naftiko: 1.0.0-alpha2 info: label: etcd HTTP Gateway API — Auth description: 'etcd HTTP Gateway API — Auth. 16 operations. Lead operation: Etcd Authenticate a user. Self-contained Naftiko capability covering one Etcd business surface.' tags: - Etcd - Auth created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: ETCD_API_KEY: ETCD_API_KEY capability: consumes: - type: http namespace: http-gateway-auth baseUri: http://{host}:{port}/v3 description: etcd HTTP Gateway API — Auth business capability. Self-contained, no shared references. resources: - name: auth-authenticate path: /auth/authenticate operations: - name: authauthenticate method: POST description: Etcd Authenticate a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-disable path: /auth/disable operations: - name: authdisable method: POST description: Etcd Disable authentication outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-enable path: /auth/enable operations: - name: authenable method: POST description: Etcd Enable authentication outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-role-add path: /auth/role/add operations: - name: authroleadd method: POST description: Etcd Add a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-role-delete path: /auth/role/delete operations: - name: authroledelete method: POST description: Etcd Delete a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-role-get path: /auth/role/get operations: - name: authroleget method: POST description: Etcd Get role details outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-role-grant path: /auth/role/grant operations: - name: authrolegrantpermission method: POST description: Etcd Grant a permission to a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-role-list path: /auth/role/list operations: - name: authrolelist method: POST description: Etcd List all roles outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-role-revoke path: /auth/role/revoke operations: - name: authrolerevokepermission method: POST description: Etcd Revoke a permission from a role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-user-add path: /auth/user/add operations: - name: authuseradd method: POST description: Etcd Add a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-user-changepw path: /auth/user/changepw operations: - name: authuserchangepassword method: POST description: Etcd Change a user's password outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-user-delete path: /auth/user/delete operations: - name: authuserdelete method: POST description: Etcd Delete a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-user-get path: /auth/user/get operations: - name: authuserget method: POST description: Etcd Get user details outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-user-grant path: /auth/user/grant operations: - name: authusergrantrole method: POST description: Etcd Grant a role to a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: auth-user-list path: /auth/user/list operations: - name: authuserlist method: POST description: Etcd List all users outputRawFormat: json outputParameters: - name: result type: object value: $. - name: auth-user-revoke path: /auth/user/revoke operations: - name: authuserrevokerole method: POST description: Etcd Revoke a role from a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: bearer token: '{{env.ETCD_API_KEY}}' exposes: - type: rest namespace: http-gateway-auth-rest port: 8080 description: REST adapter for etcd HTTP Gateway API — Auth. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/auth/authenticate name: auth-authenticate description: REST surface for auth-authenticate. operations: - method: POST name: authauthenticate description: Etcd Authenticate a user call: http-gateway-auth.authauthenticate with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/disable name: auth-disable description: REST surface for auth-disable. operations: - method: POST name: authdisable description: Etcd Disable authentication call: http-gateway-auth.authdisable outputParameters: - type: object mapping: $. - path: /v1/auth/enable name: auth-enable description: REST surface for auth-enable. operations: - method: POST name: authenable description: Etcd Enable authentication call: http-gateway-auth.authenable outputParameters: - type: object mapping: $. - path: /v1/auth/role/add name: auth-role-add description: REST surface for auth-role-add. operations: - method: POST name: authroleadd description: Etcd Add a role call: http-gateway-auth.authroleadd with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/role/delete name: auth-role-delete description: REST surface for auth-role-delete. operations: - method: POST name: authroledelete description: Etcd Delete a role call: http-gateway-auth.authroledelete with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/role/get name: auth-role-get description: REST surface for auth-role-get. operations: - method: POST name: authroleget description: Etcd Get role details call: http-gateway-auth.authroleget with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/role/grant name: auth-role-grant description: REST surface for auth-role-grant. operations: - method: POST name: authrolegrantpermission description: Etcd Grant a permission to a role call: http-gateway-auth.authrolegrantpermission with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/role/list name: auth-role-list description: REST surface for auth-role-list. operations: - method: POST name: authrolelist description: