rbac-api-client 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (180) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +9 -0
  3. data/README.md +175 -0
  4. data/Rakefile +10 -0
  5. data/client-meta.json +8 -0
  6. data/docs/Access.md +19 -0
  7. data/docs/AccessApi.md +68 -0
  8. data/docs/AccessPagination.md +21 -0
  9. data/docs/AccessPaginationAllOf.md +17 -0
  10. data/docs/AdditionalGroup.md +19 -0
  11. data/docs/Error.md +17 -0
  12. data/docs/Error403.md +17 -0
  13. data/docs/Group.md +19 -0
  14. data/docs/GroupApi.md +623 -0
  15. data/docs/GroupOut.md +33 -0
  16. data/docs/GroupPagination.md +21 -0
  17. data/docs/GroupPaginationAllOf.md +17 -0
  18. data/docs/GroupPrincipalIn.md +17 -0
  19. data/docs/GroupRoleIn.md +17 -0
  20. data/docs/GroupRolesPagination.md +21 -0
  21. data/docs/GroupWithPrincipals.md +27 -0
  22. data/docs/GroupWithPrincipalsAllOf.md +17 -0
  23. data/docs/GroupWithPrincipalsAndRoles.md +29 -0
  24. data/docs/GroupWithPrincipalsAndRolesAllOf.md +19 -0
  25. data/docs/InlineResponse200.md +17 -0
  26. data/docs/ListPagination.md +19 -0
  27. data/docs/PaginationLinks.md +23 -0
  28. data/docs/PaginationMeta.md +17 -0
  29. data/docs/Policy.md +19 -0
  30. data/docs/PolicyApi.md +283 -0
  31. data/docs/PolicyExtended.md +29 -0
  32. data/docs/PolicyExtendedAllOf.md +19 -0
  33. data/docs/PolicyIn.md +23 -0
  34. data/docs/PolicyInAllOf.md +19 -0
  35. data/docs/PolicyPagination.md +21 -0
  36. data/docs/PolicyPaginationAllOf.md +17 -0
  37. data/docs/Principal.md +25 -0
  38. data/docs/PrincipalApi.md +68 -0
  39. data/docs/PrincipalIn.md +17 -0
  40. data/docs/PrincipalOut.md +27 -0
  41. data/docs/PrincipalPagination.md +21 -0
  42. data/docs/PrincipalPaginationAllOf.md +17 -0
  43. data/docs/ResourceDefinition.md +17 -0
  44. data/docs/ResourceDefinitionFilter.md +21 -0
  45. data/docs/Role.md +19 -0
  46. data/docs/RoleApi.md +340 -0
  47. data/docs/RoleIn.md +21 -0
  48. data/docs/RoleInAllOf.md +17 -0
  49. data/docs/RoleOut.md +35 -0
  50. data/docs/RoleOutDynamic.md +39 -0
  51. data/docs/RoleOutDynamicAllOf.md +29 -0
  52. data/docs/RolePagination.md +21 -0
  53. data/docs/RolePaginationDynamic.md +21 -0
  54. data/docs/RolePaginationDynamicAllOf.md +17 -0
  55. data/docs/RoleWithAccess.md +37 -0
  56. data/docs/Status.md +27 -0
  57. data/docs/StatusApi.md +56 -0
  58. data/docs/Timestamped.md +19 -0
  59. data/docs/UUID.md +17 -0
  60. data/generate.sh +7 -0
  61. data/git_push.sh +58 -0
  62. data/lib/rbac-api-client.rb +93 -0
  63. data/lib/rbac-api-client/api/access_api.rb +104 -0
  64. data/lib/rbac-api-client/api/group_api.rb +800 -0
  65. data/lib/rbac-api-client/api/policy_api.rb +363 -0
  66. data/lib/rbac-api-client/api/principal_api.rb +104 -0
  67. data/lib/rbac-api-client/api/role_api.rb +445 -0
  68. data/lib/rbac-api-client/api/status_api.rb +76 -0
  69. data/lib/rbac-api-client/api_client.rb +386 -0
  70. data/lib/rbac-api-client/api_error.rb +57 -0
  71. data/lib/rbac-api-client/configuration.rb +248 -0
  72. data/lib/rbac-api-client/models/access.rb +227 -0
  73. data/lib/rbac-api-client/models/access_pagination.rb +239 -0
  74. data/lib/rbac-api-client/models/access_pagination_all_of.rb +213 -0
  75. data/lib/rbac-api-client/models/additional_group.rb +215 -0
  76. data/lib/rbac-api-client/models/error.rb +213 -0
  77. data/lib/rbac-api-client/models/error403.rb +213 -0
  78. data/lib/rbac-api-client/models/group.rb +220 -0
  79. data/lib/rbac-api-client/models/group_out.rb +341 -0
  80. data/lib/rbac-api-client/models/group_pagination.rb +239 -0
  81. data/lib/rbac-api-client/models/group_pagination_all_of.rb +213 -0
  82. data/lib/rbac-api-client/models/group_principal_in.rb +213 -0
  83. data/lib/rbac-api-client/models/group_role_in.rb +213 -0
  84. data/lib/rbac-api-client/models/group_roles_pagination.rb +239 -0
  85. data/lib/rbac-api-client/models/group_with_principals.rb +288 -0
  86. data/lib/rbac-api-client/models/group_with_principals_all_of.rb +213 -0
  87. data/lib/rbac-api-client/models/group_with_principals_and_roles.rb +304 -0
  88. data/lib/rbac-api-client/models/group_with_principals_and_roles_all_of.rb +229 -0
  89. data/lib/rbac-api-client/models/inline_response200.rb +213 -0
  90. data/lib/rbac-api-client/models/list_pagination.rb +215 -0
  91. data/lib/rbac-api-client/models/pagination_links.rb +233 -0
  92. data/lib/rbac-api-client/models/pagination_meta.rb +206 -0
  93. data/lib/rbac-api-client/models/policy.rb +220 -0
  94. data/lib/rbac-api-client/models/policy_extended.rb +302 -0
  95. data/lib/rbac-api-client/models/policy_extended_all_of.rb +227 -0
  96. data/lib/rbac-api-client/models/policy_in.rb +258 -0
  97. data/lib/rbac-api-client/models/policy_in_all_of.rb +227 -0
  98. data/lib/rbac-api-client/models/policy_pagination.rb +239 -0
  99. data/lib/rbac-api-client/models/policy_pagination_all_of.rb +213 -0
  100. data/lib/rbac-api-client/models/principal.rb +252 -0
  101. data/lib/rbac-api-client/models/principal_in.rb +211 -0
  102. data/lib/rbac-api-client/models/principal_out.rb +274 -0
  103. data/lib/rbac-api-client/models/principal_pagination.rb +239 -0
  104. data/lib/rbac-api-client/models/principal_pagination_all_of.rb +213 -0
  105. data/lib/rbac-api-client/models/resource_definition.rb +211 -0
  106. data/lib/rbac-api-client/models/resource_definition_filter.rb +273 -0
  107. data/lib/rbac-api-client/models/role.rb +220 -0
  108. data/lib/rbac-api-client/models/role_in.rb +244 -0
  109. data/lib/rbac-api-client/models/role_in_all_of.rb +213 -0
  110. data/lib/rbac-api-client/models/role_out.rb +352 -0
  111. data/lib/rbac-api-client/models/role_out_dynamic.rb +421 -0
  112. data/lib/rbac-api-client/models/role_out_dynamic_all_of.rb +346 -0
  113. data/lib/rbac-api-client/models/role_pagination.rb +239 -0
  114. data/lib/rbac-api-client/models/role_pagination_dynamic.rb +239 -0
  115. data/lib/rbac-api-client/models/role_pagination_dynamic_all_of.rb +213 -0
  116. data/lib/rbac-api-client/models/role_with_access.rb +367 -0
  117. data/lib/rbac-api-client/models/status.rb +256 -0
  118. data/lib/rbac-api-client/models/timestamped.rb +225 -0
  119. data/lib/rbac-api-client/models/uuid.rb +211 -0
  120. data/lib/rbac-api-client/version.rb +15 -0
  121. data/openapi.json +2613 -0
  122. data/rbac-api-client.gemspec +39 -0
  123. data/spec/api/access_api_spec.rb +49 -0
  124. data/spec/api/group_api_spec.rb +176 -0
  125. data/spec/api/policy_api_spec.rb +97 -0
  126. data/spec/api/principal_api_spec.rb +49 -0
  127. data/spec/api/role_api_spec.rb +110 -0
  128. data/spec/api/status_api_spec.rb +45 -0
  129. data/spec/api_client_spec.rb +226 -0
  130. data/spec/configuration_spec.rb +42 -0
  131. data/spec/models/access_pagination_all_of_spec.rb +41 -0
  132. data/spec/models/access_pagination_spec.rb +53 -0
  133. data/spec/models/access_spec.rb +47 -0
  134. data/spec/models/additional_group_spec.rb +47 -0
  135. data/spec/models/error403_spec.rb +41 -0
  136. data/spec/models/error_spec.rb +41 -0
  137. data/spec/models/group_out_spec.rb +89 -0
  138. data/spec/models/group_pagination_all_of_spec.rb +41 -0
  139. data/spec/models/group_pagination_spec.rb +53 -0
  140. data/spec/models/group_principal_in_spec.rb +41 -0
  141. data/spec/models/group_role_in_spec.rb +41 -0
  142. data/spec/models/group_roles_pagination_spec.rb +53 -0
  143. data/spec/models/group_spec.rb +47 -0
  144. data/spec/models/group_with_principals_all_of_spec.rb +41 -0
  145. data/spec/models/group_with_principals_and_roles_all_of_spec.rb +47 -0
  146. data/spec/models/group_with_principals_and_roles_spec.rb +77 -0
  147. data/spec/models/group_with_principals_spec.rb +71 -0
  148. data/spec/models/inline_response200_spec.rb +41 -0
  149. data/spec/models/list_pagination_spec.rb +47 -0
  150. data/spec/models/pagination_links_spec.rb +59 -0
  151. data/spec/models/pagination_meta_spec.rb +41 -0
  152. data/spec/models/policy_extended_all_of_spec.rb +47 -0
  153. data/spec/models/policy_extended_spec.rb +77 -0
  154. data/spec/models/policy_in_all_of_spec.rb +47 -0
  155. data/spec/models/policy_in_spec.rb +59 -0
  156. data/spec/models/policy_pagination_all_of_spec.rb +41 -0
  157. data/spec/models/policy_pagination_spec.rb +53 -0
  158. data/spec/models/policy_spec.rb +47 -0
  159. data/spec/models/principal_in_spec.rb +41 -0
  160. data/spec/models/principal_out_spec.rb +71 -0
  161. data/spec/models/principal_pagination_all_of_spec.rb +41 -0
  162. data/spec/models/principal_pagination_spec.rb +53 -0
  163. data/spec/models/principal_spec.rb +65 -0
  164. data/spec/models/resource_definition_filter_spec.rb +57 -0
  165. data/spec/models/resource_definition_spec.rb +41 -0
  166. data/spec/models/role_in_all_of_spec.rb +41 -0
  167. data/spec/models/role_in_spec.rb +53 -0
  168. data/spec/models/role_out_dynamic_all_of_spec.rb +77 -0
  169. data/spec/models/role_out_dynamic_spec.rb +107 -0
  170. data/spec/models/role_out_spec.rb +95 -0
  171. data/spec/models/role_pagination_dynamic_all_of_spec.rb +41 -0
  172. data/spec/models/role_pagination_dynamic_spec.rb +53 -0
  173. data/spec/models/role_pagination_spec.rb +53 -0
  174. data/spec/models/role_spec.rb +47 -0
  175. data/spec/models/role_with_access_spec.rb +101 -0
  176. data/spec/models/status_spec.rb +71 -0
  177. data/spec/models/timestamped_spec.rb +47 -0
  178. data/spec/models/uuid_spec.rb +41 -0
  179. data/spec/spec_helper.rb +111 -0
  180. metadata +338 -0
data/lib/rbac-api-client/models/uuid.rb ADDED
@@ -0,0 +1,211 @@
1
+ =begin
2
+ #Role Based Access Control
3
+
4
+ #The API for Role Based Access Control.
