{ "openapi": "3.1.1", "$schema": "https://spec.openapis.org/oas/3.1/schema/2025-02-13", "info": { "description": "Internal Integrations API for Role Based Access Control.", "version": "1.0.0", "title": "Internal Integrations API for Role Based Access Control.", "license": { "name": "AGPL-3.0", "url": "https://opensource.org/licenses/AGPL-3.0" } }, "tags": [ { "name": "Integrations", "description": "List groups, roles, principals and tenants." }, { "name": "Group", "description": "Operations about groups." }, { "name": "Principal", "description": "Operations about principals." }, { "name": "Role", "description": "Operations about roles." }, { "name": "Tenant", "description": "Operations about tenants." }, { "name": "Utils", "description": "Utils operations." }, { "name": "Destructive", "description": "Destructive operations." }, { "name": "V2", "description": "Operations related with RBAC V2." }, { "name": "CAR", "description": "Cross Account Request operations." }, { "name": "Workspace", "description": "Operations about workspaces." }, { "name": "Inventory", "description": "Operations related to inventory api." }, { "name": "Relations", "description": "Operations related to relations api." } ], "paths": { "/integrations/tenant/{orgId}/roles/": { "get": { "tags": [ "Integrations", "Role" ], "summary": "List the roles for a tenant", "description": "By default, responses are sorted in ascending order by role name", "operationId": "listRole", "parameters": [ { "name": "orgId", "in": "path", "description": "Organization ID of the tenant", "required": true, "schema": { "type": "string" } }, { "name": "name", "in": "query", "required": false, "description": "Parameter for filtering roles by role `name` using string contains search.", "schema": { "type": "string" } }, { "name": "display_name", "in": "query", "required": false, "description": "Parameter for filtering resource by display_name using string contains search.", "schema": { "type": "string" } }, { "name": "system", "in": "query", "required": false, "description": "Parameter for filtering resource by system flag.", "schema": { "type": "boolean" } }, { "name": "name_match", "in": "query", "required": false, "description": "Parameter for specifying the matching criteria for an object's name or display_name.", "schema": { "type": "string", "enum": [ "partial", "exact" ] } }, { "name": "scope", "in": "query", "required": false, "description": "Parameter for filtering resource by scope.", "schema": { "type": "string", "enum": [ "account", "principal" ] } }, { "$ref": "#/components/parameters/QueryLimit" }, { "$ref": "#/components/parameters/QueryOffset" }, { "in": "query", "name": "order_by", "required": false, "description": "Parameter for ordering roles by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name", "schema": { "type": "string", "enum": [ "name", "display_name", "modified", "policyCount" ] } }, { "in": "query", "name": "add_fields", "required": false, "description": "Parameter for add list of fields to display for roles.", "schema": { "type": "string", "enum": [ "groups_in", "groups_in_count" ] } }, { "in": "query", "name": "username", "required": false, "description": "Optional parameter for filtering by username", "schema": { "type": "string" } }, { "in": "query", "name": "application", "required": false, "description": "The application name(s) to filter roles by, from permissions. This is an exact match. You may also use a comma-separated list to match on multiple applications.", "schema": { "type": "string" } }, { "in": "query", "name": "permission", "required": false, "description": "The permission(s) to filter roles by, from permissions. This is an exact match. You may also use a comma-separated list to match on multiple permissions.", "schema": { "type": "string" } }, { "in": "query", "name": "external_tenant", "required": false, "description": "Parameter for filtering roles by external tenant name using string search.", "schema": { "type": "string" } } ], "responses": { "200": { "description": "A paginated list of role objects", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RolePagination" } } } }, "401": { "description": "Unauthorized" }, "403": { "description": "Insufficient permissions to list roles", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error403" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/integrations/tenant/{orgId}/groups/": { "get": { "tags": [ "Integrations", "Group" ], "summary": "List the groups for a tenant", "description": "By default, responses are sorted in ascending order by group name", "operationId": "listGroups", "parameters": [ { "name": "orgId", "in": "path", "description": "Organization ID of the tenant", "required": true, "schema": { "type": "string" } }, { "$ref": "#/components/parameters/QueryLimit" }, { "$ref": "#/components/parameters/QueryOffset" }, { "name": "uuid", "in": "query", "description": "A list of UUIDs to filter listed groups.", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "explode": false, "style": "form" }, { "in": "query", "name": "order_by", "required": false, "description": "Parameter for ordering groups by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name", "schema": { "type": "string", "enum": [ "name", "modified" ] } }, { "in": "query", "name": "username", "required": false, "description": "Optional parameter for filtering by username", "schema": { "type": "string" } }, { "name": "system", "in": "query", "required": false, "description": "Parameter for filtering resource by system flag.", "schema": { "type": "boolean" } } ], "responses": { "200": { "description": "A paginated list of group objects", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GroupPagination" } } } }, "401": { "description": "Unauthorized" }, "403": { "description": "Insufficient permissions to list groups", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error403" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/integrations/tenant/{orgId}/groups/{uuid}/roles/": { "get": { "tags": [ "Integrations", "Group", "Role" ], "summary": "List the roles for a group in a tenant", "description": "By default, responses are sorted in ascending order by role name", "operationId": "listRolesForGroup", "parameters": [ { "name": "orgId", "in": "path", "description": "Organization ID of the tenant", "required": true, "schema": { "type": "string" } }, { "name": "uuid", "in": "path", "description": "ID of group", "required": true, "schema": { "type": "string", "format": "uuid" } }, { "name": "role_name", "in": "query", "required": false, "description": "Parameter for filtering group roles by role `name` using string contains search.", "schema": { "type": "string" } }, { "name": "role_description", "in": "query", "required": false, "description": "Parameter for filtering group roles by role `description` using string contains