{ "openapi": "3.0.0", "info": { "title": "Role Based Access Control for Kessel Project", "version": "v2" }, "tags": [ { "name": "Workspaces" }, { "name": "Role Bindings" }, { "name": "Roles" } ], "paths": { "/role-bindings/": { "get": { "operationId": "RoleBindings_list", "summary": "List role bindings", "description": "List role bindings", "parameters": [ { "name": "limit", "in": "query", "required": false, "schema": { "$ref": "#/components/schemas/Limit", "default": 10 }, "explode": false }, { "name": "cursor", "in": "query", "required": false, "description": "Cursor for cursor-based pagination.", "schema": { "$ref": "#/components/schemas/Cursor" }, "explode": false }, { "name": "role_id", "in": "query", "required": false, "description": "Filter by role ID", "schema": { "type": "string" }, "explode": false }, { "name": "fields", "in": "query", "required": false, "description": "Control which fields are included in the response to optimize payload size.", "schema": { "$ref": "#/components/schemas/FieldMask", "default": "resource(id),role(id),subject(id,type)" }, "explode": false }, { "name": "order_by", "in": "query", "required": false, "description": "Default sort is by the time the role was first created. Prefix with '-' for descending order.", "schema": { "$ref": "#/components/schemas/OrderBy", "default": "role.id" }, "explode": false } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "type": "object", "required": [ "meta", "links", "data" ], "properties": { "meta": { "$ref": "#/components/schemas/CursorPaginationMeta" }, "links": { "$ref": "#/components/schemas/CursorPaginationLinks" }, "data": { "type": "array", "items": { "$ref": "#/components/schemas/RoleBindings.RoleBinding" } } } }, "example": { "meta": { "limit": 10 }, "links": { "next": "http://localhost:8000/api/rbac/v2/role-bindings/?cursor=cD0yMDI1LTA4LTE1", "previous": null }, "data": [ { "role": { "id": "550e8400-e29b-41d4-a716-446655440002" }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group" }, "resource": { "id": "550e8400-e29b-41d4-a716-446655440001" } } ] } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Role Bindings" ] } }, "/role-bindings/by-subject/": { "get": { "operationId": "RoleBindings_listBySubject", "summary": "List role bindings grouped by subject", "description": "List role bindings grouped by subject", "parameters": [ { "name": "limit", "in": "query", "required": false, "schema": { "$ref": "#/components/schemas/Limit", "default": 10 }, "explode": false }, { "name": "cursor", "in": "query", "required": false, "description": "Cursor for cursor-based pagination.", "schema": { "$ref": "#/components/schemas/Cursor" }, "explode": false }, { "name": "resource_id", "in": "query", "required": true, "description": "Filter by resource ID", "schema": { "type": "string" }, "explode": false }, { "name": "resource_type", "in": "query", "required": true, "description": "Filter by resource type", "schema": { "type": "string" }, "explode": false }, { "name": "subject_type", "in": "query", "required": false, "description": "Filter by subject type", "schema": { "type": "string" }, "explode": false }, { "name": "subject_id", "in": "query", "required": false, "description": "Filter by subject ID", "schema": { "type": "string" }, "explode": false }, { "name": "parent_role_bindings", "in": "query", "required": false, "description": "Include role bindings inherited from parent resources", "schema": { "type": "boolean", "default": false }, "explode": false }, { "name": "fields", "in": "query", "required": false, "description": "Control which fields are included in the response to optimize payload size and improve performance.", "schema": { "$ref": "#/components/schemas/FieldMask", "default": "subject(group.name),role(name),resource(name,type),last_modified" }, "explode": false }, { "name": "order_by", "in": "query", "required": false, "description": "Sort by specified field(s), prefix with '-' for descending order", "schema": { "$ref": "#/components/schemas/OrderBy", "default": "subject_name" }, "explode": false } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "type": "object", "required": [ "meta", "links", "data" ], "properties": { "meta": { "$ref": "#/components/schemas/CursorPaginationMeta" }, "links": { "$ref": "#/components/schemas/CursorPaginationLinks" }, "data": { "type": "array", "items": { "$ref": "#/components/schemas/RoleBindings.RoleBindingBySubject" } } } }, "examples": { "example0": { "value": { "meta": { "limit": 10 }, "links": { "next": "http://localhost:8000/api/rbac/v2/role-bindings/by-subject/?limit=10&parent_role_bindings=true&cursor=xyz", "previous": null }, "data": [ { "last_modified": "2024-08-04T12:00:00Z", "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group", "group": { "name": "Engineering Team", "description": "Development and engineering team", "user_count": 25 } }, "roles": [ { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin" } ], "resource": { "id": "550e8400-e29b-41d4-a716-446655440003", "name": "Child Workspace", "type": "workspace" }, "inherited_from": { "id": "550e8400-e29b-41d4-a716-446655440001", "name": "Parent Workspace", "type": "workspace" } } ] } }, "example1": { "value": { "meta": { "limit": 10 }, "links": { "next": "http://localhost:8000/api/rbac/v2/role-bindings/by-subject/?cursor=cD0yMDI1LTA4LTE1KzE0JTNBMDQlM0E0MS42ODM3NTIlMkIwMCUzQTAw", "previous": null }, "data": [ { "last_modified": "2024-08-04T12:00:00Z", "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group", "group": { "name": "Engineering Team", "description": "Development and engineering team", "user_count": 25 } }, "roles": [ { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin" } ], "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "name": "Engineering Workspace", "type": "workspace" } } ] } } } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Role Bindings" ] }, "put": { "operationId": "RoleBindings_update", "summary": "Update role bindings", "description": "Update roles for a specific subject on a resource. Replaces all existing roles with the provided roles.", "parameters": [ { "name": "resource_id", "in": "query", "required": true, "description": "Identify the resource ID for the set of role bindings to replace", "schema": { "type": "string" }, "explode": false }, { "name": "resource_type", "in": "query", "required": true, "description": "Identify the resource type for the set of role bindings to replace", "schema": { "type": "string" }, "explode": false }, { "name": "subject_id", "in": "query", "required": true, "description": "Identify the subject ID for the set of role bindings to replace", "schema": { "type": "string" }, "explode": false }, { "name": "subject_type", "in": "query", "required": true, "description": "Identify the subject type for the set of role bindings to replace", "schema": { "type": "string" }, "explode": false }, { "name": "fields", "in": "query", "required": false, "schema": { "$ref": "#/components/schemas/FieldMask", "default": "resource(id),subject(id),roles(id),last_modified" }, "explode": false } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RoleBindings.RoleBindingBySubject" }, "example": { "last_modified": "2024-08-04T12:00:00Z", "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group", "group": { "name": "Engineering Team", "user_count": 25 } }, "roles": [ { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin" }, { "id": "550e8400-e29b-41d4-a716-446655440003", "name": "Viewer" } ], "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "type": "workspace", "name": "Engineering Workspace" } } } } }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem400" } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "404": { "description": "The server cannot find the requested resource.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem404" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Role Bindings" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RoleBindings.UpdateRoleBindingsRequest" }, "example": { "roles": [ { "id": "550e8400-e29b-41d4-a716-446655440002" }, { "id": "550e8400-e29b-41d4-a716-446655440003" } ] } } } } } }, "/role-bindings:batchCreate": { "post": { "operationId": "RoleBindings_batchCreate", "summary": "Grant access to a resource to a set of subjects with a set of roles", "description": "Grant access to a resource to a set of subjects with a set of roles", "parameters": [ { "name": "fields", "in": "query", "required": false, "schema": { "$ref": "#/components/schemas/FieldMask", "default": "resource(id),role(id),subject(id,type)" }, "explode": false } ], "responses": { "201": { "description": "Response containing the created role bindings", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RoleBindings.BatchCreateRoleBindingsResponse" }, "example": { "role_bindings": [ { "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "type": "workspace" }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group" }, "role": { "id": "550e8400-e29b-41d4-a716-446655440002" } }, { "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "type": "workspace" }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa7", "type": "user" }, "role": { "id": "550e8400-e29b-41d4-a716-446655440003" } } ] } } } }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem400" } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Role Bindings" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RoleBindings.BatchCreateRoleBindingsRequest" }, "example": { "requests": [ { "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "type": "workspace" }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group" }, "role": { "id": "550e8400-e29b-41d4-a716-446655440002" } }, { "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "type": "workspace" }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa7", "type": "user" }, "role": { "id": "550e8400-e29b-41d4-a716-446655440003" } } ] } } } } } }, "/roles/": { "get": { "operationId": "Roles_list", "summary": "List the roles for a tenant", "description": "List the roles for a tenant", "parameters": [ { "name": "limit", "in": "query", "required": false, "schema": { "$ref": "#/components/schemas/Limit", "default": 10 }, "explode": false }, { "name": "cursor", "in": "query", "required": false, "description": "Cursor for cursor-based pagination.", "schema": { "$ref": "#/components/schemas/Cursor" }, "explode": false }, { "name": "name", "in": "query", "required": false, "description": "Filter by role name using case sensitive exact match.", "schema": { "type": "string" }, "explode": false }, { "name": "fields", "in": "query", "required": false, "description": "Control which fields are included in the response to optimize payload size.", "schema": { "$ref": "#/components/schemas/FieldMask", "default": "id,name,description,last_modified" }, "explode": false }, { "name": "order_by", "in": "query", "required": false, "description": "Sort by specified field(s), prefix with '-' for descending order. Allowed fields: name, last_modified.", "schema": { "$ref": "#/components/schemas/OrderBy", "default": "name" }, "explode": false } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "type": "object", "required": [ "meta", "links", "data" ], "properties": { "meta": { "$ref": "#/components/schemas/CursorPaginationMeta" }, "links": { "$ref": "#/components/schemas/CursorPaginationLinks" }, "data": { "type": "array", "items": { "$ref": "#/components/schemas/Role" } } } }, "examples": { "example0": { "value": { "meta": { "limit": 10 }, "links": { "next": "/api/rbac/v2/roles/?limit=10&fields=id,name,permissions_count&cursor=eyJpZCI6IjEyMyJ9", "previous": null }, "data": [ { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin", "permissions_count": 2 } ] } }, "example1": { "value": { "meta": { "limit": 10 }, "links": { "next": "/api/rbac/v2/roles/?limit=10&cursor=eyJpZCI6IjEyMyJ9", "previous": null }, "data": [ { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin", "description": "description", "last_modified": "2024-08-04T12:00:00Z" } ] } } } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Roles" ] }, "post": { "operationId": "Roles_create", "summary": "Create a custom role in tenant", "description": "Create a custom role in tenant", "parameters": [ { "name": "fields", "in": "query", "required": false, "description": "Control which fields are included in the response to optimize payload size.