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ OpenAPI Generator version: 4.2.2
10
+
11
+ =end
12
+
13
+ require 'date'
14
+
15
+ module RBACApiClient
16
+ class UUID
17
+ attr_accessor :uuid
18
+
19
+ # Attribute mapping from ruby-style variable name to JSON key.
20
+ def self.attribute_map
21
+ {
22
+ :'uuid' => :'uuid'
23
+ }
24
+ end
25
+
26
+ # Attribute type mapping.
27
+ def self.openapi_types
28
+ {
29
+ :'uuid' => :'String'
30
+ }
31
+ end
32
+
33
+ # List of attributes with nullable: true
34
+ def self.openapi_nullable
35
+ Set.new([
36
+ ])
37
+ end
38
+
39
+ # Initializes the object
40
+ # @param [Hash] attributes Model attributes in the form of hash
41
+ def initialize(attributes = {})
42
+ if (!attributes.is_a?(Hash))
43
+ fail ArgumentError, "The input argument (attributes) must be a hash in `RBACApiClient::UUID` initialize method"
44
+ end
45
+
46
+ # check to see if the attribute exists and convert string to symbol for hash key
47
+ attributes = attributes.each_with_object({}) { |(k, v), h|
48
+ if (!self.class.attribute_map.key?(k.to_sym))
49
+ fail ArgumentError, "`#{k}` is not a valid attribute in `RBACApiClient::UUID`. Please check the name to make sure it's valid. List of attributes: " + self.class.attribute_map.keys.inspect
50
+ end
51
+ h[k.to_sym] = v
52
+ }
53
+
54
+ if attributes.key?(:'uuid')
55
+ self.uuid = attributes[:'uuid']
56
+ end
57
+ end
58
+
59
+ # Show invalid properties with the reasons. Usually used together with valid?
60
+ # @return Array for valid properties with the reasons
61
+ def list_invalid_properties
62
+ invalid_properties = Array.new
63
+ if @uuid.nil?
64
+ invalid_properties.push('invalid value for "uuid", uuid cannot be nil.')
65
+ end
66
+
67
+ invalid_properties
68
+ end
69
+
70
+ # Check to see if the all the properties in the model are valid
71
+ # @return true if the model is valid
72
+ def valid?
73
+ return false if @uuid.nil?
74
+ true
75
+ end
76
+
77
+ # Checks equality by comparing each attribute.
78
+ # @param [Object] Object to be compared
79
+ def ==(o)
80
+ return true if self.equal?(o)
81
+ self.class == o.class &&
82
+ uuid == o.uuid
83
+ end
84
+
85
+ # @see the `==` method
86
+ # @param [Object] Object to be compared
87
+ def eql?(o)
88
+ self == o
89
+ end
90
+
91
+ # Calculates hash code according to all attributes.
92
+ # @return [Integer] Hash code
93
+ def hash
94
+ [uuid].hash
95
+ end
96
+
97
+ # Builds the object from hash
98
+ # @param [Hash] attributes Model attributes in the form of hash
99
+ # @return [Object] Returns the model itself
100
+ def self.build_from_hash(attributes)
101
+ new.build_from_hash(attributes)
102
+ end
103
+
104
+ # Builds the object from hash
105
+ # @param [Hash] attributes Model attributes in the form of hash
106
+ # @return [Object] Returns the model itself
107
+ def build_from_hash(attributes)
108
+ return nil unless attributes.is_a?(Hash)
109
+ self.class.openapi_types.each_pair do |key, type|
110
+ if type =~ /\AArray<(.*)>/i
111
+ # check to ensure the input is an array given that the attribute
112
+ # is documented as an array but the input is not
113
+ if attributes[self.class.attribute_map[key]].is_a?(Array)
114
+ self.send("#{key}=", attributes[self.class.attribute_map[key]].map { |v| _deserialize($1, v) })
115
+ end
116
+ elsif !attributes[self.class.attribute_map[key]].nil?
117
+ self.send("#{key}=", _deserialize(type, attributes[self.class.attribute_map[key]]))
118
+ end # or else data not found in attributes(hash), not an issue as the data can be optional
119
+ end
120
+
121
+ self
122
+ end
123
+
124
+ # Deserializes the data based on type
125
+ # @param string type Data type
126
+ # @param string value Value to be deserialized
127
+ # @return [Object] Deserialized data
128
+ def _deserialize(type, value)
129
+ case type.to_sym
130
+ when :DateTime
131
+ DateTime.parse(value)
132
+ when :Date
133
+ Date.parse(value)
134
+ when :String
135
+ value.to_s
136
+ when :Integer
137
+ value.to_i
138
+ when :Float
139
+ value.to_f
140
+ when :Boolean
141
+ if value.to_s =~ /\A(true|t|yes|y|1)\z/i
142
+ true
143
+ else
144
+ false
145
+ end
146
+ when :Object
147
+ # generic object (usually a Hash), return directly
148
+ value
149
+ when /\AArray<(?<inner_type>.+)>\z/
150
+ inner_type = Regexp.last_match[:inner_type]
151
+ value.map { |v| _deserialize(inner_type, v) }
152
+ when /\AHash<(?<k_type>.+?), (?<v_type>.+)>\z/
153
+ k_type = Regexp.last_match[:k_type]
154
+ v_type = Regexp.last_match[:v_type]
155
+ {}.tap do |hash|
156
+ value.each do |k, v|
157
+ hash[_deserialize(k_type, k)] = _deserialize(v_type, v)
158
+ end
159
+ end
160
+ else # model
161
+ RBACApiClient.const_get(type).build_from_hash(value)
162
+ end
163
+ end
164
+
165
+ # Returns the string representation of the object
166
+ # @return [String] String presentation of the object
167
+ def to_s
168
+ to_hash.to_s
169
+ end
170
+
171
+ # to_body is an alias to to_hash (backward compatibility)
172
+ # @return [Hash] Returns the object in the form of hash
173
+ def to_body
174
+ to_hash
175
+ end
176
+
177
+ # Returns the object in the form of hash
178
+ # @return [Hash] Returns the object in the form of hash
179
+ def to_hash
180
+ hash = {}
181
+ self.class.attribute_map.each_pair do |attr, param|
182
+ value = self.send(attr)
183
+ if value.nil?
184
+ is_nullable = self.class.openapi_nullable.include?(attr)
185
+ next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}"))
186
+ end
187
+
188
+ hash[param] = _to_hash(value)
189
+ end
190
+ hash
191
+ end
192
+
193
+ # Outputs non-array value in the form of hash
194
+ # For object, use to_hash. Otherwise, just return the value
195
+ # @param [Object] value Any valid value
196
+ # @return [Hash] Returns the value in the form of hash
197
+ def _to_hash(value)
198
+ if value.is_a?(Array)
199
+ value.compact.map { |v| _to_hash(v) }
200
+ elsif value.is_a?(Hash)
201
+ {}.tap do |hash|
202
+ value.each { |k, v| hash[k] = _to_hash(v) }
203
+ end
204
+ elsif value.respond_to? :to_hash
205
+ value.to_hash
206
+ else
207
+ value
208
+ end
209
+ end
210
+ end
211
+ end
data/lib/rbac-api-client/version.rb ADDED
@@ -0,0 +1,15 @@
1
+ =begin
2
+ #Role Based Access Control
3
+
4
+ #The API for Role Based Access Control.
5
+
6
+ The version of the OpenAPI document: 1.0.0
7
+
8
+ Generated by: https://openapi-generator.tech
9
+ OpenAPI Generator version: 4.2.2
10
+
11
+ =end
12
+
13
+ module RBACApiClient
14
+ VERSION = '1.0.0'
15
+ end
data/openapi.json ADDED
@@ -0,0 +1,2613 @@
1
+ {
2
+ "openapi": "3.0.0",
3
+ "info": {
4
+ "description": "The API for Role Based Access Control.",
5
+ "version": "1.0.0",
6
+ "title": "Role Based Access Control",
7
+ "license": {
8
+ "name": "AGPL-3.0",
9
+ "url": "https://opensource.org/licenses/AGPL-3.0"
10
+ }
11
+ },
12
+ "security": [
13
+ {
14
+ "basic_auth": []
15
+ }
16
+ ],
17
+ "tags": [
18
+ {
19
+ "name": "Principal",
20
+ "description": "Operations about principals"
21
+ },
22
+ {
23
+ "name": "Group",
24
+ "description": "Operations about groups"
25
+ },
26
+ {
27
+ "name": "Role",
28
+ "description": "Operations about roles"
29
+ },
30
+ {
31
+ "name": "Policy",
32
+ "description": "Operations about policies"
33
+ },
34
+ {
35
+ "name": "Access",
36
+ "description": "Operations about access"
37
+ },
38
+ {
39
+ "name": "Status",
40
+ "description": "Operations about status"
41
+ }
42
+ ],
43
+ "paths": {
44
+ "/status/": {
45
+ "get": {
46
+ "tags": [
47
+ "Status"
48
+ ],
49
+ "summary": "Obtain server status",
50
+ "operationId": "getStatus",
51
+ "responses": {
52
+ "200": {
53
+ "description": "An object describing the server status",
54
+ "content": {
55
+ "application/json": {
56
+ "schema": {
57
+ "$ref": "#/components/schemas/Status"
58
+ }
59
+ }
60
+ }
61
+ },
62
+ "500": {
63
+ "description": "Unexpected Error",
64
+ "content": {
65
+ "application/json": {
66
+ "schema": {
67
+ "$ref": "#/components/schemas/Error"
68
+ }
69
+ }
70
+ }
71
+ }
72
+ }
73
+ }
74
+ },
75
+ "/principals/": {
76
+ "get": {
77
+ "tags": [
78
+ "Principal"
79
+ ],
80
+ "summary": "List the principals for a tenant",
81
+ "operationId": "listPrincipals",
82
+ "parameters": [
83
+ {
84
+ "$ref": "#/components/parameters/QueryLimit"
85
+ },
86
+ {
87
+ "$ref": "#/components/parameters/QueryOffset"
88
+ },
89
+ {
90
+ "name": "usernames",
91
+ "in": "query",
92
+ "description": "Usernames of principals to get",
93
+ "required": false,
94
+ "schema": {
95
+ "type": "string"
96
+ }
97
+ },
98
+ {
99
+ "name": "sort_order",
100
+ "in": "query",
101
+ "description": "The sort order of the query, either ascending or descending",
102
+ "required": false,
103
+ "schema": {
104
+ "type": "string",
105
+ "enum": ["asc", "desc"]
106
+ }
107
+ }
108
+ ],
109
+ "responses": {
110
+ "200": {
111