search.", "schema": { "type": "string" } }, { "$ref": "#/components/parameters/QueryLimit" }, { "$ref": "#/components/parameters/QueryOffset" }, { "in": "query", "name": "order_by", "required": false, "description": "Parameter for ordering roles by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name", "schema": { "type": "string", "enum": [ "name", "modified" ] } }, { "name": "role_external_tenant", "in": "query", "required": false, "description": "Parameter for filtering group roles by role `external_tenant` using string search.", "schema": { "type": "string" } }, { "in": "query", "name": "username", "required": false, "description": "Optional parameter for filtering by username", "schema": { "type": "string" } } ], "responses": { "200": { "description": "A list of roles for a group", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RolePagination" } } } }, "401": { "description": "Unauthorized" }, "403": { "description": "Insufficient permissions to list roles for group", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error403" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/integrations/tenant/{orgId}/principal/{username}/groups/": { "get": { "tags": [ "Integrations", "Group", "Principal" ], "summary": "List the groups for a principal in a tenant", "description": "By default, responses are sorted in ascending order by group name", "operationId": "listGroupsForPrincipal", "parameters": [ { "name": "orgId", "in": "path", "description": "Organization ID of the tenant", "required": true, "schema": { "type": "string" } }, { "$ref": "#/components/parameters/QueryLimit" }, { "$ref": "#/components/parameters/QueryOffset" }, { "name": "username", "in": "path", "description": "Username of the principal", "required": true, "schema": { "type": "string" } }, { "name": "uuid", "in": "query", "description": "A list of UUIDs to filter listed groups.", "required": false, "schema": { "type": "array", "items": { "type": "string" } }, "explode": false, "style": "form" }, { "in": "query", "name": "order_by", "required": false, "description": "Parameter for ordering groups by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name", "schema": { "type": "string", "enum": [ "name", "modified" ] } }, { "name": "system", "in": "query", "required": false, "description": "Parameter for filtering resource by system flag.", "schema": { "type": "boolean" } } ], "responses": { "200": { "description": "A paginated list of group objects", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/GroupPagination" } } } }, "401": { "description": "Unauthorized" }, "403": { "description": "Insufficient permissions to list groups", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error403" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/integrations/tenant/{orgId}/principal/{username}/groups/{uuid}/roles/": { "get": { "tags": [ "Integrations", "Role", "Group", "Principal" ], "summary": "List the roles for a group for a principal in a tenant", "description": "By default, responses are sorted in ascending order by role name", "operationId": "listRolesForGroupsForPrincipal", "parameters": [ { "name": "orgId", "in": "path", "description": "Organization ID of the tenant", "required": true, "schema": { "type": "string" } }, { "name": "username", "in": "path", "description": "Username of the principal", "required": true, "schema": { "type": "string" } }, { "name": "uuid", "in": "path", "description": "ID of group", "required": true, "schema": { "type": "string", "format": "uuid" } }, { "name": "role_name", "in": "query", "required": false, "description": "Parameter for filtering group roles by role `name` using string contains search.", "schema": { "type": "string" } }, { "$ref": "#/components/parameters/QueryLimit" }, { "$ref": "#/components/parameters/QueryOffset" }, { "in": "query", "name": "order_by", "required": false, "description": "Parameter for ordering roles by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-name", "schema": { "type": "string", "enum": [ "name", "modified" ] } } ], "responses": { "200": { "description": "A list of roles for a group", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RolePagination" } } } }, "401": { "description": "Unauthorized" }, "403": { "description": "Insufficient permissions to list roles for group", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error403" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/integrations/tenant/{orgId}/groups/{uuid}/principals/": { "get": { "tags": [ "Integrations", "Principal", "Group" ], "summary": "Get a list of principals from a group in a tenant", "description": "By default, responses are sorted in ascending order by username", "operationId": "listPrincipalsForGroup", "parameters": [ { "name": "orgId", "in": "path", "description": "Organization ID of the tenant", "required": true, "schema": { "type": "string" } }, { "name": "admin_only", "in": "query", "description": "Get only admin users within an account.", "required": false, "schema": { "type": "boolean", "enum": [ true, false ], "default": false } }, { "name": "uuid", "in": "path", "description": "ID of group from which to get principals", "required": true, "schema": { "type": "string", "format": "uuid" } }, { "name": "principal_username", "in": "query", "required": false, "description": "Parameter for filtering group principals by principal `username` using string contains search.", "schema": { "type": "string" } }, { "$ref": "#/components/parameters/QueryLimit" }, { "$ref": "#/components/parameters/QueryOffset" }, { "in": "query", "name": "order_by", "required": false, "description": "Parameter for ordering principals by value. For inverse ordering, supply '-' before the param value, such as: ?order_by=-username", "schema": { "type": "string", "enum": [ "username" ] } }, { "in": "query", "name": "username_only", "required": false, "description": "Parameter for optionally returning only usernames for principals, bypassing a call to IT.", "schema": { "type": "boolean", "enum": [ true, false ] } }, { "in": "query", "name": "principal_type", "required": false, "description": "Parameter for selecting the type of principal to be returned.", "schema": { "type": "string", "enum": [ "service-account", "user" ] } }, { "in": "query", "name": "service_account_client_ids", "required": false, "description": "By specifying a comma separated list of client IDs with this query parameter, RBAC will return an object with the specified client ID and it's matching boolean value to flag whether the client ID is present in the group or not. This query parameter cannot be used along with any other query parameter.", "schema": { "type": "string" } }, { "in": "query", "name": "service_account_description", "required": false, "description": "Parameter for filtering the service accounts by their