\n\n**When fields parameter is provided:**\nOnly explicitly specified fields are returned. All response fields become optional.\n\n**Examples:**\n- `?fields=id,name,permissions_count` - Include id, name, and count (no permissions array)\n- `?fields=permissions_count,last_modified` - Include only count and timestamp", "schema": { "type": "string", "default": "id,name,description,permissions,last_modified" }, "explode": false } ], "responses": { "201": { "description": "The request has succeeded and a new resource has been created as a result.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Role" }, "example": { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Custom Inventory Admin", "description": "Custom role for inventory management", "permissions": [ { "application": "inventory", "resource_type": "hosts", "operation": "read" }, { "application": "inventory", "resource_type": "hosts", "operation": "write" } ], "last_modified": "2024-08-04T12:00:00Z" } } } }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem400" } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Roles" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Roles.CreateOrUpdateRoleRequest" }, "example": { "name": "Custom Inventory Admin", "description": "Custom role for inventory management", "permissions": [ { "application": "inventory", "resource_type": "hosts", "operation": "read" }, { "application": "inventory", "resource_type": "hosts", "operation": "write" } ] } } } } } }, "/roles/{id}/": { "get": { "operationId": "Roles_read", "parameters": [ { "name": "id", "in": "path", "required": true, "schema": { "$ref": "#/components/schemas/UUID" } }, { "name": "fields", "in": "query", "required": false, "description": "Control which fields are included in the response to optimize payload size.", "schema": { "$ref": "#/components/schemas/FieldMask", "default": "id,name,description,permissions,last_modified" }, "explode": false } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Role" }, "examples": { "example0": { "value": { "name": "Workspace Admin" } }, "example1": { "value": { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin", "description": "Full administrative access to workspace resources", "permissions": [ { "application": "inventory", "resource_type": "hosts", "operation": "read" }, { "application": "inventory", "resource_type": "hosts", "operation": "write" } ], "last_modified": "2024-08-04T12:00:00Z" } } } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "404": { "description": "The server cannot find the requested resource.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem404" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Roles" ] }, "put": { "operationId": "Roles_update", "summary": "Update a custom role in tenant", "description": "Update a custom role in tenant", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "UUID that uniquely identifies the role", "schema": { "$ref": "#/components/schemas/UUID" } }, { "name": "fields", "in": "query", "required": false, "description": "Control which fields are included in the response to optimize payload size.", "schema": { "$ref": "#/components/schemas/FieldMask", "default": "id,name,description,permissions,last_modified" }, "explode": false } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Role" }, "example": { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Updated Inventory Admin", "description": "Updated role for inventory management", "permissions": [ { "application": "inventory", "resource_type": "hosts", "operation": "read" }, { "application": "inventory", "resource_type": "hosts", "operation": "write" }, { "application": "inventory", "resource_type": "hosts", "operation": "delete" } ], "last_modified": "2024-08-04T12:00:00Z" } } } }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem400" } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "404": { "description": "The server cannot find the requested resource.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem404" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Roles" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Roles.CreateOrUpdateRoleRequest" }, "example": { "name": "Updated Inventory Admin", "description": "Updated role for inventory management", "permissions": [ { "application": "inventory", "resource_type": "hosts", "operation": "read" }, { "application": "inventory", "resource_type": "hosts", "operation": "write" }, { "application": "inventory", "resource_type": "hosts", "operation": "delete" } ] } } } } } }, "/roles:batchDelete": { "post": { "operationId": "Roles_batchDelete", "description": "Delete multiple roles by ID atomically.", "parameters": [], "responses": { "204": { "description": "There is no content to send for this request, but the headers may be useful. " }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem400" } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "404": { "description": "The server cannot find the requested resource.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem404" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Roles" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Roles.BatchDeleteRolesRequest" }, "example": { "ids": [ "3a780e8d-da23-4a2c-a457-c9d31d8a6df0", "4fc3eb8e-2675-4807-8072-c69bd2a66482" ] } } } } } }, "/workspaces/": { "get": { "operationId": "Workspaces_list", "summary": "List workspaces in a tenant", "description": "List workspaces in a tenant", "parameters": [ { "name": "limit", "in": "query", "required": false, "schema": { "$ref": "#/components/schemas/Limit", "default": 10 }, "explode": false }, { "name": "offset", "in": "query", "required": false, "description": "Offset for offset-based pagination.", "schema": { "$ref": "#/components/schemas/Offset", "default": 0 }, "explode": false }, { "name": "type", "in": "query", "required": false, "description": "Defaults to all when param is not supplied.", "schema": { "$ref": "#/components/schemas/Workspaces.WorkspaceTypesQueryParam", "default": "all" }, "explode": false }, { "name": "name", "in": "query", "required": false, "description": "Case sensitive exact match of workspace by name.", "schema": { "type": "string" }, "explode": false }, { "name": "ids", "in": "query", "required": false, "description": "Filter workspaces by one or more comma-separated UUIDs. Defaults to type=standard unless type is explicitly specified.", "schema": { "type": "array", "items": { "$ref": "#/components/schemas/UUID" } }, "explode": false }, { "name": "order_by", "in": "query", "required": false, "description": "Sort by specified field(s), prefix with '-' for descending order. Allowed fields: name, created, modified, type.", "schema": { "type": "string", "default": "name" }, "explode": false } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.WorkspaceListResponse" }, "example": { "meta": { "count": 100, "limit": 10, "offset": 0 }, "links": { "first": "/api/rbac/v2/workspaces/?limit=10&offset=0", "next": "/api/rbac/v2/workspaces/?limit=10&offset=10", "previous": null, "last": "/api/rbac/v2/workspaces/?limit=10&offset=90" }, "data": [ { "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "My first workspace", "description": "This is a basic workspace.", "created": "2024-05-06T12:20-12-0700", "modified": "2024-05-06T12:20-12-0700" } ] } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Workspaces" ] }, "post": { "operationId": "Workspaces_create", "summary": "Create workspace in tenant", "description": "Create workspace in tenant", "parameters": [], "responses": { "201": { "description": "The request has succeeded and a new resource has been created as a result.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.CreateWorkspaceResponse" }, "example": { "_": 201, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "Alpha Workspace", "description": "Create a standard workspace.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } } } }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem400" } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Workspaces" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.CreateWorkspaceRequest" }, "example": { "name": "Alpha Workspace", "description": "Create a standard workspace." } } } } } }, "/workspaces/{id}/": { "get": { "operationId": "Workspaces_read", "summary": "Get a workspace in tenant", "description": "Get a workspace in tenant", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "Unique identification", "schema": { "$ref": "#/components/schemas/UUID" } }, { "name": "include_ancestry", "in": "query", "required": false, "description": "When true, the response will include the ancestry of the workspace.", "schema": { "type": "boolean" }, "explode": false } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "anyOf": [ { "$ref": "#/components/schemas/Workspaces.ReadWorkspaceResponse" }, { "$ref": "#/components/schemas/Workspaces.ReadWorkspaceWithAncestryResponse" } ] } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "404": { "description": "The server cannot find the requested resource.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem404" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Workspaces" ] }, "put": { "operationId": "Workspaces_update", "summary": "Edit the workspace name or description", "description": "Edit a workspace", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "Unique identification", "schema": { "$ref": "#/components/schemas/UUID" } } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.UpdateWorkspaceResponse" }, "example": { "_": 200, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "Alpha Workspace", "description": "Changing description of alpha workspace to something new.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } } } }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 400 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Workspaces" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.UpdateWorkspaceRequest" }, "example": { "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "name": "Alpha Workspace", "description": "Changing description of alpha workspace to something new." } } } } }, "patch": { "operationId": "Workspaces_patch", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "Unique identification", "schema": { "$ref": "#/components/schemas/UUID" } } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.PatchWorkspaceResponse" }, "example": { "_": 200, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "Alpha Workspace - closed", "description": "Create a standard workspace.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } } } }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 400 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Workspaces" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.PatchWorkspaceRequest" }, "example": { "name": "Alpha Workspace - closed", "description": "Create a standard workspace." } } } } }, "delete": { "operationId": "Workspaces_delete", "summary": "Delete the workspace", "description": "Delete a workspace", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "Unique identification", "schema": { "$ref": "#/components/schemas/UUID" } } ], "responses": { "204": { "description": "There is no content to send for this request, but the headers may be useful. " }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Workspace.Problem400WorkspaceNotEmpty" } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Workspaces" ] } }, "/workspaces/{id}/move/": { "post": { "operationId": "Workspaces_move", "summary": "Move a workspace to a new parent.", "description": "Move a workspace to a new parent.", "parameters": [ { "name": "id", "in": "path", "required": true, "description": "Unique identification of the workspace to move", "schema": { "$ref": "#/components/schemas/UUID" } } ], "responses": { "200": { "description": "The request has succeeded.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.MoveWorkspaceResponse" }, "example": { "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "f0e1d2c3-b4a5-4678-9a1b-c2d3e4f5a6b7" } } } }, "400": { "description": "The server could not understand the request due to invalid syntax.