+ "description": "A paginated list of principals",
112
+ "content": {
113
+ "application/json": {
114
+ "schema": {
115
+ "$ref": "#/components/schemas/PrincipalPagination"
116
+ }
117
+ }
118
+ }
119
+ },
120
+ "401": {
121
+ "description": "Unauthorized"
122
+ },
123
+ "403": {
124
+ "description": "Insufficient permissions to list principals",
125
+ "content": {
126
+ "application/json": {
127
+ "schema": {
128
+ "$ref": "#/components/schemas/Error403"
129
+ }
130
+ }
131
+ }
132
+ },
133
+ "500": {
134
+ "description": "Unexpected Error",
135
+ "content": {
136
+ "application/json": {
137
+ "schema": {
138
+ "$ref": "#/components/schemas/Error"
139
+ }
140
+ }
141
+ }
142
+ }
143
+ }
144
+ }
145
+ },
146
+ "/groups/": {
147
+ "post": {
148
+ "tags": [
149
+ "Group"
150
+ ],
151
+ "summary": "Create a group in a tenant",
152
+ "operationId": "createGroup",
153
+ "requestBody": {
154
+ "content": {
155
+ "application/json": {
156
+ "schema": {
157
+ "$ref": "#/components/schemas/Group"
158
+ }
159
+ }
160
+ },
161
+ "description": "Group to create in tenant",
162
+ "required": true
163
+ },
164
+ "responses": {
165
+ "201": {
166
+ "description": "An object describing the group",
167
+ "content": {
168
+ "application/json": {
169
+ "schema": {
170
+ "$ref": "#/components/schemas/GroupOut"
171
+ }
172
+ }
173
+ }
174
+ },
175
+ "401": {
176
+ "description": "Unauthorized"
177
+ },
178
+ "403": {
179
+ "description": "Insufficient permissions to create group",
180
+ "content": {
181
+ "application/json": {
182
+ "schema": {
183
+ "$ref": "#/components/schemas/Error403"
184
+ }
185
+ }
186
+ }
187
+ },
188
+ "500": {
189
+ "description": "Unexpected Error",
190
+ "content": {
191
+ "application/json": {
192
+ "schema": {
193
+ "$ref": "#/components/schemas/Error"
194
+ }
195
+ }
196
+ }
197
+ }
198
+ }
199
+ },
200
+ "get": {
201
+ "tags": [
202
+ "Group"
203
+ ],
204
+ "summary": "List the groups for a tenant",
205
+ "operationId": "listGroups",
206
+ "parameters": [
207
+ {
208
+ "$ref": "#/components/parameters/QueryLimit"
209
+ },
210
+ {
211
+ "$ref": "#/components/parameters/QueryOffset"
212
+ },
213
+ {
214
+ "$ref": "#/components/parameters/NameFilter"
215
+ },
216
+ {
217
+ "$ref": "#/components/parameters/ScopeFilter"
218
+ },
219
+ {
220
+ "name": "username",
221
+ "in": "query",
222
+ "description": "A username for a principal to filter for groups",
223
+ "required": false,
224
+ "schema": {
225
+ "type": "string"
226
+ }
227
+ },
228
+ {
229
+ "name": "uuid",
230
+ "in": "query",
231
+ "description": "A list of UUIDs to filter listed groups.",
232
+ "required": false,
233
+ "schema": {
234
+ "type": "array",
235
+ "items": {
236
+ "type": "string"
237
+ }
238
+ },
239
+ "explode": false,
240
+ "style": "form"
241
+ },
242
+ {
243
+ "name": "role_names",
244
+ "in": "query",
245
+ "description": "List of role name to filter for groups. It is exact match but case-insensitive",
246
+ "required": false,
247
+ "schema": {
248
+ "type": "array",
249
+ "items": {
250
+ "type": "string"
251
+ }
252
+ },
253
+ "explode": false,
254
+ "style": "form"
255
+ },
256
+ {
257
+ "name": "role_discriminator",
258
+ "in": "query",
259
+ "description": "Discriminator that works with role_names to indicate matching all/any of the role names",
260
+ "required": false,
261
+ "schema": {
262
+ "type": "string",
263
+ "enum": ["all", "any"]
264
+ }
265
+ },
266
+ {
267
+ "$ref": "#/components/parameters/OrderByFilter"
268
+ }
269
+ ],
270
+ "responses": {
271
+ "200": {
272
+ "description": "A paginated list of group objects",
273
+ "content": {
274
+ "application/json": {
275
+ "schema": {
276
+ "$ref": "#/components/schemas/GroupPagination"
277
+ }
278
+ }
279
+ }
280
+ },
281
+ "401": {
282
+ "description": "Unauthorized"
283
+ },
284
+ "403": {
285
+ "description": "Insufficient permissions to list groups",
286
+ "content": {
287
+ "application/json": {
288
+ "schema": {
289
+ "$ref": "#/components/schemas/Error403"
290
+ }
291
+ }
292
+ }
293
+ },
294
+ "500": {
295
+ "description": "Unexpected Error",
296
+ "content": {
297
+ "application/json": {
298
+ "schema": {
299
+ "$ref": "#/components/schemas/Error"
300
+ }
301
+ }
302
+ }
303
+ }
304
+ }
305
+ }
306
+ },
307
+ "/groups/{uuid}/": {
308
+ "get": {
309
+ "tags": [
310
+ "Group"
311
+ ],
312
+ "summary": "Get a group in the tenant",
313
+ "operationId": "getGroup",
314
+ "parameters": [
315
+ {
316
+ "name": "uuid",
317
+ "in": "path",
318
+ "description": "ID of group to get",
319
+ "required": true,
320
+ "schema": {
321
+ "type": "string",
322
+ "format": "uuid"
323
+ }
324
+ }
325
+ ],
326
+ "responses": {
327
+ "200": {
328
+ "description": "A Group object",
329
+ "content": {
330
+ "application/json": {
331
+ "schema": {
332
+ "$ref": "#/components/schemas/GroupWithPrincipalsAndRoles"
333
+ }
334
+ }
335
+ }
336
+ },
337
+ "401": {
338
+ "description": "Unauthorized"
339
+ },
340
+ "403": {
341
+ "description": "Insufficient permissions to get group",
342
+ "content": {
343
+ "application/json": {
344
+ "schema": {
345
+ "$ref": "#/components/schemas/Error403"
346
+ }
347
+ }
348
+ }
349
+ },
350
+ "404": {
351
+ "description": "Not Found",
352
+ "content": {
353
+ "application/json": {
354
+ "schema": {
355
+ "$ref": "#/components/schemas/Error"
356
+ }
357
+ }
358
+ }
359
+ },
360
+ "500": {
361
+ "description": "Unexpected Error",
362
+ "content": {
363
+ "application/json": {
364
+ "schema": {
365
+ "$ref": "#/components/schemas/Error"
366
+ }
367
+ }
368
+ }
369
+ }
370
+ }
371
+ },
372
+ "put": {
373
+ "tags": [
374
+ "Group"
375
+ ],
376
+ "summary": "Udate a group in the tenant",
377
+ "operationId": "updateGroup",
378
+ "parameters": [
379
+ {
380
+ "name": "uuid",
381
+ "in": "path",
382
+ "description": "ID of group to update",
383
+ "required": true,
384
+ "schema": {
385
+ "type": "string",
386
+ "format": "uuid"
387
+ }
388
+ }
389
+ ],
390
+ "requestBody": {
391
+ "content": {
392
+ "application/json": {
393
+ "schema": {
394
+ "$ref": "#/components/schemas/Group"
395
+ }
396
+ }
397
+ },
398
+ "description": "Group to update in tenant",
399
+ "required": true
400
+ },
401
+ "responses": {
402
+ "200": {
403
+ "description": "Group updated",
404
+ "content": {
405
+ "application/json": {
406
+ "schema": {
407
+ "$ref": "#/components/schemas/GroupOut"
408
+ }
409
+ }
410
+ }
411
+ },
412
+ "401": {
413
+ "description": "Unauthorized"
414
+ },
415
+ "403": {
416
+ "description": "Insufficient permissions to update group",
417
+ "content": {
418
+ "application/json": {
419
+ "schema": {
420
+ "$ref": "#/components/schemas/Error403"
421
+ }
422
+ }
423
+ }
424
+ },
425
+ "404": {
426
+ "description": "Not Found",
427
+ "content": {
428
+ "*/*": {
429
+ "schema": {
430
+ "$ref": "#/components/schemas/Error"
431
+ }
432
+ }
433
+ }
434
+ },
435
+ "500": {
436
+ "description": "Unexpected Error",
437
+ "content": {
438
+ "*/*": {
439
+ "schema": {
440
+ "$ref": "#/components/schemas/Error"
441
+ }
442
+ }
443
+ }
444
+ }
445
+ }
446
+ },
447
+ "delete": {
448
+ "tags": [
449
+ "Group"
450
+ ],
451
+ "summary": "Delete a group in the tenant",
452
+ "operationId": "deleteGroup",
453
+ "parameters": [
454
+ {
455
+ "name": "uuid",
456
+ "in": "path",
457
+ "description": "ID of group to delete",
458
+ "required": true,
459
+ "schema": {
460
+ "type": "string",
461
+ "format": "uuid"
462
+ }
463
+ }
464
+ ],
465
+ "responses": {
466
+ "204": {
467
+ "description": "Group deleted"
468
+ },
469
+ "401": {
470
+ "description": "Unauthorized"
471
+ },
472
+ "403": {
473
+ "description": "Insufficient permissions to delete group",
474
+ "content": {
475
+ "application/json": {
476
+ "schema": {
477
+ "$ref": "#/components/schemas/Error403"
478
+ }
479
+ }
480
+ }
481
+ },
482
+ "404": {
483
+ "description": "Not Found",
484
+ "content": {
485
+ "*/*": {
486
+ "schema": {
487
+ "$ref": "#/components/schemas/Error"
488
+ }
489
+ }
490
+ }
491
+ },
492
+ "500": {
493
+ "description": "Unexpected Error",
494
+ "content": {
495
+ "*/*": {
496
+ "schema": {
497
+ "$ref": "#/components/schemas/Error"
498
+ }
499
+ }
500
+ }
501
+ }
502
+ }
503
+ }
504
+ },
505
+ "/groups/{uuid}/principals/": {
506
+ "post": {
507
+ "tags": [
508
+ "Group"
509
+ ],
510
+ "summary": "Add a principal to a group in the tenant",
511
+ "operationId": "addPrincipalToGroup",
512
+ "parameters": [
513
+ {
514
+ "name": "uuid",
515
+ "in": "path",
516
+ "description": "ID of group to update",
517
+ "required": true,
518
+ "schema": {
519
+ "type": "string",
520
+ "format": "uuid"
521
+ }
522
+ }
523
+ ],
524
+ "requestBody": {
525
+ "$ref": "#/components/requestBodies/GroupPrincipalIn"
526
+ },
527
+ "responses": {
528
+ "200": {
529
+ "description": "Group updated",
530
+ "content": {
531
+ "application/json": {