description.", "schema": { "type": "string" } }, { "in": "query", "name": "service_account_name", "required": false, "description": "Parameter for filtering the service accounts by their name.", "schema": { "type": "string" } } ], "responses": { "200": { "description": "List of principals attached to group", "content": { "application/json": { "schema": { "oneOf": [ { "$ref": "#/components/schemas/PrincipalPagination" }, { "$ref": "#/components/schemas/ServiceAccountPagination" }, { "$ref": "#/components/schemas/ServiceAccountInGroupResponse" } ] } } } }, "400": { "description": "Bad Input" }, "401": { "description": "Unauthorized" }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/integrations/tenant/": { "get": { "tags": [ "Integrations", "Tenant" ], "summary": "Get a list of tenants", "description": "List of tenants in ConsoleDot RBAC", "operationId": "listTenants", "parameters": [ { "name": "modified_only", "in": "query", "required": false, "description": "Parameter for filtering tenants by those with group or role modifications.", "schema": { "default": false, "type": "boolean" } }, { "$ref": "#/components/parameters/QueryLimit" }, { "$ref": "#/components/parameters/QueryOffset" } ], "responses": { "200": { "description": "List of tenants", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/TenantPagination" } } } }, "400": { "description": "Bad Input" }, "401": { "description": "Unauthorized" }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/cars/clean/": { "get": { "tags": [ "Utils", "CAR" ], "summary": "Get info of cars with custom roles", "description": "Get info of cars with custom roles", "operationId": "getCars", "responses": { "200": { "description": "Info of cars with custom roles." }, "405": { "description": "Invalid method, only 'Get' and 'POST' are allowed.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "post": { "tags": [ "CAR", "Utils" ], "summary": "Clean up custom roles in cars", "description": "Clean up custom roles in cars", "operationId": "cleanCars", "responses": { "200": { "description": "Deleted cars with custom roles." }, "400": { "description": "Destructive operations disallowed.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "405": { "description": "Invalid method, only 'Get' and 'POST' are allowed.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/get_org_admin/{org_or_account}/": { "get": { "tags": [ "Utils" ], "summary": "Get a list of Org Admins for an account or organization", "description": "List of Org Admins for an account or organization", "operationId": "listOrgAdmins", "parameters": [ { "name": "org_or_account", "in": "path", "description": "Organization ID or Account ID for the tenant", "required": true, "schema": { "type": "string" } }, { "name": "type", "in": "query", "required": true, "description": "Parameter for retrieving org admins based on account or org.", "schema": { "type": "string", "enum": [ "account_id", "org_id" ] } }, { "$ref": "#/components/parameters/QueryLimit" }, { "$ref": "#/components/parameters/QueryOffset" } ], "responses": { "200": { "description": "List of Org Admins", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/OrgAdminPagination" } } } }, "400": { "description": "Bad Input" }, "401": { "description": "Unauthorized" }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/role/": { "delete": { "tags": [ "Role", "Utils", "Destructive" ], "summary": "Delete Red Hat managed role", "description": "Specify a role name to delete a Red Hat managed role.", "operationId": "DeleteRole", "parameters": [ { "name": "name", "in": "query", "required": true, "description": "Name of the role to delete.", "schema": { "type": "string" } } ], "responses": { "204": { "description": "Role deleted" }, "400": { "description": "Bad Input" }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/permission/": { "delete": { "tags": [ "Permission", "Utils", "Destructive" ], "summary": "Delete permission", "description": "Specify a permission to delete a permission.", "operationId": "DeletePermission", "parameters": [ { "name": "name", "in": "query", "required": true, "description": "Name of the permission to delete.", "schema": { "type": "string" } } ], "responses": { "204": { "description": "Permission deleted" }, "400": { "description": "Bad Input" }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/data_migration/": { "post": { "tags": [ "V2", "Utils" ], "summary": "Migration of v1 resources", "description": "Start process of migration of v1 resources.", "operationId": "RoleMigration", "parameters": [ { "name": "exclude_apps", "in": "query", "required": false, "description": "Defines the comma-separated names of the apps. If the permission of the role includes any of the app, it would be excluded from migration.", "schema": { "type": "string" } }, { "name": "orgs", "in": "query", "required": false, "description": "Defines the comma-separated names of the org ids. Only these orgs with these id will be included in the migration.", "schema": { "type": "string" } } ], "responses": { "202": { "description": "Data migration from V1 to V2 are running in a background worker." }, "405": { "description": "Invalid method, only 'POST' is allowed.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/bootstrap_tenant/": { "post": { "tags": [ "V2", "Tenant", "Utils" ], "summary": "Bootstrap a tenants by org ids", "description": "Bootstrap a tenants by org ids", "operationId": "TenantBootstrap", "requestBody": { "required": true, "content": { "application/json": { "schema": { "type": "object", "properties": { "org_ids": { "type": "array", "items": { "type": "string" }, "description": "A list of organization IDs to bootstrap." } }, "required": [ "org_ids" ] } } } }, "parameters": [ { "name": "force", "in": "query", "required": false, "description": "Whether or not to force replication to happen, even if the Tenant is already bootstrapped. Cannot be 'true' if replication is on, due to inconsistency risk.", "schema": { "default": false, "type": "boolean" } } ], "responses": { "200": { "description": "Bootstrap tenant with org_id finished." }, "400": { "description": "Invalid request, must supply the 'org_id' query parameter.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "405": { "description": "Invalid method, only 'POST' is allowed.