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem400" } } } }, "401": { "description": "Access is unauthorized.", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 401 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } }, "403": { "description": "Access is forbidden.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem403" } } } }, "404": { "description": "The server cannot find the requested resource.", "content": { "application/problem+json": { "schema": { "$ref": "#/components/schemas/Problems.Problem404" } } } }, "500": { "description": "Server error", "content": { "application/problem+json": { "schema": { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 500 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } } } } }, "tags": [ "Workspaces" ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Workspaces.MoveWorkspaceRequest" }, "example": { "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11" } } } } } } }, "components": { "schemas": { "Cursor": { "type": "string", "description": "Cursor for cursor-based pagination.\nAn opaque string that points to the next/previous page of results." }, "CursorPaginationLinks": { "type": "object", "required": [ "next", "previous" ], "properties": { "next": { "type": "string", "nullable": true, "format": "uri", "description": "The next link in pagination", "example": "/api/rbac/v2/(resource)/?limit=10&cursor=eyJpZCI6IjEyMyJ9" }, "previous": { "type": "string", "nullable": true, "format": "uri", "description": "The previous link in pagination", "example": "/api/rbac/v2/(resource)/?limit=10&cursor=eyJpZCI6IjEwMCJ9" } } }, "CursorPaginationMeta": { "type": "object", "required": [ "limit" ], "properties": { "limit": { "allOf": [ { "$ref": "#/components/schemas/Limit" } ], "description": "Limit of returned objects. Use -1 to return all objects.", "example": 10, "default": 10 } } }, "FieldMask": { "type": "string", "description": "Field mask used by the `fields` query parameter to control which fields\nare included in the response.\n\n**Syntax:**\n- Use comma to separate multiple fields: `id,name,description`\n- Use parentheses for nested objects: `subject(id,name),resource(type)`\n\n**Examples:**\n- `id,name`\n- `subject(group.name),role(name)`" }, "Limit": { "type": "integer", "format": "int64", "description": "Limit for pagination. Controls the maximum number of items returned.\nUse -1 to return all objects." }, "Offset": { "type": "integer", "format": "int64", "description": "Offset for offset-based pagination.\nThe number of items to skip before starting to return results." }, "OffsetPaginationLinks": { "type": "object", "required": [ "first", "next", "previous", "last" ], "properties": { "first": { "type": "string", "nullable": true, "format": "uri", "description": "The first link in pagination", "example": "/api/rbac/v2/workspaces/?limit=10&offset=0" }, "next": { "type": "string", "nullable": true, "format": "uri", "description": "The next link in pagination", "example": "/api/rbac/v2/workspaces/?limit=10&offset=10" }, "previous": { "type": "string", "nullable": true, "format": "uri", "description": "The previous link in pagination", "example": "/api/rbac/v2/workspaces/?limit=10&offset=0" }, "last": { "type": "string", "nullable": true, "format": "uri", "description": "The last link in pagination", "example": "/api/rbac/v2/workspaces/?limit=10&offset=90" } } }, "OffsetPaginationMeta": { "type": "object", "required": [ "count", "limit", "offset" ], "properties": { "count": { "type": "integer", "format": "int64", "description": "Total count of objects", "example": 10 }, "limit": { "allOf": [ { "$ref": "#/components/schemas/Limit" } ], "description": "Limit of returned objects. Use -1 to return all objects.", "example": 10, "default": 10 }, "offset": { "allOf": [ { "$ref": "#/components/schemas/Offset" } ], "description": "Offset of returned objects", "example": 0, "default": 0 } } }, "OrderBy": { "type": "string", "description": "Sort order specification for list operations.\nUse comma to separate multiple fields, prefix with '-' for descending order.\n\n**Examples:**\n- `name` - Sort by name ascending\n- `-last_modified` - Sort by last_modified descending\n- `name,-created` - Sort by name ascending, then created descending" }, "Permission": { "type": "object", "required": [ "application", "resource_type", "operation" ], "properties": { "application": { "type": "string" }, "resource_type": { "type": "string" }, "operation": { "type": "string" } }, "example": { "application": "rbac", "resource_type": "workspace", "operation": "read" } }, "Problems.Problem400": { "type": "object", "required": [ "title", "detail" ], "properties": { "title": { "type": "string", "enum": [ "The request payload contains invalid syntax." ] }, "detail": { "type": "string", "example": "JSON parse error - Expecting value: line 1 column 1 (char 0)" } }, "allOf": [ { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 400 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } ] }, "Problems.Problem403": { "type": "object", "required": [ "type", "title" ], "properties": { "type": { "type": "string", "enum": [ "http://project-kessel.org/problems/insufficient-permission" ] }, "title": { "type": "string", "enum": [ "You do not have permission to perform this action." ] } }, "allOf": [ { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 403 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } ] }, "Problems.Problem404": { "type": "object", "required": [ "title", "detail" ], "properties": { "title": { "type": "string", "enum": [ "Resource was not found" ] }, "detail": { "type": "string", "example": "Not found" } }, "allOf": [ { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 404 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } ] }, "Problems.ProblemType": { "type": "string", "enum": [ "http://project-kessel.org/problems/insufficient-permission" ] }, "Problems.Workspace.Problem400WorkspaceNotEmpty": { "type": "object", "required": [ "title" ], "properties": { "title": { "type": "string", "enum": [ "Unable to delete due to