532
+ "schema": {
533
+ "$ref": "#/components/schemas/GroupWithPrincipalsAndRoles"
534
+ }
535
+ }
536
+ }
537
+ },
538
+ "400": {
539
+ "description": "Bad Input"
540
+ },
541
+ "401": {
542
+ "description": "Unauthorized"
543
+ },
544
+ "403": {
545
+ "description": "Insufficient permissions to update principals in group",
546
+ "content": {
547
+ "application/json": {
548
+ "schema": {
549
+ "$ref": "#/components/schemas/Error403"
550
+ }
551
+ }
552
+ }
553
+ },
554
+ "404": {
555
+ "description": "Not Found",
556
+ "content": {
557
+ "application/json": {
558
+ "schema": {
559
+ "$ref": "#/components/schemas/Error"
560
+ }
561
+ }
562
+ }
563
+ },
564
+ "500": {
565
+ "description": "Unexpected Error",
566
+ "content": {
567
+ "application/json": {
568
+ "schema": {
569
+ "$ref": "#/components/schemas/Error"
570
+ }
571
+ }
572
+ }
573
+ }
574
+ }
575
+ },
576
+ "get": {
577
+ "tags": [
578
+ "Group"
579
+ ],
580
+ "summary": "Get a list of principals from a group in the tenant",
581
+ "operationId": "getPrincipalsFromGroup",
582
+ "parameters": [
583
+ {
584
+ "name": "uuid",
585
+ "in": "path",
586
+ "description": "ID of group from which to get principals",
587
+ "required": true,
588
+ "schema": {
589
+ "type": "string",
590
+ "format": "uuid"
591
+ }
592
+ },
593
+ {
594
+ "name": "principal_username",
595
+ "in": "query",
596
+ "required": false,
597
+ "description": "Parameter for filtering group principals by principal `username` using string contains search.",
598
+ "schema": {
599
+ "type": "string"
600
+ }
601
+ }
602
+ ],
603
+ "responses": {
604
+ "200": {
605
+ "description": "List of principals attached to group",
606
+ "content": {
607
+ "application/json": {
608
+ "schema": {
609
+ "$ref": "#/components/schemas/PrincipalPagination"
610
+ }
611
+ }
612
+ }
613
+ },
614
+ "400": {
615
+ "description": "Bad Input"
616
+ },
617
+ "401": {
618
+ "description": "Unauthorized"
619
+ },
620
+ "404": {
621
+ "description": "Not Found",
622
+ "content": {
623
+ "application/json": {
624
+ "schema": {
625
+ "$ref": "#/components/schemas/Error"
626
+ }
627
+ }
628
+ }
629
+ },
630
+ "500": {
631
+ "description": "Unexpected Error",
632
+ "content": {
633
+ "application/json": {
634
+ "schema": {
635
+ "$ref": "#/components/schemas/Error"
636
+ }
637
+ }
638
+ }
639
+ }
640
+ }
641
+ },
642
+ "delete": {
643
+ "tags": [
644
+ "Group"
645
+ ],
646
+ "summary": "Remove a principal from a group in the tenant",
647
+ "operationId": "deletePrincipalFromGroup",
648
+ "parameters": [
649
+ {
650
+ "name": "uuid",
651
+ "in": "path",
652
+ "description": "ID of group to update",
653
+ "required": true,
654
+ "schema": {
655
+ "type": "string",
656
+ "format": "uuid"
657
+ }
658
+ },
659
+ {
660
+ "name": "usernames",
661
+ "in": "query",
662
+ "description": "A comma separated list of usernames for principals to remove from the group",
663
+ "required": true,
664
+ "schema": {
665
+ "type": "string"
666
+ }
667
+ }
668
+ ],
669
+ "responses": {
670
+ "204": {
671
+ "description": "Principals removed from group"
672
+ },
673
+ "400": {
674
+ "description": "Bad Input"
675
+ },
676
+ "401": {
677
+ "description": "Unauthorized"
678
+ },
679
+ "403": {
680
+ "description": "Insufficient permissions to remove principals from group",
681
+ "content": {
682
+ "application/json": {
683
+ "schema": {
684
+ "$ref": "#/components/schemas/Error403"
685
+ }
686
+ }
687
+ }
688
+ },
689
+ "404": {
690
+ "description": "Not Found",
691
+ "content": {
692
+ "application/json": {
693
+ "schema": {
694
+ "$ref": "#/components/schemas/Error"
695
+ }
696
+ }
697
+ }
698
+ },
699
+ "500": {
700
+ "description": "Unexpected Error",
701
+ "content": {
702
+ "application/json": {
703
+ "schema": {
704
+ "$ref": "#/components/schemas/Error"
705
+ }
706
+ }
707
+ }
708
+ }
709
+ }
710
+ }
711
+ },
712
+ "/groups/{uuid}/roles/": {
713
+ "get": {
714
+ "tags": [
715
+ "Group"
716
+ ],
717
+ "summary": "List the roles for a group in the tenant",
718
+ "operationId": "listRolesForGroup",
719
+ "parameters": [
720
+ {
721
+ "name": "uuid",
722
+ "in": "path",
723
+ "description": "ID of group",
724
+ "required": true,
725
+ "schema": {
726
+ "type": "string",
727
+ "format": "uuid"
728
+ }
729
+ },
730
+ {
731
+ "name": "exclude",
732
+ "in": "query",
733
+ "description": "If this is set to true, the result would be roles excluding the ones in the group",
734
+ "required": false,
735
+ "schema": {
736
+ "type": "boolean",
737
+ "default": false
738
+ }
739
+ },
740
+ {
741
+ "name": "role_name",
742
+ "in": "query",
743
+ "required": false,
744
+ "description": "Parameter for filtering group roles by role `name` using string contains search.",
745
+ "schema": {
746
+ "type": "string"
747
+ }
748
+ },
749
+ {
750
+ "name": "role_description",
751
+ "in": "query",
752
+ "required": false,
753
+ "description": "Parameter for filtering group roles by role `description` using string contains search.",
754
+ "schema": {
755
+ "type": "string"
756
+ }
757
+ },
758
+ {
759
+ "$ref": "#/components/parameters/QueryLimit"
760
+ },
761
+ {
762
+ "$ref": "#/components/parameters/QueryOffset"
763
+ },
764
+ {
765
+ "in": "query",
766
+ "name": "order_by",
767
+ "required": false,
768
+ "description": "Parameter for ordering resource by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name",
769
+ "schema": {
770
+ "type": "string",
771
+ "enum": [
772
+ "name",
773
+ "modified",
774
+ "policyCount"
775
+ ]
776
+ }
777
+ }
778
+ ],
779
+ "responses": {
780
+ "200": {
781
+ "description": "A list of roles for a group",
782
+ "content": {
783
+ "application/json": {
784
+ "schema": {
785
+ "$ref": "#/components/schemas/GroupRolesPagination"
786
+ }
787
+ }
788
+ }
789
+ },
790
+ "401": {
791
+ "description": "Unauthorized"
792
+ },
793
+ "403": {
794
+ "description": "Insufficient permissions to list roles for group",
795
+ "content": {
796
+ "application/json": {
797
+ "schema": {
798
+ "$ref": "#/components/schemas/Error403"
799
+ }
800
+ }
801
+ }
802
+ },
803
+ "500": {
804
+ "description": "Unexpected Error",
805
+ "content": {
806
+ "application/json": {
807
+ "schema": {
808
+ "$ref": "#/components/schemas/Error"
809
+ }
810
+ }
811
+ }
812
+ }
813
+ }
814
+ },
815
+ "post": {
816
+ "tags": [
817
+ "Group"
818
+ ],
819
+ "summary": "Add a role to a group in the tenant",
820
+ "operationId": "addRoleToGroup",
821
+ "parameters": [
822
+ {
823
+ "name": "uuid",
824
+ "in": "path",
825
+ "description": "ID of group to update",
826
+ "required": true,
827
+ "schema": {
828
+ "type": "string",
829
+ "format": "uuid"
830
+ }
831
+ }
832
+ ],
833
+ "requestBody": {
834
+ "$ref": "#/components/requestBodies/GroupRoleIn"
835
+ },
836
+ "responses": {
837
+ "200": {
838
+ "description": "Group updated",
839
+ "content": {
840
+ "application/json": {
841
+ "schema": {
842
+ "type": "object",
843
+ "required": [
844
+ "data"
845
+ ],
846
+ "properties": {
847
+ "data": {
848
+ "type": "array",
849
+ "items": {
850
+ "$ref": "#/components/schemas/RoleOut"
851
+ }
852
+ }
853
+ }
854
+ }
855
+ }
856
+ }
857
+ },
858
+ "400": {
859
+ "description": "Bad Input"
860
+ },
861
+ "401": {
862
+ "description": "Unauthorized"
863
+ },
864
+ "403": {
865
+ "description": "Insufficient permissions to update roles for group",
866
+ "content": {
867
+ "application/json": {
868
+ "schema": {
869
+ "$ref": "#/components/schemas/Error403"
870
+ }
871
+ }
872
+ }
873
+ },
874
+ "404": {
875
+ "description": "Not Found",
876
+ "content": {
877
+ "application/json": {
878
+ "schema": {
879
+ "$ref": "#/components/schemas/Error"
880
+ }
881
+ }
882
+ }
883
+ },
884
+ "500": {
885
+ "description": "Unexpected Error",
886
+ "content": {
887
+ "application/json": {
888
+ "schema": {
889
+ "$ref": "#/components/schemas/Error"
890
+ }
891
+ }
892
+ }
893
+ }
894
+ }
895
+ },
896
+ "delete": {
897
+ "tags": [
898
+ "Group"
899
+ ],
900
+ "summary": "Remove a role from a group in the tenant",
901
+ "operationId": "deleteRoleFromGroup",
902
+ "parameters": [
903
+ {
904
+ "name": "uuid",
905
+ "in": "path",
906
+ "description": "ID of group to update",
907
+ "required": true,
908
+ "schema": {
909
+ "type": "string",
910
+ "format": "uuid"
911
+ }
912
+ },
913
+ {
914
+ "name": "roles",
915
+ "in": "query",
916
+ "description": "A comma separated list of role UUIDs for roles to remove from the group",
917
+ "required": true,
918
+ "schema": {
919
+ "type": "string"
920
+ }
921
+ }
922
+ ],
923
+ "responses": {
924
+ "204": {
925
+ "description": "Roles removed from group"
926
+ },
927
+ "400": {
928
+ "description": "Bad Input"
929
+ },
930
+ "401": {
931
+ "description": "Unauthorized"
932
+ },
933
+ "403": {
934
+ "description": "Insufficient permissions to remove roles from group",
935
+ "content": {