Etcd List all roles call: http-gateway-auth.authrolelist outputParameters: - type: object mapping: $. - path: /v1/auth/role/revoke name: auth-role-revoke description: REST surface for auth-role-revoke. operations: - method: POST name: authrolerevokepermission description: Etcd Revoke a permission from a role call: http-gateway-auth.authrolerevokepermission with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/user/add name: auth-user-add description: REST surface for auth-user-add. operations: - method: POST name: authuseradd description: Etcd Add a user call: http-gateway-auth.authuseradd with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/user/changepw name: auth-user-changepw description: REST surface for auth-user-changepw. operations: - method: POST name: authuserchangepassword description: Etcd Change a user's password call: http-gateway-auth.authuserchangepassword with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/user/delete name: auth-user-delete description: REST surface for auth-user-delete. operations: - method: POST name: authuserdelete description: Etcd Delete a user call: http-gateway-auth.authuserdelete with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/user/get name: auth-user-get description: REST surface for auth-user-get. operations: - method: POST name: authuserget description: Etcd Get user details call: http-gateway-auth.authuserget with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/user/grant name: auth-user-grant description: REST surface for auth-user-grant. operations: - method: POST name: authusergrantrole description: Etcd Grant a role to a user call: http-gateway-auth.authusergrantrole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/auth/user/list name: auth-user-list description: REST surface for auth-user-list. operations: - method: POST name: authuserlist description: Etcd List all users call: http-gateway-auth.authuserlist outputParameters: - type: object mapping: $. - path: /v1/auth/user/revoke name: auth-user-revoke description: REST surface for auth-user-revoke. operations: - method: POST name: authuserrevokerole description: Etcd Revoke a role from a user call: http-gateway-auth.authuserrevokerole with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: http-gateway-auth-mcp port: 9090 transport: http description: MCP adapter for etcd HTTP Gateway API — Auth. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: etcd-authenticate-user description: Etcd Authenticate a user hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authauthenticate with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-disable-authentication description: Etcd Disable authentication hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authdisable outputParameters: - type: object mapping: $. - name: etcd-enable-authentication description: Etcd Enable authentication hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authenable outputParameters: - type: object mapping: $. - name: etcd-add-role description: Etcd Add a role hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authroleadd with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-delete-role description: Etcd Delete a role hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authroledelete with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-get-role-details description: Etcd Get role details hints: readOnly: true destructive: false idempotent: false call: http-gateway-auth.authroleget with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-grant-permission-role description: Etcd Grant a permission to a role hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authrolegrantpermission with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-list-all-roles description: Etcd List all roles hints: readOnly: true destructive: false idempotent: false call: http-gateway-auth.authrolelist outputParameters: - type: object mapping: $. - name: etcd-revoke-permission-role description: Etcd Revoke a permission from a role hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authrolerevokepermission with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-add-user description: Etcd Add a user hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authuseradd with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-change-user-s-password description: Etcd Change a user's password hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authuserchangepassword with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-delete-user description: Etcd Delete a user hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authuserdelete with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-get-user-details description: Etcd Get user details hints: readOnly: true destructive: false idempotent: false call: http-gateway-auth.authuserget with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-grant-role-user description: Etcd Grant a role to a user hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authusergrantrole with: body: tools.body outputParameters: - type: object mapping: $. - name: etcd-list-all-users description: Etcd List all users hints: readOnly: true destructive: false idempotent: false call: http-gateway-auth.authuserlist outputParameters: - type: object mapping: $. - name: etcd-revoke-role-user description: Etcd Revoke a role from a user hints: readOnly: false destructive: false idempotent: false call: http-gateway-auth.authuserrevokerole with: body: tools.body outputParameters: - type: object mapping: $.