workspace dependencies" ] } }, "allOf": [ { "type": "object", "properties": { "type": { "$ref": "#/components/schemas/Problems.ProblemType" }, "status": { "type": "number", "enum": [ 400 ] }, "title": { "type": "string" }, "detail": { "type": "string" }, "instance": { "type": "string", "format": "uri" } } } ] }, "Role": { "type": "object", "properties": { "id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "UUID that uniquely identifies the role" }, "name": { "type": "string", "description": "A human readable name for the role. Must be unique within a tenant." }, "description": { "type": "string", "description": "A description of the role to help clarify its purpose. Does not need to be unique." }, "permissions": { "type": "array", "items": { "$ref": "#/components/schemas/Permission" }, "description": "List of permissions assigned to this role" }, "permissions_count": { "type": "integer", "format": "int32", "description": "Number of permissions assigned to this role" }, "last_modified": { "type": "string", "format": "date-time", "description": "Timestamp of when the role was last modified" } }, "example": { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin", "description": "Full administrative access to workspace", "permissions": [ { "application": "rbac", "resource_type": "workspace", "operation": "read" }, { "application": "rbac", "resource_type": "workspace", "operation": "write" } ], "permissions_count": 2, "last_modified": "2024-08-04T12:00:00Z" } }, "RoleBindings.BaseSubject": { "type": "object", "required": [ "type" ], "properties": { "id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "Subject identifier" }, "type": { "type": "string", "description": "Type of subject" } }, "discriminator": { "propertyName": "type", "mapping": { "group": "#/components/schemas/RoleBindings.GroupSubject" } } }, "RoleBindings.BatchCreateRoleBindingsRequest": { "type": "object", "required": [ "requests" ], "properties": { "requests": { "type": "array", "items": { "$ref": "#/components/schemas/RoleBindings.CreateRoleBindingsRequest" }, "minItems": 1, "maxItems": 100, "description": "List of role bindings to create (maximum 100)" } }, "description": "Batch request to create multiple role bindings", "example": { "requests": [ { "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "type": "workspace" }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group" }, "role": { "id": "550e8400-e29b-41d4-a716-446655440002" } }, { "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "type": "workspace" }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa7", "type": "user" }, "role": { "id": "550e8400-e29b-41d4-a716-446655440003" } } ] } }, "RoleBindings.BatchCreateRoleBindingsResponse": { "type": "object", "required": [ "role_bindings" ], "properties": { "role_bindings": { "type": "array", "items": { "$ref": "#/components/schemas/RoleBindings.RoleBinding" }, "description": "The role bindings that were created" } }, "description": "Response containing the created role bindings" }, "RoleBindings.CreateRoleBindingsRequest": { "type": "object", "required": [ "resource", "subject", "role" ], "properties": { "resource": { "type": "object", "properties": { "id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "UUID that uniquely identifies the resource" }, "type": { "type": "string", "description": "Type of resource", "example": "workspace" } }, "required": [ "id", "type" ], "description": "Resource to bind the role to" }, "subject": { "type": "object", "properties": { "id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "UUID that uniquely identifies the subject" }, "type": { "type": "string", "enum": [ "user", "group" ], "description": "Type of subject" } }, "required": [ "id", "type" ], "description": "Subject to grant access to" }, "role": { "type": "object", "properties": { "id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "UUID that uniquely identifies the role" } }, "required": [ "id" ], "description": "Role to assign" } }, "description": "Request body for creating role bindings", "example": { "resource": { "id": "550e8400-e29b-41d4-a716-446655440001", "type": "workspace" }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group" }, "role": { "id": "550e8400-e29b-41d4-a716-446655440002" } } }, "RoleBindings.GroupDetails": { "type": "object", "properties": { "name": { "type": "string", "description": "Name of the group" }, "description": { "type": "string", "description": "Description of the group" }, "user_count": { "type": "integer", "format": "int64", "description": "Number of users in the group" } } }, "RoleBindings.GroupSubject": { "type": "object", "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "group" ], "description": "Type of subject" }, "group": { "allOf": [ { "$ref": "#/components/schemas/RoleBindings.GroupDetails" } ], "description": "Group details" } }, "allOf": [ { "$ref": "#/components/schemas/RoleBindings.BaseSubject" } ] }, "RoleBindings.Resource": { "type": "object", "properties": { "id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "Resource identifier" }, "name": { "type": "string", "description": "Resource name" }, "type": { "type": "string", "description": "Resource type", "example": "workspace" } } }, "RoleBindings.RoleBinding": { "type": "object", "properties": { "role": { "allOf": [ { "$ref": "#/components/schemas/Role" } ], "description": "The role that grants permissions to the subject on the resource" }, "subject": { "anyOf": [ { "$ref": "#/components/schemas/RoleBindings.UserSubject" }, { "$ref": "#/components/schemas/RoleBindings.GroupSubject" } ], "description": "The subject (user or group) that is granted the role" }, "resource": { "allOf": [ { "$ref": "#/components/schemas/RoleBindings.Resource" } ], "description": "The resource on which the subject is granted the role" } }, "example": { "role": { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin", "permissions": [ { "application": "rbac", "resource_type": "workspace", "operation": "read" }, { "application": "rbac", "resource_type": "workspace", "operation": "write" } ] }, "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group", "group": { "name": "Engineering