936
+ "application/json": {
937
+ "schema": {
938
+ "$ref": "#/components/schemas/Error403"
939
+ }
940
+ }
941
+ }
942
+ },
943
+ "404": {
944
+ "description": "Not Found",
945
+ "content": {
946
+ "application/json": {
947
+ "schema": {
948
+ "$ref": "#/components/schemas/Error"
949
+ }
950
+ }
951
+ }
952
+ },
953
+ "500": {
954
+ "description": "Unexpected Error",
955
+ "content": {
956
+ "application/json": {
957
+ "schema": {
958
+ "$ref": "#/components/schemas/Error"
959
+ }
960
+ }
961
+ }
962
+ }
963
+ }
964
+ }
965
+ },
966
+ "/roles/": {
967
+ "post": {
968
+ "tags": [
969
+ "Role"
970
+ ],
971
+ "summary": "Create a roles for a tenant",
972
+ "operationId": "createRoles",
973
+ "requestBody": {
974
+ "content": {
975
+ "application/json": {
976
+ "schema": {
977
+ "$ref": "#/components/schemas/RoleIn"
978
+ }
979
+ }
980
+ },
981
+ "description": "Role to create",
982
+ "required": true
983
+ },
984
+ "responses": {
985
+ "201": {
986
+ "description": "An object describing the role",
987
+ "content": {
988
+ "application/json": {
989
+ "schema": {
990
+ "$ref": "#/components/schemas/RoleWithAccess"
991
+ }
992
+ }
993
+ }
994
+ },
995
+ "401": {
996
+ "description": "Unauthorized"
997
+ },
998
+ "403": {
999
+ "description": "Insufficient permissions to create role",
1000
+ "content": {
1001
+ "application/json": {
1002
+ "schema": {
1003
+ "$ref": "#/components/schemas/Error403"
1004
+ }
1005
+ }
1006
+ }
1007
+ },
1008
+ "500": {
1009
+ "description": "Unexpected Error",
1010
+ "content": {
1011
+ "application/json": {
1012
+ "schema": {
1013
+ "$ref": "#/components/schemas/Error"
1014
+ }
1015
+ }
1016
+ }
1017
+ }
1018
+ }
1019
+ },
1020
+ "get": {
1021
+ "tags": [
1022
+ "Role"
1023
+ ],
1024
+ "summary": "List the roles for a tenant",
1025
+ "operationId": "listRoles",
1026
+ "parameters": [
1027
+ {
1028
+ "$ref": "#/components/parameters/QueryLimit"
1029
+ },
1030
+ {
1031
+ "$ref": "#/components/parameters/QueryOffset"
1032
+ },
1033
+ {
1034
+ "$ref": "#/components/parameters/NameFilter"
1035
+ },
1036
+ {
1037
+ "$ref": "#/components/parameters/ScopeFilter"
1038
+ },
1039
+ {
1040
+ "$ref": "#/components/parameters/OrderByFilter"
1041
+ },
1042
+ {
1043
+ "name": "add_fields",
1044
+ "in": "query",
1045
+ "required": false,
1046
+ "description": "Parameter for add list of fields to display for roles.",
1047
+ "schema": {
1048
+ "type": "array",
1049
+ "items": {
1050
+ "type": "string",
1051
+ "enum": [
1052
+ "groups_in",
1053
+ "groups_in_count"
1054
+ ]
1055
+ }
1056
+ },
1057
+ "explode": false,
1058
+ "style": "form"
1059
+ },
1060
+ {
1061
+ "name": "username",
1062
+ "in": "query",
1063
+ "description": "Unique username of the principal to obtain roles for (only available for admins, and if supplied, takes precedence over the identity header).",
1064
+ "required": false,
1065
+ "schema": {
1066
+ "type": "string"
1067
+ }
1068
+ }
1069
+ ],
1070
+ "responses": {
1071
+ "200": {
1072
+ "description": "A paginated list of role objects",
1073
+ "content": {
1074
+ "application/json": {
1075
+ "schema": {
1076
+ "$ref": "#/components/schemas/RolePaginationDynamic"
1077
+ }
1078
+ }
1079
+ }
1080
+ },
1081
+ "401": {
1082
+ "description": "Unauthorized"
1083
+ },
1084
+ "403": {
1085
+ "description": "Insufficient permissions to list roles",
1086
+ "content": {
1087
+ "application/json": {
1088
+ "schema": {
1089
+ "$ref": "#/components/schemas/Error403"
1090
+ }
1091
+ }
1092
+ }
1093
+ },
1094
+ "500": {
1095
+ "description": "Unexpected Error",
1096
+ "content": {
1097
+ "application/json": {
1098
+ "schema": {
1099
+ "$ref": "#/components/schemas/Error"
1100
+ }
1101
+ }
1102
+ }
1103
+ }
1104
+ }
1105
+ }
1106
+ },
1107
+ "/roles/{uuid}/": {
1108
+ "get": {
1109
+ "tags": [
1110
+ "Role"
1111
+ ],
1112
+ "summary": "Get a role in the tenant",
1113
+ "operationId": "getRole",
1114
+ "parameters": [
1115
+ {
1116
+ "name": "uuid",
1117
+ "in": "path",
1118
+ "description": "ID of role to get",
1119
+ "required": true,
1120
+ "schema": {
1121
+ "type": "string",
1122
+ "format": "uuid"
1123
+ }
1124
+ }
1125
+ ],
1126
+ "responses": {
1127
+ "200": {
1128
+ "description": "A Role object",
1129
+ "content": {
1130
+ "application/json": {
1131
+ "schema": {
1132
+ "$ref": "#/components/schemas/RoleWithAccess"
1133
+ }
1134
+ }
1135
+ }
1136
+ },
1137
+ "401": {
1138
+ "description": "Unauthorized"
1139
+ },
1140
+ "403": {
1141
+ "description": "Insufficient permissions to get role",
1142
+ "content": {
1143
+ "application/json": {
1144
+ "schema": {
1145
+ "$ref": "#/components/schemas/Error403"
1146
+ }
1147
+ }
1148
+ }
1149
+ },
1150
+ "404": {
1151
+ "description": "Not Found",
1152
+ "content": {
1153
+ "application/json": {
1154
+ "schema": {
1155
+ "$ref": "#/components/schemas/Error"
1156
+ }
1157
+ }
1158
+ }
1159
+ },
1160
+ "500": {
1161
+ "description": "Unexpected Error",
1162
+ "content": {
1163
+ "application/json": {
1164
+ "schema": {
1165
+ "$ref": "#/components/schemas/Error"
1166
+ }
1167
+ }
1168
+ }
1169
+ }
1170
+ }
1171
+ },
1172
+ "delete": {
1173
+ "tags": [
1174
+ "Role"
1175
+ ],
1176
+ "summary": "Delete a role in the tenant",
1177
+ "operationId": "deleteRole",
1178
+ "parameters": [
1179
+ {
1180
+ "name": "uuid",
1181
+ "in": "path",
1182
+ "description": "ID of role to delete",
1183
+ "required": true,
1184
+ "schema": {
1185
+ "type": "string",
1186
+ "format": "uuid"
1187
+ }
1188
+ }
1189
+ ],
1190
+ "responses": {
1191
+ "204": {
1192
+ "description": "Role deleted"
1193
+ },
1194
+ "401": {
1195
+ "description": "Unauthorized"
1196
+ },
1197
+ "403": {
1198
+ "description": "Insufficient permissions to delete role",
1199
+ "content": {
1200
+ "application/json": {
1201
+ "schema": {
1202
+ "$ref": "#/components/schemas/Error403"
1203
+ }
1204
+ }
1205
+ }
1206
+ },
1207
+ "404": {
1208
+ "description": "Not Found",
1209
+ "content": {
1210
+ "application/json": {
1211
+ "schema": {
1212
+ "$ref": "#/components/schemas/Error"
1213
+ }
1214
+ }
1215
+ }
1216
+ },
1217
+ "500": {
1218
+ "description": "Unexpected Error",
1219
+ "content": {
1220
+ "application/json": {
1221
+ "schema": {
1222
+ "$ref": "#/components/schemas/Error"
1223
+ }
1224
+ }
1225
+ }
1226
+ }
1227
+ }
1228
+ },
1229
+ "put": {
1230
+ "tags": [
1231
+ "Role"
1232
+ ],
1233
+ "summary": "Update a Role in the tenant",
1234
+ "operationId": "updateRole",
1235
+ "parameters": [
1236
+ {
1237
+ "name": "uuid",
1238
+ "in": "path",
1239
+ "description": "ID of role to update",
1240
+ "required": true,
1241
+ "schema": {
1242
+ "type": "string",
1243
+ "format": "uuid"
1244
+ }
1245
+ }
1246
+ ],
1247
+ "requestBody": {
1248
+ "content": {
1249
+ "application/json": {
1250
+ "schema": {
1251
+ "$ref": "#/components/schemas/RoleWithAccess"
1252
+ }
1253
+ }
1254
+ },
1255
+ "description": "Update to a Role",
1256
+ "required": true
1257
+ },
1258
+ "responses": {
1259
+ "200": {
1260
+ "description": "Role updated"
1261
+ },
1262
+ "401": {
1263
+ "description": "Unauthorized"
1264
+ },
1265
+ "403": {
1266
+ "description": "Insufficient permissions to update role",
1267
+ "content": {
1268
+ "application/json": {
1269
+ "schema": {
1270
+ "$ref": "#/components/schemas/Error403"
1271
+ }
1272
+ }
1273
+ }
1274
+ },
1275
+ "404": {
1276
+ "description": "Not Found",
1277
+ "content": {
1278
+ "application/json": {
1279
+ "schema": {
1280
+ "$ref": "#/components/schemas/Error"
1281
+ }
1282
+ }
1283
+ }
1284
+ },
1285
+ "500": {
1286
+ "description": "Unexpected Error",
1287
+ "content": {
1288
+ "application/json": {
1289
+ "schema": {
1290
+ "$ref": "#/components/schemas/Error"
1291
+ }
1292
+ }
1293
+ }
1294
+ }
1295
+ }
1296
+ }
1297
+ },
1298
+ "/roles/{uuid}/access/": {
1299
+ "get": {
1300
+ "tags": [
1301
+ "Role"
1302
+ ],
1303
+ "summary": "Get access for a role in the tenant",
1304
+ "operationId": "getRoleAccess",
1305
+ "parameters": [
1306
+ {
1307
+ "name": "uuid",
1308
+ "in": "path",
1309
+ "description": "ID of the role",
1310
+ "required": true,
1311
+ "schema": {
1312
+ "type": "string",
1313
+ "format": "uuid"
1314
+ }
1315
+ },
1316
+ {
1317
+ "$ref": "#/components/parameters/QueryLimit"
1318
+ },
1319
+ {
1320
+ "$ref": "#/components/parameters/QueryOffset"
1321
+ }
1322
+ ],
1323
+ "responses": {
1324
+ "200": {
1325
+ "description": "A paginated list of the access objects for a role",
1326
+ "content": {
1327
+ "application/json": {
1328
+ "schema": {
1329
+ "$ref": "#/components/schemas/AccessPagination"
1330
+ }
1331
+ }
1332
+ }
1333
+ },
1334
+ "401": {
1335
+ "description": "Unauthorized"
1336
+ },
1337
+ "403": {
1338
+ "description": "Insufficient permissions to get access for role",
1339
+ "content": {
1340
+ "application/json": {
1341
+ "schema": {
1342
+ "$ref": "#/components/schemas/Error403"
