ }
2438
+ }
2439
+ }
2440
+ }
2441
+ ]
2442
+ },
2443
+ "Policy": {
2444
+ "required": [
2445
+ "name"
2446
+ ],
2447
+ "properties": {
2448
+ "name": {
2449
+ "type": "string",
2450
+ "example": "PolicyA"
2451
+ },
2452
+ "description": {
2453
+ "type": "string",
2454
+ "example": "A description of PolicyA"
2455
+ }
2456
+ }
2457
+ },
2458
+ "PolicyIn": {
2459
+ "allOf": [
2460
+ {
2461
+ "$ref": "#/components/schemas/Policy"
2462
+ },
2463
+ {
2464
+ "type": "object",
2465
+ "required": [
2466
+ "group",
2467
+ "roles"
2468
+ ],
2469
+ "properties": {
2470
+ "group": {
2471
+ "type": "string",
2472
+ "format": "uuid",
2473
+ "example": "83ee048e-3c1d-43ef-b945-108225ae52f4"
2474
+ },
2475
+ "roles": {
2476
+ "type": "array",
2477
+ "items": {
2478
+ "type": "string",
2479
+ "format": "uuid",
2480
+ "example": "94846f2f-cced-474f-b7f3-47e2ec51dd11"
2481
+ }
2482
+ }
2483
+ }
2484
+ }
2485
+ ]
2486
+ },
2487
+ "PolicyExtended": {
2488
+ "allOf": [
2489
+ {
2490
+ "$ref": "#/components/schemas/Policy"
2491
+ },
2492
+ {
2493
+ "$ref": "#/components/schemas/UUID"
2494
+ },
2495
+ {
2496
+ "$ref": "#/components/schemas/Timestamped"
2497
+ },
2498
+ {
2499
+ "type": "object",
2500
+ "required": [
2501
+ "group",
2502
+ "roles"
2503
+ ],
2504
+ "properties": {
2505
+ "group": {
2506
+ "$ref": "#/components/schemas/GroupOut"
2507
+ },
2508
+ "roles": {
2509
+ "type": "array",
2510
+ "items": {
2511
+ "$ref": "#/components/schemas/RoleOut"
2512
+ }
2513
+ }
2514
+ }
2515
+ }
2516
+ ]
2517
+ },
2518
+ "PolicyPagination": {
2519
+ "allOf": [
2520
+ {
2521
+ "$ref": "#/components/schemas/ListPagination"
2522
+ },
2523
+ {
2524
+ "type": "object",
2525
+ "required": [
2526
+ "data"
2527
+ ],
2528
+ "properties": {
2529
+ "data": {
2530
+ "type": "array",
2531
+ "items": {
2532
+ "$ref": "#/components/schemas/PolicyExtended"
2533
+ }
2534
+ }
2535
+ }
2536
+ }
2537
+ ]
2538
+ },
2539
+ "AccessPagination": {
2540
+ "allOf": [
2541
+ {
2542
+ "$ref": "#/components/schemas/ListPagination"
2543
+ },
2544
+ {
2545
+ "type": "object",
2546
+ "required": [
2547
+ "data"
2548
+ ],
2549
+ "properties": {
2550
+ "data": {
2551
+ "type": "array",
2552
+ "items": {
2553
+ "$ref": "#/components/schemas/Access"
2554
+ }
2555
+ }
2556
+ }
2557
+ }
2558
+ ]
2559
+ },
2560
+ "Status": {
2561
+ "required": [
2562
+ "api_version"
2563
+ ],
2564
+ "properties": {
2565
+ "api_version": {
2566
+ "type": "integer",
2567
+ "format": "int64",
2568
+ "example": 1
2569
+ },
2570
+ "commit": {
2571
+ "type": "string",
2572
+ "example": "178d2ea"
2573
+ },
2574
+ "server_address": {
2575
+ "type": "string",
2576
+ "example": "127.0.0.1:8000"
2577
+ },
2578
+ "platform_info": {
2579
+ "type": "object",
2580
+ "example": {
2581
+ "system": "Darwin",
2582
+ "node": "node-1.example.com",
2583
+ "release": "17.5.0",
2584
+ "version": "Darwin Kernel Version 17.5.0",
2585
+ "machine": "x86_64",
2586
+ "processor": "i386"
2587
+ }
2588
+ },
2589
+ "python_version": {
2590
+ "type": "string",
2591
+ "example": "3.6.1"
2592
+ },
2593
+ "modules": {
2594
+ "type": "object",
2595
+ "example": {
2596
+ "coverage": "4.5.1",
2597
+ "coverage.version": "4.5.1",
2598
+ "coverage.xmlreport": "4.5.1",
2599
+ "cryptography": "2.0.3",
2600
+ "ctypes": "1.1.0",
2601
+ "ctypes.macholib": "1.0",
2602
+ "decimal": "1.70",
2603
+ "django": "1.11.5",
2604
+ "django.utils.six": "1.10.0",
2605
+ "django_filters": "1.0.4",
2606
+ "http.server": "0.6"
2607
+ }
2608
+ }
2609
+ }
2610
+ }
2611
+ }
2612
+ }
2613
+ }