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/bootstrap_pending_tenants/": { "get": { "tags": [ "V2", "Tenant", "Utils" ], "summary": "List tenants that are not bootstrapped", "description": "Returns a list of tenant org IDs that have not yet been bootstrapped.", "operationId": "bootstrapPendingTenants", "responses": { "200": { "description": "Successful response with a list of unbootstrapped tenants.", "content": { "application/json": { "schema": { "type": "object", "properties": { "org_ids": { "type": "array", "items": { "type": "string" }, "description": "List of unbootstrapped tenant IDs." } } } } } }, "405": { "description": "Invalid method. Only GET is allowed.", "content": { "text/plain": { "schema": { "type": "string", "example": "Invalid method only \"GET\" is allowed." } } } } } } }, "/fetch_replication_data": { "get": { "tags": [ "V2", "Utils" ], "summary": "Fetch replication data", "operationId": "fetchReplicationData", "description": "Retrieves replication-related information from the database.", "responses": { "200": { "description": "Replication data retrieved successfully", "content": { "application/json": { "schema": { "type": "object", "properties": { "replication_slots": { "type": "array", "items": { "type": "array", "items": [ { "type": "string", "description": "Slot name" }, { "type": "string", "description": "Slot type" } ] } }, "publications": { "type": "array", "items": { "type": "array", "items": [ { "type": "integer", "description": "OID" }, { "type": "string", "description": "Publication name" } ] } }, "publication_tables": { "type": "array", "items": { "type": "array", "items": [ { "type": "string", "description": "Publication name" }, { "type": "string", "description": "Table name" } ] } }, "wal_lsn": { "type": "array", "items": { "type": "array", "items": [ { "type": "string", "description": "Current WAL LSN" }, { "type": "string", "description": "Confirmed flush LSN" } ] } } } } } } }, "405": { "description": "Invalid method, only GET is allowed", "content": { "text/plain": { "schema": { "type": "string", "example": "Invalid method, only 'GET' is allowed." } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "type": "object", "properties": { "error": { "type": "string", "description": "Error message" } } } } } } } } }, "/api/utils/bindings/": { "get": { "tags": [ "V2", "Role", "Utils" ], "summary": "List bindingmappings for a role", "description": "List bindingmappings for a role.", "operationId": "ListBinding", "parameters": [ { "name": "role_uuid", "in": "query", "required": true, "description": "Defines the uuid of the role.", "schema": { "type": "string" } } ], "responses": { "200": { "description": "List of bindingmappings for a role." }, "400": { "description": "Invalid request, must supply the 'role_uuid' query parameter.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "405": { "description": "Invalid method, only 'GET' is allowed.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/binding/{binding_id}/clean/": { "post": { "tags": [ "V2", "Utils" ], "summary": "Clean binding for a given id", "description": "Clean binding for a given id", "operationId": "CleanBinding", "parameters": [ { "name": "field", "in": "query", "required": false, "description": "To clean the field users or groups.", "schema": { "type": "string", "enum": [ "users", "groups" ] } } ], "responses": { "200": { "description": "Mappings of the binding." }, "400": { "description": "Invalid request, must supply the 'users' or 'groups' in field.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "405": { "description": "Invalid method, only 'POST' is allowed.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/migration_resources/": { "delete": { "tags": [ "V2", "Destructive", "Utils" ], "summary": "Delete migration resources", "description": "Delete migration resources, including binding mappings, tenant mappings, and workspaces.", "operationId": "DeleteMigrationResources", "parameters": [ { "name": "resource", "in": "query", "required": true, "description": "The resource type to be deleted.", "schema": { "type": "string", "enum": [ "binding", "mapping", "workspace" ] } }, { "name": "org_id", "in": "query", "required": false, "description": "The org id identifies deleting the resource within which org. But it can not be used for binding.", "schema": { "type": "string" } } ], "responses": { "202": { "description": "Resource deletion is running in a background worker." }, "400": { "description": "Invalid request, must supply the 'resource' query parameter.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "get": { "tags": [ "V2", "Utils" ], "summary": "List migration resources", "description": "List migration resources, including binding mappings, tenant mappings, and workspaces.", "operationId": "ListMigrationResources", "parameters": [ { "name": "resource", "in": "query", "required": true, "description": "The resource type to be listed.", "schema": { "type": "string", "enum": [ "binding", "mapping", "workspace" ] } }, { "name": "org_id", "in": "query", "required": false, "description": "The org id identifies listing the resource within which org. But it can not be used for binding.", "schema": { "type": "string" } } ], "responses": { "200": { "description": "Listing the list of resource ids." }, "400": { "description": "Invalid request, must supply the 'resource' query parameter.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/set_tenant_ready/": { "get": { "tags": [ "Tenant", "Utils" ], "summary": "View count of tenants with ready flag false", "description": "View count of tenants with ready flag false.", "operationId": "ViewTenantReadyFalse", "responses": { "200": { "description": "Total of tenants not set to be ready." }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "post": { "tags": [ "Tenant", "Utils" ], "summary": "Set ready flag of tenants to true", "description": "Set ready flag of tenants to true.", "operationId": "SetTenantReady", "parameters": [ { "name": "max_expected", "in": "query", "required": true, "description": "Defines the max number of not ready tenants to be updated.", "schema": { "type": "string" } } ], "responses": { "200": { "description": "0 tenant with ready flag equal to false." }, "400": { "description": "Invalid request, must supply the 'max_expected' query parameter.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/reset_imported_tenants/": { "delete": { "tags": [ "Tenant", "Utils", "Destructive" ], "summary": "Remove tenants imported via user import job", "description": "Remove tenants with the flag ready=false or tenants without related objects. To use this endpoint, destructive API operations must be enabled.", "operationId": "RemoveImportedTenants", "parameters": [ { "name": "exclude_id", "in": "query", "required": false, "description": "IDs of tenants to exclude from the reset operation. Can be specified multiple times.", "explode": true, "schema": { "type": "array", "items": { "type": "string" } } }, { "name": "only_ready_false_flag", "in": "query", "required": false, "description": "If set to true, the query searches for tenants with the 'ready=false' flag; otherwise, it looks for tenants without related objects.", "schema": { "type": "boolean", "default": true } }, { "in": "query", "name": "limit", "required": false, "description": "Parameter for selecting the amount of data removed.", "schema": { "type": "integer" } } ], "responses": { "200": { "description": "Tenants