1343
+ }
1344
+ }
1345
+ }
1346
+ },
1347
+ "404": {
1348
+ "description": "Not Found",
1349
+ "content": {
1350
+ "application/json": {
1351
+ "schema": {
1352
+ "$ref": "#/components/schemas/Error"
1353
+ }
1354
+ }
1355
+ }
1356
+ },
1357
+ "500": {
1358
+ "description": "Unexpected Error",
1359
+ "content": {
1360
+ "application/json": {
1361
+ "schema": {
1362
+ "$ref": "#/components/schemas/Error"
1363
+ }
1364
+ }
1365
+ }
1366
+ }
1367
+ }
1368
+ }
1369
+ },
1370
+ "/policies/": {
1371
+ "post": {
1372
+ "tags": [
1373
+ "Policy"
1374
+ ],
1375
+ "summary": "Create a policy in a tenant",
1376
+ "operationId": "createPolicies",
1377
+ "requestBody": {
1378
+ "content": {
1379
+ "application/json": {
1380
+ "schema": {
1381
+ "$ref": "#/components/schemas/PolicyIn"
1382
+ }
1383
+ }
1384
+ },
1385
+ "description": "Policy to create",
1386
+ "required": true
1387
+ },
1388
+ "responses": {
1389
+ "201": {
1390
+ "description": "An object describing the policy",
1391
+ "content": {
1392
+ "application/json": {
1393
+ "schema": {
1394
+ "$ref": "#/components/schemas/PolicyExtended"
1395
+ }
1396
+ }
1397
+ }
1398
+ },
1399
+ "401": {
1400
+ "description": "Unauthorized"
1401
+ },
1402
+ "500": {
1403
+ "description": "Unexpected Error",
1404
+ "content": {
1405
+ "application/json": {
1406
+ "schema": {
1407
+ "$ref": "#/components/schemas/Error"
1408
+ }
1409
+ }
1410
+ }
1411
+ }
1412
+ }
1413
+ },
1414
+ "get": {
1415
+ "tags": [
1416
+ "Policy"
1417
+ ],
1418
+ "summary": "List the policies in the tenant",
1419
+ "operationId": "listPolicies",
1420
+ "parameters": [
1421
+ {
1422
+ "$ref": "#/components/parameters/QueryLimit"
1423
+ },
1424
+ {
1425
+ "$ref": "#/components/parameters/QueryOffset"
1426
+ },
1427
+ {
1428
+ "$ref": "#/components/parameters/NameFilter"
1429
+ },
1430
+ {
1431
+ "$ref": "#/components/parameters/ScopeFilter"
1432
+ },
1433
+ {
1434
+ "$ref": "#/components/parameters/GroupNameFilter"
1435
+ },
1436
+ {
1437
+ "$ref": "#/components/parameters/GroupUUIDFilter"
1438
+ },
1439
+ {
1440
+ "$ref": "#/components/parameters/OrderByFilter"
1441
+ }
1442
+ ],
1443
+ "responses": {
1444
+ "200": {
1445
+ "description": "A paginated list of policy objects",
1446
+ "content": {
1447
+ "application/json": {
1448
+ "schema": {
1449
+ "$ref": "#/components/schemas/PolicyPagination"
1450
+ }
1451
+ }
1452
+ }
1453
+ },
1454
+ "401": {
1455
+ "description": "Unauthorized"
1456
+ },
1457
+ "500": {
1458
+ "description": "Unexpected Error",
1459
+ "content": {
1460
+ "application/json": {
1461
+ "schema": {
1462
+ "$ref": "#/components/schemas/Error"
1463
+ }
1464
+ }
1465
+ }
1466
+ }
1467
+ }
1468
+ }
1469
+ },
1470
+ "/policies/{uuid}/": {
1471
+ "get": {
1472
+ "tags": [
1473
+ "Policy"
1474
+ ],
1475
+ "summary": "Get a policy in the tenant",
1476
+ "operationId": "getPolicy",
1477
+ "parameters": [
1478
+ {
1479
+ "name": "uuid",
1480
+ "in": "path",
1481
+ "description": "ID of policy to get",
1482
+ "required": true,
1483
+ "schema": {
1484
+ "type": "string",
1485
+ "format": "uuid"
1486
+ }
1487
+ }
1488
+ ],
1489
+ "responses": {
1490
+ "200": {
1491
+ "description": "A Policy object",
1492
+ "content": {
1493
+ "application/json": {
1494
+ "schema": {
1495
+ "$ref": "#/components/schemas/PolicyExtended"
1496
+ }
1497
+ }
1498
+ }
1499
+ },
1500
+ "401": {
1501
+ "description": "Unauthorized"
1502
+ },
1503
+ "404": {
1504
+ "description": "Not Found",
1505
+ "content": {
1506
+ "application/json": {
1507
+ "schema": {
1508
+ "$ref": "#/components/schemas/Error"
1509
+ }
1510
+ }
1511
+ }
1512
+ },
1513
+ "500": {
1514
+ "description": "Unexpected Error",
1515
+ "content": {
1516
+ "application/json": {
1517
+ "schema": {
1518
+ "$ref": "#/components/schemas/Error"
1519
+ }
1520
+ }
1521
+ }
1522
+ }
1523
+ }
1524
+ },
1525
+ "put": {
1526
+ "tags": [
1527
+ "Policy"
1528
+ ],
1529
+ "summary": "Update a policy in the tenant",
1530
+ "operationId": "updatePolicy",
1531
+ "parameters": [
1532
+ {
1533
+ "name": "uuid",
1534
+ "in": "path",
1535
+ "description": "ID of policy to update",
1536
+ "required": true,
1537
+ "schema": {
1538
+ "type": "string",
1539
+ "format": "uuid"
1540
+ }
1541
+ }
1542
+ ],
1543
+ "requestBody": {
1544
+ "content": {
1545
+ "application/json": {
1546
+ "schema": {
1547
+ "$ref": "#/components/schemas/PolicyIn"
1548
+ }
1549
+ }
1550
+ },
1551
+ "description": "Policy to update",
1552
+ "required": true
1553
+ },
1554
+ "responses": {
1555
+ "200": {
1556
+ "description": "A Policy object",
1557
+ "content": {
1558
+ "application/json": {
1559
+ "schema": {
1560
+ "$ref": "#/components/schemas/PolicyExtended"
1561
+ }
1562
+ }
1563
+ }
1564
+ },
1565
+ "401": {
1566
+ "description": "Unauthorized"
1567
+ },
1568
+ "404": {
1569
+ "description": "Not Found",
1570
+ "content": {
1571
+ "application/json": {
1572
+ "schema": {
1573
+ "$ref": "#/components/schemas/Error"
1574
+ }
1575
+ }
1576
+ }
1577
+ },
1578
+ "500": {
1579
+ "description": "Unexpected Error",
1580
+ "content": {
1581
+ "application/json": {
1582
+ "schema": {
1583
+ "$ref": "#/components/schemas/Error"
1584
+ }
1585
+ }
1586
+ }
1587
+ }
1588
+ }
1589
+ },
1590
+ "delete": {
1591
+ "tags": [
1592
+ "Policy"
1593
+ ],
1594
+ "summary": "Delete a policy in the tenant",
1595
+ "operationId": "deletePolicy",
1596
+ "parameters": [
1597
+ {
1598
+ "name": "uuid",
1599
+ "in": "path",
1600
+ "description": "ID of policy to delete",
1601
+ "required": true,
1602
+ "schema": {
1603
+ "type": "string",
1604
+ "format": "uuid"
1605
+ }
1606
+ }
1607
+ ],
1608
+ "responses": {
1609
+ "204": {
1610
+ "description": "Policy deleted"
1611
+ },
1612
+ "401": {
1613
+ "description": "Unauthorized"
1614
+ },
1615
+ "404": {
1616
+ "description": "Not Found",
1617
+ "content": {
1618
+ "application/json": {
1619
+ "schema": {
1620
+ "$ref": "#/components/schemas/Error"
1621
+ }
1622
+ }
1623
+ }
1624
+ },
1625
+ "500": {
1626
+ "description": "Unexpected Error",
1627
+ "content": {
1628
+ "application/json": {
1629
+ "schema": {
1630
+ "$ref": "#/components/schemas/Error"
1631
+ }
1632
+ }
1633
+ }
1634
+ }
1635
+ }
1636
+ }
1637
+ },
1638
+ "/access/": {
1639
+ "get": {
1640
+ "tags": [
1641
+ "Access"
1642
+ ],
1643
+ "summary": "Get the permitted access for a principal in the tenant (defaults to principal from the identity header)",
1644
+ "operationId": "getPrincipalAccess",
1645
+ "parameters": [
1646
+ {
1647
+ "name": "application",
1648
+ "in": "query",
1649
+ "description": "The application name to obtain access for the principal",
1650
+ "required": true,
1651
+ "schema": {
1652
+ "type": "string"
1653
+ }
1654
+ },
1655
+ {
1656
+ "name": "username",
1657
+ "in": "query",
1658
+ "description": "Unique username of the principal to obtain access for (only available for admins, and if supplied, takes precedence over the identity header).",
1659
+ "required": false,
1660
+ "schema": {
1661
+ "type": "string"
1662
+ }
1663
+ },
1664
+ {
1665
+ "$ref": "#/components/parameters/QueryLimit"
1666
+ },
1667
+ {
1668
+ "$ref": "#/components/parameters/QueryOffset"
1669
+ }
1670
+ ],
1671
+ "responses": {
1672
+ "200": {
1673
+ "description": "A paginated list of access objects",
1674
+ "content": {
1675
+ "application/json": {
1676
+ "schema": {
1677
+ "$ref": "#/components/schemas/AccessPagination"
1678
+ }
1679
+ }
1680
+ }
1681
+ },
1682
+ "401": {
1683
+ "description": "Unauthorized"
1684
+ },
1685
+ "404": {
1686
+ "description": "Not Found",
1687
+ "content": {
1688
+ "application/json": {
1689
+ "schema": {
1690
+ "$ref": "#/components/schemas/Error"
1691
+ }
1692
+ }
1693
+ }
1694
+ },
1695
+ "500": {
1696
+ "description": "Unexpected Error",
1697
+ "content": {
1698
+ "application/json": {
1699
+ "schema": {
1700
+ "$ref": "#/components/schemas/Error"
1701
+ }
1702
+ }
1703
+ }
1704
+ }
1705
+ }
1706
+ }
1707
+ }
1708
+ },
1709
+ "servers": [
1710
+ {
1711
+ "url": "/api/rbac/v1"
1712
+ }
1713
+ ],
1714
+ "components": {
1715
+ "parameters": {
1716
+ "QueryOffset": {
1717
+ "in": "query",
1718
+ "name": "offset",
1719
+ "required": false,
1720
+ "description": "Parameter for selecting the offset of data.",
1721
+ "schema": {
1722
+ "type": "integer",
1723
+ "default": 0,
1724
+ "minimum": 0
1725
+ }
1726
+ },
1727
+ "QueryLimit": {
1728
+ "in": "query",
1729
+ "name": "limit",
1730
+ "required": false,
1731
+ "description": "Parameter for selecting the amount of data returned.",
1732
+ "schema": {
1733
+ "type": "integer",
1734
+ "default": 10,
1735
+ "minimum": 1,
1736
+ "maximum": 1000
1737
+ }
1738
+ },
1739
+ "NameFilter": {
1740
+ "in": "query",
1741
+ "name": "name",
1742
+ "required": false,
1743
+ "description": "Parameter for filtering resource by name using string contains search.",
1744
