naftiko: 1.0.0-alpha2 info: label: Rancher Access Control description: Workflow capability for managing users, roles, tokens, and access policies in Rancher. Enables platform administrators to provision users, assign role templates, manage API tokens, and enforce RBAC across multi-cluster environments. tags: - Access Control - RBAC - Users - Tokens - Kubernetes - Rancher created: '2026-05-02' modified: '2026-05-06' binds: - namespace: env keys: RANCHER_BEARER_TOKEN: RANCHER_BEARER_TOKEN RANCHER_HOST: RANCHER_HOST capability: consumes: - type: http namespace: rancher baseUri: https://{{RANCHER_HOST}}/v3 description: Rancher v3 Management API. authentication: type: bearer token: '{{RANCHER_BEARER_TOKEN}}' resources: - name: clusters path: /clusters description: Downstream Kubernetes clusters managed by Rancher. operations: - name: list-clusters method: GET description: List all clusters managed by Rancher. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-cluster method: POST description: Provision a new cluster. outputRawFormat: json outputParameters: - name: result type: object value: $. body: type: json data: name: '{{tools.name}}' description: '{{tools.description}}' kubernetesVersion: '{{tools.kubernetesVersion}}' provider: '{{tools.provider}}' - name: cluster path: /clusters/{id} description: Single cluster resource. operations: - name: get-cluster method: GET description: Retrieve a single cluster by ID. inputParameters: - name: id in: path type: string required: true description: Cluster identifier. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: delete-cluster method: DELETE description: Remove a cluster from Rancher management. inputParameters: - name: id in: path type: string required: true description: Cluster identifier. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects path: /projects description: Rancher projects grouping namespaces. operations: - name: list-projects method: GET description: List all projects. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-project method: POST description: Create a new project. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: nodes path: /nodes description: Cluster nodes. operations: - name: list-nodes method: GET description: List all nodes. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: users path: /users description: Rancher users. operations: - name: list-users method: GET description: List all users. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: tokens path: /tokens description: API tokens. operations: - name: list-tokens method: GET description: List all API tokens. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: create-token method: POST description: Create a new API token. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: catalogs path: /catalogs description: Helm chart catalogs. operations: - name: list-catalogs method: GET description: List registered Helm catalogs. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: apps path: /apps description: Deployed Helm applications. operations: - name: list-apps method: GET description: List deployed apps. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: role-templates path: /roleTemplates description: Role templates for RBAC. operations: - name: list-role-templates method: GET description: List all role templates. outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8081 namespace: rancher-access-control-api description: Unified REST API for Rancher access control management. resources: - path: /v1/users name: users description: Rancher user accounts. operations: - method: GET name: list-users description: List all users. call: rancher.list-users outputParameters: - type: object mapping: $. - path: /v1/tokens name: tokens description: API tokens. operations: - method: GET name: list-tokens description: List all API tokens. call: rancher.list-tokens outputParameters: - type: object mapping: $. - method: POST name: create-token description: Create a new API token. call: rancher.create-token outputParameters: - type: object mapping: $. - path: /v1/role-templates name: role-templates description: RBAC role templates. operations: - method: GET name: list-role-templates description: List all role templates. call: rancher.list-role-templates outputParameters: - type: object mapping: $. - type: mcp port: 9081 namespace: rancher-access-control-mcp transport: http description: MCP server for AI-assisted access control management in Rancher. tools: - name: list-users description: List all Rancher users with their enabled status and login information. hints: readOnly: true openWorld: true call: rancher.list-users outputParameters: - type: object mapping: $. - name: list-tokens description: List all API tokens issued in Rancher, including their expiry and description. hints: readOnly: true openWorld: true call: rancher.list-tokens outputParameters: - type: object mapping: $. - name: create-token description: Create a new API token for programmatic access to the Rancher API. hints: readOnly: false destructive: false call: rancher.create-token outputParameters: - type: object mapping: $. - name: list-role-templates description: List all RBAC role templates defining permissions across clusters and projects. hints: readOnly: true openWorld: true call: rancher.list-role-templates outputParameters: - type: object mapping: $.