deleting in worker." }, "400": { "description": "Destructive operations disallowed." }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "get": { "tags": [ "Tenant", "Utils" ], "summary": "Get count of tenants imported via user import job", "description": "Returns the count of tenants with the flag ready=false or tenants without related objects.", "operationId": "CountOfImportedTenants", "parameters": [ { "name": "exclude_id", "in": "query", "required": false, "description": "IDs of tenants to exclude from the reset operation. Can be specified multiple times.", "explode": true, "schema": { "type": "array", "items": { "type": "string" } } }, { "name": "only_ready_false_flag", "in": "query", "required": false, "description": "If set to true, the query searches for tenants with the 'ready=false' flag; otherwise, it looks for tenants without related objects.", "schema": { "type": "boolean", "default": true } }, { "in": "query", "name": "limit", "required": false, "description": "Parameter for selecting the amount of data returned.", "schema": { "type": "integer" } } ], "responses": { "200": { "description": "Tenants count that would be deleted.", "content": { "text/plain": { "schema": { "type": "string", "example": "2 tenants would be deleted" } } } } } } }, "/api/utils/principal/": { "delete": { "tags": [ "Principal", "Destructive", "Utils" ], "summary": "Delete principals without user_id and inactive.", "description": "Delete principals without principals and inactive..", "operationId": "DeletePrincipal", "parameters": [ { "name": "usernames", "in": "query", "required": true, "description": "Comma separated list of usernames of the principals to be deleted.", "schema": { "type": "string" } }, { "name": "user_type", "in": "query", "required": true, "description": "The user type to search principals.", "schema": { "type": "string", "enum": [ "user", "service-account" ] } } ], "responses": { "204": { "description": "Principals deleted" }, "400": { "description": "Bad Input" }, "404": { "description": "Not Found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/openapi.json": { "get": { "tags": [ "Other operations" ], "summary": "Get API document in JSON format", "description": "Get document for Internal Integrations API for Role Based Access Control.", "operationId": "openapi", "responses": { "200": { "description": "The API document for Internal RBAC endpoints.", "content": { "application/json": { "schema": { "type": "object" } } } } } } }, "/api/utils/username_lower/": { "get": { "tags": [ "Principal", "Utils" ], "summary": "List uppercase username", "description": "List uppercase username.", "operationId": "ListUsername", "responses": { "200": { "description": "List of uppercase username." }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "post": { "tags": [ "Principal", "Utils" ], "summary": "Update uppercase username to lowercase", "description": "Update uppercase username to lowercase.", "operationId": "LowerUsername", "responses": { "200": { "description": "All uppercase username updated to lowercase." }, "400": { "description": "Invalid request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/user_lookup/": { "get": { "tags": [ "Principal", "Utils" ], "summary": "Get user info", "description": "Query for a user's groups, roles, and permissions based on their username or email. Only one of the params is required.", "operationId": "userLookup", "parameters": [ { "name": "username", "in": "query", "description": "Username of the desired user to query for. If both username and email are provided, username is used and email is ignored.", "required": true, "schema": { "type": "string" } }, { "name": "email", "in": "query", "description": "Email address of the desired user to query for. If both username and email are provided, username is used and email is ignored.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Result set of user groups, roles, and permissions.", "content": { "application/json": { "schema": { "type": "object", "properties": { "username": { "type": "string", "example": "fake_user" }, "email_address": { "type": "string", "example": "fake_user@redhat.com" }, "groups": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "example": "Example group" }, "description": { "type": "string", "example": "A group for some users" }, "uuid": { "type": "string", "format": "uuid", "example": "1c4da003-569d-433f-8159-fd77e6984de1" }, "platform_default": { "type": "boolean", "example": true }, "admin_default": { "type": "boolean", "example": false }, "roles": { "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "example": "Example Role" }, "display_name": { "type": "string", "example": "Example Role Display" }, "description": { "type": "string", "example": "An example role for the spec" }, "uuid": { "type": "string", "format": "uuid", "example": "a8d33564-628f-4eba-bd59-6a2948bfb31e" }, "platform_default": { "type": "boolean", "example": true }, "admin_default": { "type": "boolean", "example": false }, "permissions": { "type": "array", "items": { "type": "string", "example": "application | resource | verb" } } } } } } } } }, "required": [ "username", "email_address", "groups" ] } } } }, "400": { "description": "Invalid request - bad input", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorSingle" } } } }, "404": { "description": "Not found - user not found", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorSingle" } } } }, "405": { "description": "Invalid method - invalid http method used, only GET allowed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorSingle" } } } }, "500": { "description": "Internal error - unexpected internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ErrorSingle" } } } } } } }, "/_s2s/workspaces/ungrouped/": { "get": { "tags": [ "V2", "Workspace" ], "summary": "Get or create ungrouped hosts workspace.", "description": "Get or create ungrouped hosts workspace.", "operationId": "GetUngrouped", "responses": { "201": { "description": "The ungrouped hosts workspace of the org." }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/api/utils/resource_definitions/": { "get": { "tags": [ "Permission", "Utils" ], "summary": "Get incorrect resource definitions.", "description": "Get resource definitions with incorrect attribute filters. Attribute filters with lists must use 'in' operation. Those with a single string must use 'equal'.", "operationId": "GetIncorrectResourceDefinitions", "parameters": [ { "name": "detail", "in": "query", "description": "Optional flag. If true, returns a list of resource definition objects. If false or omitted, returns only the count.", "required": false, "schema": { "type": "boolean" } } ], "responses": { "200": { "description": "The number of resource definitions that would be corrected." }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "patch": { "tags": [ "Permission", "Utils" ], "summary": "Fix incorrect resource definitions.", "description": "Fix resource definitions with incorrect attribute filters. Attribute filters with lists must use 'in' operation. Those with a single string must use 'equal'.", "operationId": "FixIncorrectResourceDefinitions", "parameters": [ { "name": "id", "in": "query", "description": "Resource definition id.", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "The number of resource definitions that were corrected." }, "405": { "description": "Invalid method.