+ "schema": {
1745
+ "type": "string"
1746
+ }
1747
+ },
1748
+ "GroupNameFilter": {
1749
+ "in": "query",
1750
+ "name": "group_name",
1751
+ "required": false,
1752
+ "description": "Parameter for filtering resource by group name using string contains search.",
1753
+ "schema": {
1754
+ "type": "string"
1755
+ }
1756
+ },
1757
+ "GroupUUIDFilter": {
1758
+ "in": "query",
1759
+ "name": "group_uuid",
1760
+ "required": false,
1761
+ "description": "Parameter for filtering resource by group uuid using UUID exact match.",
1762
+ "schema": {
1763
+ "type": "string",
1764
+ "format": "uuid"
1765
+ }
1766
+ },
1767
+ "OrderByFilter": {
1768
+ "in": "query",
1769
+ "name": "order_by",
1770
+ "required": false,
1771
+ "description": "Parameter for ordering resource by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name",
1772
+ "schema": {
1773
+ "type": "string"
1774
+ }
1775
+ },
1776
+ "ScopeFilter": {
1777
+ "in": "query",
1778
+ "name": "scope",
1779
+ "required": false,
1780
+ "description": "Parameter for filtering resource by scope.",
1781
+ "schema": {
1782
+ "type": "string",
1783
+ "enum": [
1784
+ "account",
1785
+ "principal"
1786
+ ],
1787
+ "default": "account"
1788
+ }
1789
+ }
1790
+ },
1791
+ "requestBodies": {
1792
+ "GroupPrincipalIn": {
1793
+ "content": {
1794
+ "application/json": {
1795
+ "schema": {
1796
+ "$ref": "#/components/schemas/GroupPrincipalIn"
1797
+ }
1798
+ }
1799
+ },
1800
+ "description": "Principal to add to a group",
1801
+ "required": true
1802
+ },
1803
+ "GroupRoleIn": {
1804
+ "content": {
1805
+ "application/json": {
1806
+ "schema": {
1807
+ "$ref": "#/components/schemas/GroupRoleIn"
1808
+ }
1809
+ }
1810
+ },
1811
+ "description": "Role to add to a group",
1812
+ "required": true
1813
+ }
1814
+ },
1815
+ "securitySchemes": {
1816
+ "basic_auth": {
1817
+ "type": "http",
1818
+ "description": "The userid/password is needed when accessing this API externally",
1819
+ "scheme": "basic"
1820
+ }
1821
+ },
1822
+ "schemas": {
1823
+ "Error": {
1824
+ "required": [
1825
+ "errors"
1826
+ ],
1827
+ "properties": {
1828
+ "errors": {
1829
+ "type": "array",
1830
+ "items": {
1831
+ "type": "object",
1832
+ "example": {
1833
+ "detail": "Not Found.",
1834
+ "status": 404
1835
+ }
1836
+ }
1837
+ }
1838
+ }
1839
+ },
1840
+ "Error403": {
1841
+ "required": [
1842
+ "errors"
1843
+ ],
1844
+ "properties": {
1845
+ "errors": {
1846
+ "type": "array",
1847
+ "items": {
1848
+ "type": "object",
1849
+ "example": {
1850
+ "detail": "You do not have permission to perform this action.",
1851
+ "source": "detail",
1852
+ "status": 403
1853
+ }
1854
+ }
1855
+ }
1856
+ }
1857
+ },
1858
+ "UUID": {
1859
+ "type": "object",
1860
+ "required": [
1861
+ "uuid"
1862
+ ],
1863
+ "properties": {
1864
+ "uuid": {
1865
+ "type": "string",
1866
+ "format": "uuid",
1867
+ "example": "57e60f90-8c0c-4bd1-87a0-2143759aae1c"
1868
+ }
1869
+ }
1870
+ },
1871
+ "Timestamped": {
1872
+ "type": "object",
1873
+ "required": [
1874
+ "created",
1875
+ "modified"
1876
+ ],
1877
+ "properties": {
1878
+ "created": {
1879
+ "type": "string",
1880
+ "format": "date-time",
1881
+ "example": "2019-01-21T17:32:28Z"
1882
+ },
1883
+ "modified": {
1884
+ "type": "string",
1885
+ "format": "date-time",
1886
+ "example": "2019-03-04T07:25:58Z"
1887
+ }
1888
+ }
1889
+ },
1890
+ "PaginationMeta": {
1891
+ "properties": {
1892
+ "count": {
1893
+ "type": "integer",
1894
+ "format": "int64",
1895
+ "example": 30
1896
+ }
1897
+ }
1898
+ },
1899
+ "PaginationLinks": {
1900
+ "properties": {
1901
+ "first": {
1902
+ "type": "string",
1903
+ "format": "uri",
1904
+ "example": "/api/v1/(resources)/?offset=0&limit=10"
1905
+ },
1906
+ "previous": {
1907
+ "type": "string",
1908
+ "format": "uri",
1909
+ "example": "/api/v1/(resources)/?offset=20&limit=10"
1910
+ },
1911
+ "next": {
1912
+ "type": "string",
1913
+ "format": "uri",
1914
+ "example": "/api/v1/(resources)/?offset=40&limit=10"
1915
+ },
1916
+ "last": {
1917
+ "type": "string",
1918
+ "format": "uri",
1919
+ "example": "/api/v1/(resources)/?offset=90&limit=10"
1920
+ }
1921
+ }
1922
+ },
1923
+ "ListPagination": {
1924
+ "properties": {
1925
+ "meta": {
1926
+ "$ref": "#/components/schemas/PaginationMeta"
1927
+ },
1928
+ "links": {
1929
+ "$ref": "#/components/schemas/PaginationLinks"
1930
+ }
1931
+ }
1932
+ },
1933
+ "Principal": {
1934
+ "required": [
1935
+ "username",
1936
+ "email"
1937
+ ],
1938
+ "properties": {
1939
+ "username": {
1940
+ "type": "string",
1941
+ "example": "smithj"
1942
+ },
1943
+ "email": {
1944
+ "type": "string",
1945
+ "format": "email",
1946
+ "example": "smithj@mytechco.com"
1947
+ },
1948
+ "first_name": {
1949
+ "type": "string",
1950
+ "example": "John"
1951
+ },
1952
+ "last_name": {
1953
+ "type": "string",
1954
+ "example": "Smith"
1955
+ },
1956
+ "is_active": {
1957
+ "type": "boolean"
1958
+ }
1959
+ }
1960
+ },
1961
+ "PrincipalIn": {
1962
+ "required": [
1963
+ "username"
1964
+ ],
1965
+ "properties": {
1966
+ "username": {
1967
+ "type": "string",
1968
+ "example": "smithj"
1969
+ }
1970
+ }
1971
+ },
1972
+ "PrincipalOut": {
1973
+ "allOf": [
1974
+ {
1975
+ "$ref": "#/components/schemas/Principal"
1976
+ },
1977
+ {
1978
+ "$ref": "#/components/schemas/UUID"
1979
+ }
1980
+ ]
1981
+ },
1982
+ "PrincipalPagination": {
1983
+ "allOf": [
1984
+ {
1985
+ "$ref": "#/components/schemas/ListPagination"
1986
+ },
1987
+ {
1988
+ "type": "object",
1989
+ "required": [
1990
+ "data"
1991
+ ],
1992
+ "properties": {
1993
+ "data": {
1994
+ "type": "array",
1995
+ "items": {
1996
+ "$ref": "#/components/schemas/Principal"
1997
+ }
1998
+ }
1999
+ }
2000
+ }
2001
+ ]
2002
+ },
2003
+ "Group": {
2004
+ "required": [
2005
+ "name"
2006
+ ],
2007
+ "properties": {
2008
+ "name": {
2009
+ "type": "string",
2010
+ "example": "GroupA"
2011
+ },
2012
+ "description": {
2013
+ "type": "string",
2014
+ "example": "A description of GroupA"
2015
+ }
2016
+ }
2017
+ },
2018
+ "AdditionalGroup": {
2019
+ "properties": {
2020
+ "name": {
2021
+ "type": "string",
2022
+ "example": "GroupA"
2023
+ },
2024
+ "uuid": {
2025
+ "type": "string",
2026
+ "example": "234df936-abb4-4238-a1c9-d91fc540c702"
2027
+ }
2028
+ }
2029
+ },
2030
+ "GroupOut": {
2031
+ "allOf": [
2032
+ {
2033
+ "$ref": "#/components/schemas/Group"
2034
+ },
2035
+ {
2036
+ "$ref": "#/components/schemas/UUID"
2037
+ },
2038
+ {
2039
+ "$ref": "#/components/schemas/Timestamped"
2040
+ },
2041
+ {
2042
+ "properties": {
2043
+ "principalCount": {
2044
+ "type": "integer",
2045
+ "minimum": 0
2046
+ },
2047
+ "roleCount": {
2048
+ "type": "integer",
2049
+ "minimum": 0
2050
+ },
2051
+ "system": {
2052
+ "type": "boolean",
2053
+ "default": false
2054
+ },
2055
+ "platform_default": {
2056
+ "type": "boolean",
2057
+ "default": false
2058
+ }
2059
+ }
2060
+ }
2061
+ ]
2062
+ },
2063
+ "GroupPrincipalIn": {
2064
+ "required": [
2065
+ "principals"
2066
+ ],
2067
+ "properties": {
2068
+ "principals": {
2069
+ "type": "array",
2070
+ "items": {
2071
+ "$ref": "#/components/schemas/PrincipalIn"
2072
+ }
2073
+ }
2074
+ }
2075
+ },
2076
+ "GroupRoleIn": {
2077
+ "required": [
2078
+ "roles"
2079
+ ],
2080
+ "properties": {
2081
+ "roles": {
2082
+ "type": "array",
2083
+ "items": {
2084
+ "type": "string",
2085
+ "format": "uuid",
2086
+ "example": "94846f2f-cced-474f-b7f3-47e2ec51dd11"
2087
+ }
2088
+ }
2089
+ }
2090
+ },
2091
+ "GroupWithPrincipals": {
2092
+ "allOf": [
2093
+ {
2094
+ "$ref": "#/components/schemas/Group"
2095
+ },
2096
+ {
2097
+ "$ref": "#/components/schemas/UUID"
2098
+ },
2099
+ {
2100
+ "$ref": "#/components/schemas/Timestamped"
2101
+ },
2102
+ {
2103
+ "type": "object",
2104
+ "required": [
2105
+ "principals"
2106
+ ],
2107
+ "properties": {
2108
+ "principals": {
2109
+ "type": "array",
2110
+ "items": {
2111
+ "$ref": "#/components/schemas/Principal"
2112
+ }
2113
+ }
2114
+ }
2115
+ }
2116
+ ]
2117
+ },
2118
+ "GroupWithPrincipalsAndRoles": {
2119
+ "allOf": [
2120
+ {
2121
+ "$ref": "#/components/schemas/Group"
2122
+ },
2123
+ {
2124
+ "$ref": "#/components/schemas/UUID"
2125
+ },
2126
+ {
2127
+ "$ref": "#/components/schemas/Timestamped"
2128
+ },
2129
+ {
2130
+ "type": "object",
2131
+ "required": [
2132
+ "principals",
2133
+ "roles"
2134
+ ],
2135
+ "properties": {
2136
+ "principals": {
2137
+ "type": "array",
2138
+ "items": {
2139
+ "$ref": "#/components/schemas/Principal"
2140
+ }
2141
+ },
2142
+ "roles": {
2143
+ "type": "array",
2144
+ "items": {
2145
+ "$ref": "#/components/schemas/RoleOut"
2146
+ }
2147
+ }
2148
+ }
2149
+ }
2150
+ ]
2151
+ },
2152
+ "GroupRolesPagination": {
2153
+ "allOf": [
2154
+ {
2155
+ "$ref": "#/components/schemas/ListPagination"
2156
+ },
2157
+ {
2158
+ "type": "object",
2159
+ "required": [
2160
+ "data"
2161
+ ],
2162