Team", "user_count": 25 } } } }, "RoleBindings.RoleBindingBySubject": { "type": "object", "properties": { "last_modified": { "type": "string", "format": "date-time", "description": "Timestamp of last modification" }, "subject": { "anyOf": [ { "$ref": "#/components/schemas/RoleBindings.UserSubject" }, { "$ref": "#/components/schemas/RoleBindings.GroupSubject" } ], "description": "Subject of the role binding" }, "roles": { "type": "array", "items": { "$ref": "#/components/schemas/Role" }, "description": "Roles assigned to the subject" }, "resource": { "allOf": [ { "$ref": "#/components/schemas/RoleBindings.Resource" } ], "description": "Resource the roles apply to" }, "inherited_from": { "allOf": [ { "$ref": "#/components/schemas/RoleBindings.Resource" } ], "description": "Resource from which this role binding is inherited (only present when parent_role_bindings=true)" } }, "example": { "last_modified": "2024-08-04T12:00:00Z", "subject": { "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "type": "group", "group": { "name": "Engineering Team", "description": "Development and engineering team", "user_count": 25 } }, "roles": [ { "id": "550e8400-e29b-41d4-a716-446655440002", "name": "Workspace Admin" } ], "resource": { "id": "550e8400-e29b-41d4-a716-446655440003", "name": "Child Workspace", "type": "workspace" }, "inherited_from": { "id": "550e8400-e29b-41d4-a716-446655440001", "name": "Parent Workspace", "type": "workspace" } } }, "RoleBindings.UpdateRoleBindingsRequest": { "type": "object", "required": [ "roles" ], "properties": { "roles": { "type": "array", "items": { "type": "object", "properties": { "id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "Role identifier" } }, "required": [ "id" ] }, "minItems": 1, "description": "Roles to assign (replaces existing roles for the target binding)" } }, "description": "Request body for updating role bindings - contains the new roles to assign", "example": { "roles": [ { "id": "550e8400-e29b-41d4-a716-446655440002" }, { "id": "550e8400-e29b-41d4-a716-446655440003" } ] } }, "RoleBindings.UserDetails": { "type": "object", "properties": { "username": { "type": "string", "description": "Name of the user" } } }, "RoleBindings.UserSubject": { "type": "object", "required": [ "type" ], "properties": { "type": { "type": "string", "enum": [ "user" ], "description": "Type of subject" }, "user": { "allOf": [ { "$ref": "#/components/schemas/RoleBindings.UserDetails" } ], "description": "User details" } }, "allOf": [ { "$ref": "#/components/schemas/RoleBindings.BaseSubject" } ] }, "Roles.BatchDeleteRolesRequest": { "type": "object", "required": [ "ids" ], "properties": { "ids": { "type": "array", "items": { "$ref": "#/components/schemas/UUID" }, "minItems": 1, "maxItems": 100, "description": "The IDs of the roles to delete. A maximum of 100 roles can be deleted in one batch.", "example": [ "3a780e8d-da23-4a2c-a457-c9d31d8a6df0", "4fc3eb8e-2675-4807-8072-c69bd2a66482" ] } }, "description": "Data for request to delete multiple roles by ID." }, "Roles.CreateOrUpdateRoleRequest": { "type": "object", "required": [ "name", "description", "permissions" ], "properties": { "name": { "type": "string", "description": "A human readable name for the role. Must be unique within a tenant." }, "description": { "type": "string", "description": "A description of the role to help clarify its purpose. Does not need to be unique." }, "permissions": { "type": "array", "items": { "$ref": "#/components/schemas/Permission" }, "description": "List of permissions to assign to this role" } }, "description": "Role data for create and update operations", "example": { "name": "Host Inventory Admin", "description": "Custom role for host inventory management", "permissions": [ { "application": "inventory", "resource_type": "hosts", "operation": "read" }, { "application": "inventory", "resource_type": "hosts", "operation": "write" } ] } }, "Timestamps": { "type": "object", "required": [ "created", "modified" ], "properties": { "created": { "type": "string", "format": "date-time", "description": "2019-01-21T17:32:28Z" }, "modified": { "type": "string", "format": "date-time", "description": "2019-01-21T17:32:28Z" } } }, "UUID": { "type": "string", "format": "uuid" }, "Versions": { "type": "string", "enum": [ "v2" ] }, "Workspaces.BasicWorkspace": { "type": "object", "required": [ "name" ], "properties": { "name": { "type": "string", "description": "Workspace A", "default": "Workspace A" }, "description": { "type": "string", "description": "Description of Workspace A", "default": "Description of Workspace A" } }, "example": { "name": "My First Workspace", "description": "This is a basic workspace." } }, "Workspaces.CreateWorkspaceRequest": { "type": "object", "properties": { "parent_id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "Parent ID of Workspace A", "default": "Parent ID of Workspace A" } }, "allOf": [ { "$ref": "#/components/schemas/Workspaces.BasicWorkspace" } ], "example": { "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "name": "Alpha Workspace", "description": "Create a standard workspace." } }, "Workspaces.CreateWorkspaceResponse": { "type": "object", "allOf": [ { "$ref": "#/components/schemas/Workspaces.Workspace" } ], "example": { "_": 201, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "Alpha Workspace", "description": "Create a standard workspace.