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/_private/api/utils/workspace/": { "get": { "tags": [ "Workspace" ], "summary": "Get all standard workspaces.", "description": "Returns count or list of standard workspaces.", "parameters": [ { "name": "detail", "in": "query", "description": "Set to true to get a detailed list. Default is false (only count).", "required": false, "schema": { "type": "boolean", "default": false } } ], "responses": { "200": { "description": "Workspace count or list returned.", "content": { "application/json": { "schema": { "oneOf": [ { "type": "object", "properties": { "count": { "type": "integer" }, "data": { "type": "array", "items": { "$ref": "#/components/schemas/Workspace" } } } }, { "type": "string", "example": "5 standard workspace(s) eligible for removal." } ] } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } }, "delete": { "tags": [ "Workspace", "Destructive" ], "summary": "Delete standard workspaces.", "description": "Deletes one or all standard workspaces. If `id` is provided, deletes one workspace; otherwise deletes all.", "parameters": [ { "name": "id", "in": "query", "description": "ID of the workspace to delete (optional).", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Workspace(s) deleted successfully", "content": { "text/plain": { "schema": { "type": "string" }, "examples": { "single": { "value": "Workspace with id='abc123' deleted." }, "bulk": { "value": "5 workspace(s) deleted." } } } } }, "400": { "description": "Destructive operations not allowed.", "content": { "text/plain": { "schema": { "type": "string" }, "example": "Destructive operations disallowed." } } }, "404": { "description": "Workspace not found", "content": { "text/plain": { "schema": { "type": "string" }, "example": "Workspace with id='abc123' not found." } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } } } } }, "/_private/api/relations/lookup_resource/": { "post": { "tags": [ "Relations" ], "summary": "Get a resource from relations api.", "description": "Returns resource from relations api.", "requestBody": { "content": { "application/json": { "example": { "resource_type": { "name": "group", "namespace": "rbac" }, "relation": "member", "subject": { "subject": { "type": { "namespace": "rbac", "name": "principal" }, "id": "bob" } } } } } }, "responses": { "200": { "description": "Resource returned." }, "204": { "description": "No resource found." }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error500" }, "examples": { "gRPCError": { "value": { "detail": "Error occurred in gRPC call", "error": "gRPC Error" } }, "Error": { "value": { "detail": "Error occurred in call to lookup resources endpoint", "error": "Error message" } } } } } } } } }, "/_private/api/relations/check_relation/": { "post": { "tags": [ "Relations" ], "summary": "Get a resource from relations api.", "description": "Returns resource from relations api.", "requestBody": { "content": { "application/json": { "example": { "resource_type": { "name": "group", "namespace": "rbac", "id": "bob_club" }, "relation": "member", "subject": { "subject": { "type": { "namespace": "rbac", "name": "principal" }, "id": "bob" } } } } } }, "responses": { "200": { "description": "Resource returned." }, "204": { "description": "No resource found." }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error500" }, "examples": { "gRPCError": { "value": { "detail": "Error occurred in gRPC call", "error": "gRPC Error" } }, "Error": { "value": { "detail": "Error occurred in call to check endpoint", "error": "Error message" } } } } } } } } }, "/_private/api/relations/bootstrap_tenants/{org_id}/": { "post": { "tags": [ "Relations" ], "summary": "Check if a tenant is correctly bootstrapped in the relations API", "description": "Checks if the tenant's bootstrapped resources and relationships are correctly replicated in the Relations API.", "parameters": [ { "name": "org_id", "in": "path", "required": true, "schema": { "type": "string" }, "description": "The organization ID of the tenant to check." } ], "responses": { "200": { "description": "Bootstrapped tenant check result.", "content": { "application/json": { "schema": { "type": "object", "properties": { "org_id": { "type": "string", "example": "example-org-id" }, "bootstrapped_correct": { "type": "boolean", "example": true } } } } } }, "404": { "description": "Tenant not found.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error404" } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error500" }, "examples": { "gRPCError": { "value": { "detail": "Error occurred in gRPC call", "error": "gRPC Error" } }, "GeneralError": { "value": { "detail": "Error occurred during bootstrapped tenant check", "error": "Unexpected error" } } } } } } } } }, "/_private/api/group_assignments/{group_uuid}": { "post": { "tags": [ "Relations" ], "summary": "Check group assignments are correct on relations api.", "description": "Returns resource from relations api.", "responses": { "200": { "description": "Resource returned." }, "204": { "description": "No resource found." }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error500" }, "examples": { "gRPCError": { "value": { "detail": "[gRPC] check_relation failed", "error": "gRPC Error" } }, "Error": { "value": { "detail": "[Unexpected] check_relation failed", "error": "Error message" } } } } } } } } }, "/_private/api/inventory/check/": { "post": { "tags": [ "Inventory" ], "summary": "Check a relationship in the inventory api.", "description": "Returns whether a relationship exists between a subject and a resource on inventory api.", "requestBody": { "content": { "application/json": { "example": { "resource": { "resource_id": "bob_club", "resource_type": "group", "reporter": { "type": "rbac" } }, "relation": "member", "subject": { "resource": { "resource_id": "bob", "resource_type": "principal", "reporter": { "type": "rbac" } } } } } } }, "responses": { "200": { "description": "Relation evaluated and returned." }, "204": { "description": "No relation found." }, "400": { "description": "gRPC Error", "content": { "application/json": { "examples": { "gRPCError": { "value": { "detail": "Error occurred in gRPC call", "error": "gRPC Error" } } } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error500" }, "examples": { "Error": { "value": { "detail": "Error