+ "properties": {
2163
+ "data": {
2164
+ "type": "array",
2165
+ "items": {
2166
+ "$ref": "#/components/schemas/RoleOut"
2167
+ }
2168
+ }
2169
+ }
2170
+ }
2171
+ ]
2172
+ },
2173
+ "GroupPagination": {
2174
+ "allOf": [
2175
+ {
2176
+ "$ref": "#/components/schemas/ListPagination"
2177
+ },
2178
+ {
2179
+ "type": "object",
2180
+ "required": [
2181
+ "data"
2182
+ ],
2183
+ "properties": {
2184
+ "data": {
2185
+ "type": "array",
2186
+ "items": {
2187
+ "$ref": "#/components/schemas/GroupOut"
2188
+ }
2189
+ }
2190
+ }
2191
+ }
2192
+ ]
2193
+ },
2194
+ "ResourceDefinitionFilter": {
2195
+ "required": [
2196
+ "key",
2197
+ "operation",
2198
+ "value"
2199
+ ],
2200
+ "properties": {
2201
+ "key": {
2202
+ "type": "string",
2203
+ "example": "cost-management.aws.account"
2204
+ },
2205
+ "operation": {
2206
+ "type": "string",
2207
+ "enum": [
2208
+ "equal",
2209
+ "in"
2210
+ ]
2211
+ },
2212
+ "value": {
2213
+ "type": "string",
2214
+ "example": "123456"
2215
+ }
2216
+ }
2217
+ },
2218
+ "ResourceDefinition": {
2219
+ "required": [
2220
+ "attributeFilter"
2221
+ ],
2222
+ "properties": {
2223
+ "attributeFilter": {
2224
+ "$ref": "#/components/schemas/ResourceDefinitionFilter"
2225
+ }
2226
+ }
2227
+ },
2228
+ "Access": {
2229
+ "required": [
2230
+ "permission",
2231
+ "resourceDefinitions"
2232
+ ],
2233
+ "properties": {
2234
+ "permission": {
2235
+ "type": "string",
2236
+ "example": "cost-management:*:read"
2237
+ },
2238
+ "resourceDefinitions": {
2239
+ "type": "array",
2240
+ "items": {
2241
+ "$ref": "#/components/schemas/ResourceDefinition"
2242
+ }
2243
+ }
2244
+ }
2245
+ },
2246
+ "Role": {
2247
+ "required": [
2248
+ "name"
2249
+ ],
2250
+ "properties": {
2251
+ "name": {
2252
+ "type": "string",
2253
+ "example": "RoleA"
2254
+ },
2255
+ "description": {
2256
+ "type": "string",
2257
+ "example": "A description of RoleA"
2258
+ }
2259
+ }
2260
+ },
2261
+ "RoleIn": {
2262
+ "allOf": [
2263
+ {
2264
+ "$ref": "#/components/schemas/Role"
2265
+ },
2266
+ {
2267
+ "type": "object",
2268
+ "required": [
2269
+ "access"
2270
+ ],
2271
+ "properties": {
2272
+ "access": {
2273
+ "type": "array",
2274
+ "items": {
2275
+ "$ref": "#/components/schemas/Access"
2276
+ }
2277
+ }
2278
+ }
2279
+ }
2280
+ ]
2281
+ },
2282
+ "RolePagination": {
2283
+ "allOf": [
2284
+ {
2285
+ "$ref": "#/components/schemas/ListPagination"
2286
+ },
2287
+ {
2288
+ "type": "object",
2289
+ "required": [
2290
+ "data"
2291
+ ],
2292
+ "properties": {
2293
+ "data": {
2294
+ "type": "array",
2295
+ "items": {
2296
+ "$ref": "#/components/schemas/RoleOut"
2297
+ }
2298
+ }
2299
+ }
2300
+ }
2301
+ ]
2302
+ },
2303
+ "RolePaginationDynamic": {
2304
+ "allOf": [
2305
+ {
2306
+ "$ref": "#/components/schemas/ListPagination"
2307
+ },
2308
+ {
2309
+ "type": "object",
2310
+ "required": [
2311
+ "data"
2312
+ ],
2313
+ "properties": {
2314
+ "data": {
2315
+ "type": "array",
2316
+ "items": {
2317
+ "$ref": "#/components/schemas/RoleOutDynamic"
2318
+ }
2319
+ }
2320
+ }
2321
+ }
2322
+ ]
2323
+ },
2324
+ "RoleOut": {
2325
+ "allOf": [
2326
+ {
2327
+ "$ref": "#/components/schemas/Role"
2328
+ },
2329
+ {
2330
+ "$ref": "#/components/schemas/UUID"
2331
+ },
2332
+ {
2333
+ "$ref": "#/components/schemas/Timestamped"
2334
+ },
2335
+ {
2336
+ "properties": {
2337
+ "policyCount": {
2338
+ "type": "integer",
2339
+ "minimum": 0
2340
+ },
2341
+ "accessCount": {
2342
+ "type": "integer",
2343
+ "minimum": 0
2344
+ },
2345
+ "applications": {
2346
+ "type": "array",
2347
+ "items": {
2348
+ "type": "string",
2349
+ "example": "catalog"
2350
+ }
2351
+ },
2352
+ "system": {
2353
+ "type": "boolean",
2354
+ "default": false
2355
+ },
2356
+ "platform_default": {
2357
+ "type": "boolean",
2358
+ "default": false
2359
+ }
2360
+ }
2361
+ }
2362
+ ]
2363
+ },
2364
+ "RoleOutDynamic": {
2365
+ "allOf": [
2366
+ {
2367
+ "$ref": "#/components/schemas/Role"
2368
+ },
2369
+ {
2370
+ "$ref": "#/components/schemas/UUID"
2371
+ },
2372
+ {
2373
+ "$ref": "#/components/schemas/Timestamped"
2374
+ },
2375
+ {
2376
+ "type": "object",
2377
+ "required": [
2378
+ "policyCount",
2379
+ "accessCount",
2380
+ "applications",
2381
+ "system",
2382
+ "platform_default"
2383
+ ],
2384
+ "properties": {
2385
+ "policyCount": {
2386
+ "type": "integer",
2387
+ "minimum": 0
2388
+ },
2389
+ "accessCount": {
2390
+ "type": "integer",
2391
+ "minimum": 0
2392
+ },
2393
+ "applications": {
2394
+ "type": "array",
2395
+ "items": {
2396
+ "type": "string",
2397
+ "example": "catalog"
2398
+ }
2399
+ },
2400
+ "system": {
2401
+ "type": "boolean",
2402
+ "default": false
2403
+ },
2404
+ "platform_default": {
2405
+ "type": "boolean",
2406
+ "default": false
2407
+ },
2408
+ "groups_in_count": {
2409
+ "type": "integer",
2410
+ "minimum": 0
2411
+ },
2412
+ "groups_in": {
2413
+ "type": "array",
2414
+ "items": {
2415
+ "$ref": "#/components/schemas/AdditionalGroup"
2416
+ }
2417
+ }
2418
+ }
2419
+ }
2420
+ ]
2421
+ },
2422
+ "RoleWithAccess": {
2423
+ "allOf": [
2424
+ {
2425
+ "$ref": "#/components/schemas/RoleOut"
2426
+ },
2427
+ {
2428
+ "type": "object",
2429
+ "required": [
2430
+ "access"
2431
+ ],
2432
+ "properties": {
2433
+ "access": {
2434
+ "type": "array",
2435
+ "items": {
2436
+ "$ref": "#/components/schemas/Access"
2437
+ }
2438
+ }
2439
+ }
2440
+ }
2441
+ ]
2442
+ },
2443
+ "Policy": {
2444
+ "required": [
2445
+ "name"
2446
+ ],
2447
+ "properties": {
2448
+ "name": {
2449
+ "type": "string",
2450
+ "example": "PolicyA"
2451
+ },
2452
+ "description": {
2453
+ "type": "string",
2454
+ "example": "A description of PolicyA"
2455
+ }
2456
+ }
2457
+ },
2458
+ "PolicyIn": {
2459
+ "allOf": [
2460
+ {
2461
+ "$ref": "#/components/schemas/Policy"
2462
+ },
2463
+ {
2464
+ "type": "object",
2465
+ "required": [
2466
+ "group",
2467
+ "roles"
2468
+ ],
2469
+ "properties": {
2470
+ "group": {
2471
+ "type": "string",
2472
+ "format": "uuid",
2473
+ "example": "83ee048e-3c1d-43ef-b945-108225ae52f4"
2474
+ },
2475
+ "roles": {
2476
+ "type": "array",
2477
+ "items": {
2478
+ "type": "string",
2479
+ "format": "uuid",
2480
+ "example": "94846f2f-cced-474f-b7f3-47e2ec51dd11"
2481
+ }
2482
+ }
2483
+ }
2484
+ }
2485
+ ]
2486
+ },
2487
+ "PolicyExtended": {
2488
+ "allOf": [
2489
+ {
2490
+ "$ref": "#/components/schemas/Policy"
2491
+ },
2492
+ {
2493
+ "$ref": "#/components/schemas/UUID"
2494
+ },
2495
+ {
2496
+ "$ref": "#/components/schemas/Timestamped"
2497
+ },
2498
+ {
2499
+ "type": "object",
2500
+ "required": [
2501
+ "group",
2502
+ "roles"
2503
+ ],
2504
+ "properties": {
2505
+ "group": {
2506
+ "$ref": "#/components/schemas/GroupOut"
2507
+ },
2508
+ "roles": {
2509
+ "type": "array",
2510
+ "items": {
2511
+ "$ref": "#/components/schemas/RoleOut"
2512
+ }
2513
+ }
2514
+ }
2515
+ }
2516
+ ]
2517
+ },
2518
+ "PolicyPagination": {
2519
+ "allOf": [
2520
+ {
2521
+ "$ref": "#/components/schemas/ListPagination"
2522
+ },
2523
+ {
2524
+ "type": "object",
2525
+ "required": [
2526
+ "data"
2527
+ ],
2528
+ "properties": {
2529
+ "data": {
2530
+ "type": "array",
2531
+ "items": {
2532
+ "$ref": "#/components/schemas/PolicyExtended"
2533
+ }
2534
+ }
2535
+ }
2536
+ }
2537
+ ]
2538
+ },
2539
+ "AccessPagination": {
2540
+ "allOf": [
2541
+ {
2542
+ "$ref": "#/components/schemas/ListPagination"
2543
+ },
2544
+ {
2545
+ "type": "object",
2546
+ "required": [
2547
+ "data"
2548
+ ],
2549
+ "properties": {
2550
+ "data": {
2551
+ "type": "array",
2552
+ "items": {
2553
+ "$ref": "#/components/schemas/Access"
2554
+ }
2555
+ }
2556
+ }
2557
+ }
2558
+ ]
2559
+ },
2560
+ "Status": {
2561
+ "required": [
2562
+ "api_version"
2563
+ ],
2564
+ "properties": {
2565
+ "api_version": {
2566
+ "type": "integer",
2567
+ "format": "int64",
2568
+ "example": 1
2569
+ },
2570
+ "commit": {
2571
+ "type": "string",
2572
+ "example": "178d2ea"
2573
+ },
2574
+ "server_address": {
2575
+ "type": "string",
2576
+ "example": "127.0.0.1:8000"
2577
+ },
2578
+ "platform_info": {
2579
+ "type": "object",
2580
+ "example": {
2581
+ "system": "Darwin",
2582
+ "node": "node-1.example.com",
2583
+ "release": "17.5.0",
2584
+ "version": "Darwin Kernel Version 17.5.0",
2585
+ "machine": "x86_64",
2586
+ "processor": "i386"
2587
+ }
2588
+ },
2589
+ "python_version": {
2590
+ "type": "string",
2591
+ "example": "3.6.1"
2592
+ },
2593
+ "modules": {
2594
+ "type": "object",
2595
+ "example": {
2596
+ "coverage": "4.5.1",
2597
+ "coverage.version": "4.5.1",
2598
+ "coverage.xmlreport": "4.5.1",
2599
+ "cryptography": "2.0.3",
2600
+ "ctypes": "1.1.0",
2601
+ "ctypes.macholib": "1.0",
2602
+ "decimal": "1.70",
2603
+ "django": "1.11.5",
2604
+ "django.utils.six": "1.10.0",
2605
+ "django_filters": "1.0.4",
2606
+ "http.server": "0.6"
2607
+ }
2608
+ }
2609
+ }
2610
+ }
2611
+ }
2612
+ }
2613
+ }