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } }, "Workspaces.MoveWorkspaceRequest": { "type": "object", "required": [ "parent_id" ], "properties": { "parent_id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "The UUID of the new parent workspace.", "default": "Parent ID of target workspace" } }, "example": { "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11" } }, "Workspaces.MoveWorkspaceResponse": { "type": "object", "required": [ "id", "parent_id" ], "properties": { "id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "default": "Workspace ID of moved workspace" }, "parent_id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "default": "New parent ID of moved workspace" } }, "example": { "_": 200, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "f0e1d2c3-b4a5-4678-9a1b-c2d3e4f5a6b7" } }, "Workspaces.Pagination": { "type": "object", "required": [ "meta", "links" ], "properties": { "meta": { "allOf": [ { "$ref": "#/components/schemas/OffsetPaginationMeta" } ], "description": "Pagination metadata" }, "links": { "allOf": [ { "$ref": "#/components/schemas/OffsetPaginationLinks" } ], "description": "Pagination links" } } }, "Workspaces.PatchWorkspaceRequest": { "type": "object", "properties": { "name": { "type": "string", "description": "Workspace A", "default": "Workspace A" }, "description": { "type": "string", "description": "Description of Workspace A", "default": "Description of Workspace A" } }, "example": { "name": "Alpha Workspace - closed", "description": "Create a standard workspace." } }, "Workspaces.PatchWorkspaceResponse": { "type": "object", "allOf": [ { "$ref": "#/components/schemas/Workspaces.Workspace" } ], "example": { "_": 200, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "Alpha Workspace - closed", "description": "Create a standard workspace.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } }, "Workspaces.ReadWorkspaceResponse": { "type": "object", "allOf": [ { "$ref": "#/components/schemas/Workspaces.Workspace" } ], "example": { "_": 200, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "Alpha Workspace", "description": "Create a standard workspace.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } }, "Workspaces.ReadWorkspaceWithAncestryResponse": { "type": "object", "required": [ "ancestry" ], "properties": { "ancestry": { "type": "array", "items": { "$ref": "#/components/schemas/Workspaces.WorkspaceAncestor" } } }, "allOf": [ { "$ref": "#/components/schemas/Workspaces.ReadWorkspaceResponse" } ], "example": { "ancestry": [ { "id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "parent_id": "a1b2c3d4-e5f6-47a8-b9c0-d1e2f3a4b5c6", "name": "Default Workspace" } ], "_": 200, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "Alpha Workspace", "description": "Create a standard workspace.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } }, "Workspaces.UpdateWorkspaceRequest": { "type": "object", "required": [ "name", "description", "parent_id" ], "properties": { "name": { "type": "string", "description": "Workspace A", "default": "Workspace A" }, "description": { "type": "string", "description": "Description of Workspace A", "default": "Description of Workspace A" }, "parent_id": { "allOf": [ { "$ref": "#/components/schemas/UUID" } ], "description": "Must match current parent_id value. Not updatable directly on the workspace.", "default": "Parent ID of Workspace A" } }, "example": { "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "name": "Alpha Workspace", "description": "Changing description of alpha workspace to something new." } }, "Workspaces.UpdateWorkspaceResponse": { "type": "object", "allOf": [ { "$ref": "#/components/schemas/Workspaces.Workspace" } ], "example": { "_": 200, "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "Alpha Workspace", "description": "Changing description of alpha workspace to something new.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } }, "Workspaces.Workspace": { "type": "object", "required": [ "id", "type", "name", "created", "modified" ], "properties": { "id": { "$ref": "#/components/schemas/UUID" }, "parent_id": { "$ref": "#/components/schemas/UUID" }, "type": { "$ref": "#/components/schemas/Workspaces.WorkspaceTypes" }, "name": { "type": "string", "description": "Workspace A", "default": "Workspace A" }, "description": { "type": "string", "description": "Description of Workspace A", "default": "Description of Workspace A" }, "created": { "type": "string", "format": "date-time", "description": "2019-01-21T17:32:28Z" }, "modified": { "type": "string", "format": "date-time", "description": "2019-01-21T17:32:28Z" } }, "example": { "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "My first workspace", "description": "This is a basic workspace.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } }, "Workspaces.WorkspaceAncestor": { "type": "object", "required": [ "id", "name" ], "properties": { "id": { "$ref": "#/components/schemas/UUID" }, "parent_id": { "$ref": "#/components/schemas/UUID" }, "name": { "type": "string" } } }, "Workspaces.WorkspaceListResponse": { "type": "object", "required": [ "meta", "links", "data" ], "properties": { "meta": { "allOf": [ { "$ref": "#/components/schemas/OffsetPaginationMeta" } ], "description": "Pagination metadata" }, "links": { "allOf": [ { "$ref": "#/components/schemas/OffsetPaginationLinks" } ], "description": "Pagination links" }, "data": { "type": "array", "items": { "$ref": "#/components/schemas/Workspaces.Workspace" }, "description": "List of workspaces" } }, "example": { "meta": { "count": 100, "limit": 10, "offset": 0 }, "links": { "first": "/api/rbac/v2/workspaces/?limit=10&offset=0", "next": "/api/rbac/v2/workspaces/?limit=10&offset=10", "previous": null, "last": "/api/rbac/v2/workspaces/?limit=10&offset=90" }, "data": [ { "id": "e4277742-b91c-43f1-a185-b827e8574345", "parent_id": "c1f729e2-3e2b-4f9e-b247-a4b568393e11", "type": "standard", "name": "My first workspace", "description": "This is a basic workspace.", "created": "2024-08-04T12:00:00Z", "modified": "2024-08-04T12:00:00Z" } ] } }, "Workspaces.WorkspaceTypes": { "type": "string", "enum": [ "root", "default", "standard", "ungrouped-hosts" ] }, "Workspaces.WorkspaceTypesQueryParam": { "type": "string", "enum": [ "all", "root", "default", "standard", "ungrouped-hosts" ] } } }, "servers": [ { "url": "https://console.redhat.com/{basePath}", "description": "Production Server", "variables": { "basePath": { "default": "api/rbac/v2" } } }, { "url": "https://console.stage.redhat.com/{basePath}", "description": "Stage Server", "variables": { "basePath": { "default": "api/rbac/v2" } } }, { "url": "https://localhost:{port}/{basePath}", "description": "Development Server", "variables": { "basePath": { "default": "api/rbac/v2" }, "port": { "default": "8000" } } } ] }