occurred in call to check inventory endpoint", "error": "Error message" } } } } } } } } }, "/_private/api/inventory/check_workspace/{workspace_uuid}/": { "post": { "tags": [ "Inventory" ], "summary": "Check a relationship in the inventory api.", "description": "Returns whether a relationship exists between a parent-child workspaces on inventory api.", "parameters": [ { "name": "descendants", "in": "query", "description": "Flag to enable checks on a workspaces descendants.", "required": false, "schema": { "type": "boolean" } } ], "responses": { "200": { "description": "Relation evaluated and returned." }, "204": { "description": "No relation found." }, "400": { "description": "gRPC Error", "content": { "application/json": { "examples": { "gRPCError": { "value": { "detail": "gRPC error occurred during inventory workspace relation check", "error": "gRPC Error" } } } } } }, "500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error500" }, "examples": { "Error": { "value": { "detail": "Unexpected error during inventory workspace relation check", "error": "Error message" } } } } } } } }, "/utils/kafka_test_message/": { "get": { "tags": [ "Utils" ], "summary": "Send test Kafka message", "description": "Send a test Debezium message to the Kafka consumer topic for testing purposes. This endpoint generates and sends a predefined test message with sample relations.", "operationId": "sendKafkaTestMessage", "responses": { "200": { "description": "Test message sent successfully", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/KafkaTestMessageResponse" }, "examples": { "Success": { "value": { "message": "Test message sent successfully", "topic": "outbox.event.rbac-consumer-replication-event", "message_format": "debezium", "payload_summary": { "relations_to_add_count": 1, "relations_to_remove_count": 0 }, "sample_data": { "relations_to_add": [ { "resource": { "type": { "namespace": "rbac", "name": "workspace" }, "id": "test-workspace-f47ac10b-58cc-4372-a567-0e02b2c3d479" }, "subject": { "subject": { "type": { "namespace": "rbac", "name": "principal" }, "id": "test-principal-6ba7b810-9dad-11d1-80b4-00c04fd430c8" } }, "relation": "member" } ], "relations_to_remove": [] } } } } } } }, "400": { "description": "Bad request - Kafka not enabled or topic not configured", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "KafkaDisabled": { "value": "Kafka is not enabled" }, "TopicNotConfigured": { "value": "RBAC_KAFKA_CONSUMER_TOPIC is not configured" } } } } }, "405": { "description": "Method not allowed - only GET is allowed", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" } } } }, "500": { "description": "Internal server error", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Error" }, "examples": { "SendError": { "value": { "detail": "Error sending test message: Connection failed" } } } } } } } } } } }, "servers": [ { "url": "https://mtls.internal.console.stage.redhat.com/api/rbac/v1", "description": "Internal stage server" }, { "url": "https://mtls.internal.console.redhat.com/api/rbac/v1", "description": "Internal production server" } ], "components": { "parameters": { "QueryOffset": { "in": "query", "name": "offset", "required": false, "description": "Parameter for selecting the offset of data.", "schema": { "type": "integer", "default": 0, "minimum": 0 } }, "QueryLimit": { "in": "query", "name": "limit", "required": false, "description": "Parameter for selecting the amount of data returned.", "schema": { "type": "integer", "default": 10, "minimum": 1, "maximum": 1000 } } }, "schemas": { "Error": { "required": [ "errors" ], "properties": { "errors": { "type": "array", "items": { "type": "object", "properties": { "detail": { "type": "string", "example": "Not found." }, "status": { "type": "string", "example": "403" } } } } } }, "ErrorSingle": { "required": [ "error" ], "properties": { "error": { "type": "string", "example": "Invalid request - bad input provided" } } }, "Error500": { "description": "Unexpected Error", "content": { "application/json": { "schema": { "type": "object", "properties": { "detail": { "type": "string", "example": "Error occurred in gRPC call" }, "error": { "type": "string", "example": "Some error message" } }, "required": ["detail", "error"] } } } }, "Error403": { "required": [ "errors" ], "properties": { "errors": { "type": "array", "items": { "type": "object", "properties": { "detail": { "type": "string", "example": "You do not have permission to perform this action." }, "source": { "type": "string", "example": "detail" }, "status": { "type": "string", "example": "403" } } } } } }, "UUID": { "type": "object", "required": [ "uuid" ], "properties": { "uuid": { "type": "string", "format": "uuid", "example": "57e60f90-8c0c-4bd1-87a0-2143759aae1c" } } }, "Timestamped": { "type": "object", "required": [ "created", "modified" ], "properties": { "created": { "type": "string", "format": "date-time", "example": "2019-01-21T17:32:28Z" }, "modified": { "type": "string", "format": "date-time", "example": "2019-03-04T07:25:58Z" } } }, "PaginationMeta": { "properties": { "count": { "type": "integer", "format": "int64", "example": 30 } } }, "PaginationLinks": { "properties": { "first": { "type": "string", "format": "uri", "example": "/api/rbac/(resources)/?offset=0&limit=10" }, "previous": { "type": "string", "format": "uri", "example": "/api/rbac/(resources)/?offset=20&limit=10" }, "next": { "type": "string", "format": "uri", "example": "/api/rbac/(resources)/?offset=40&limit=10" }, "last": { "type": "string", "format": "uri", "example": "/api/rbac/(resources)/?offset=90&limit=10" } } }, "ListPagination": { "properties": { "meta": { "$ref": "#/components/schemas/PaginationMeta" }, "links": { "$ref": "#/components/schemas/PaginationLinks" } } }, "Group": { "required": [ "name" ], "properties": { "name": { "type": "string", "example": "GroupA" }, "description": { "type": "string", "example": "A description of GroupA" } } }, "GroupOut": { "allOf": [ { "$ref": "#/components/schemas/Group" }, { "$ref": "#/components/schemas/UUID" }, { "$ref": "#/components/schemas/Timestamped" }, { "properties": { "principalCount": { "type": "integer", "minimum": 0 }, "roleCount": { "type": "integer", "minimum": 0 }, "system": { "type": "boolean", "default": false }, "platform_default": { "type": "boolean", "default": false }, "admin_default": { "type": "boolean", "default": false } } } ] }, "OrgAdminPagination": { "allOf": [ { "$ref": "#/components/schemas/ListPagination" }, { "type": "object", "required": [ "data" ], "properties": { "data": { "type": "array", "items": { "$ref": "#/components/schemas/OrgAdmin" } } } } ] }, "RolePagination": { "allOf": [ { "$ref": "#/components/schemas/ListPagination" }, { "type": "object", "required": [ "data" ], "properties": { "data": { "type": "array", "items": { "$ref": "#/components/schemas/RoleOut" } } } } ] }, "TenantPagination": { "allOf": [ { "$ref": "#/components/schemas/ListPagination" }, { "type": "object", "required": [ "data" ], "properties": { "data": { "type": "array", "items": { "$ref": "#/components/schemas/Tenant" } } } } ] }, "GroupPagination": { "allOf": [ { "$ref": "#/components/schemas/ListPagination" }, { "type": "object", "required": [ "data" ], "properties": { "data": { "type": "array", "items": { "$ref": "#/components/schemas/GroupOut" } } } } ] }, "PrincipalPagination": { "allOf": [ { "$ref": "#/components/schemas/ListPagination" }, { "type": "object", "required": [ "data" ], "properties": { "data": { "type": "array", "items": { "oneOf": [ { "$ref": "#/components/schemas/Principal" }, { "$ref": "#/components/schemas/PrincipalMinimal" } ] } } } } ] }, "Principal": { "required": [ "username", "email" ], "properties": { "username": { "type": "string", "example": "smithj" }, "email": { "type": "string", "format": "email", "example": "smithj@mytechco.com" }, "first_name": { "type": "string", "example": "John" }, "last_name": { "type": "string", "example": "Smith" }, "is_active": { "type": "boolean" }, "is_org_admin": { "type": "boolean" } } }, "PrincipalMinimal": { "required": [ "username" ], "properties": { "username": { "type": "string", "example": "smithj" } } }, "ServiceAccount": { "required": [ "clientId", "username", "type" ], "properties": { "username": { "type": "string", "example": "service-account-fe593ba0-9c62-013c-1dc2-6aa2427b506a" }, "type": { "type": "string", "enum": [ "service-account" ] }, "clientId": { "type": "string", "example": "fe593ba0-9c62-013c-1dc2-6aa2427b506a" }, "name": { "type": "string", "example": "MyServiceAccount" }, "description": { "type": "string", "example": "My new shiny Service Account" }, "owner": { "type": "string", "example": "smithj" }, "time_created": { "type": "integer", "example": 1706100532 } } }, "ServiceAccountIn": { "required": [ "type", "clientId" ], "properties": { "type": { "type": "string", "enum": [ "service-account" ] }, "clientId": { "type": "string", "example": "fe593ba0-9c62-013c-1dc2-6aa2427b506a" } } }, "ServiceAccountPagination": { "allOf": [ { "$ref": "#/components/schemas/ListPagination" }, { "type": "object", "required": [ "data" ], "properties": { "data": { "type": "array", "items": { "$ref": "#/components/schemas/ServiceAccount" } } } } ] }, "ServiceAccountInGroupResponse": { "properties": { "meta": { "$ref": "#/components/schemas/PaginationMeta" }, "links": { "description": "The links object for this particular response will be empty, since there is no pagination available for the query parameter", "type": "object", "example": {} }, "data": { "description": "Object which indicates whether the given service account UUIDs in the query parameter are present in the specified group or not", "type": "object", "additionalProperties": { "description": "The response is a map of the form \"UUID\": (true|false)", "type": "boolean" }, "example": { "dd946f24-cfda-11ee-acb6-7b2702ff4dc8": true, "3e728bb0-b167-013c-c455-6aa2427b506c": false } } } }, "Role": { "required": [ "name" ], "properties": { "name": { "type": "string", "example": "RoleA" }, "display_name": { "type": "string", "example": "ARoleName" }, "description": { "type": "string", "example": "A description of RoleA" } } }, "RoleOut": { "allOf": [ { "$ref": "#/components/schemas/Role" }, { "$ref": "#/components/schemas/UUID" }, { "$ref": "#/components/schemas/Timestamped" }, { "properties": { "policyCount": { "type": "integer", "minimum": 0 }, "accessCount": { "type": "integer", "minimum": 0 }, "applications": { "type": "array", "items": { "type": "string", "example": "catalog" } }, "system": { "type": "boolean", "default": false }, "platform_default": { "type": "boolean", "default": false }, "admin_default": { "type": "boolean", "default": false } } } ] }, "Tenant": { "allOf": [ { "properties": { "id": { "type": "integer", "example": 123 }, "org_id": { "type": "integer", "example": 456 }, "account_id": { "type": "integer", "example": 789 } } } ] }, "OrgAdmin": { "allOf": [ { "properties": { "id": { "type": "integer", "example": 123 }, "username": { "type": "string", "example": "jdoe" }, "first_name": { "type": "string", "example": "John" }, "last_name": { "type": "string", "example": "Doe" }, "locale": { "type": "string", "example": "en_US" }, "email": { "type": "string", "example": "jdoe@gmail.com" }, "is_active": { "type": "boolean", "example": true }, "is_org_admin": { "type": "boolean", "example": true }, "is_internal": { "type": "boolean", "example": false } } } ] }, "Workspace": { "type": "object", "properties": { "id": { "type": "string", "format": "uuid" }, "name": { "type": "string" }, "parent_id": { "type": "string", "format": "uuid" }, "description": { "type": "string" }, "created": { "type": "string", "format": "date-time" }, "modified": { "type": "string", "format": "date-time" }, "type": { "type": "string", "example": "standard" }, "tenant_id": { "type": "integer" } }, "required": [ "id", "name", "parent_id", "description", "created", "modified", "type", "tenant_id" ] }, "KafkaTestMessageResponse": { "type": "object", "description": "Response from sending test Kafka message", "properties": { "message": { "type": "string", "example": "Test message sent successfully" }, "topic": { "type": "string", "example": "outbox.event.rbac-consumer-replication-event" }, "message_format": { "type": "string", "example": "debezium" }, "payload_summary": { "type": "object", "properties": { "relations_to_add_count": { "type": "integer", "example": 1 }, "relations_to_remove_count": { "type": "integer", "example": 0 } } }, "sample_data": { "type": "object", "description": "The sample data that was sent in the test message", "properties": { "relations_to_add": { "type": "array", "items": { "$ref": "#/components/schemas/Relation" } }, "relations_to_remove": { "type": "array", "items": { "$ref": "#/components/schemas/Relation" } } } } }, "required": [ "message", "topic", "message_format", "payload_summary", "sample_data" ] }, "Relation": { "type": "object", "description": "A relation between a resource and a subject", "properties": { "resource": { "type": "object", "properties": { "type": { "type": "object", "properties": { "namespace": { "type": "string", "example": "rbac" }, "name": { "type": "string", "example": "workspace" } } }, "id": { "type": "string", "example": "workspace-123" } } }, "subject": { "type": "object", "properties": { "subject": { "type": "object", "properties": { "type": { "type": "object", "properties": { "namespace": { "type": "string", "example": "rbac" }, "name": { "type": "string", "example": "principal" } } }, "id": { "type": "string", "example": "principal-456" } } } } }, "relation": { "type": "string", "example": "member" } }, "required": [ "resource", "subject", "relation" ] } } } }