Red Hat SummitChapter 52. RoleService
52.1. ComputeEffectiveAccessScope
POST /v1/computeeffectiveaccessscope
ComputeEffectiveAccessScope
52.1.1. Description
Returns effective access scope based on the rules in the request. Does not persist anything; not idempotent due to possible changes to clusters and namespaces. POST is chosen due to potentially large payload. There are advantages in both keeping the response slim and detailed. If only IDs of selected clusters and namespaces are included, response latency and processing time are lower but the caller shall overlay the response with its view of the world which is susceptible to consistency issues. Listing all clusters and namespaces with related metadata is convenient for the caller but bloat the message with secondary data. We let the caller decide what level of detail they would like to have: - Minimal, when only roots of included subtrees are listed by their IDs. Clusters can be either INCLUDED (its namespaces are included but are not listed) or PARTIAL (at least one namespace is explicitly included). Namespaces can only be INCLUDED. - Standard [default], when all known clusters and namespaces are listed with their IDs and names. Clusters can be INCLUDED (all its namespaces are explicitly listed as INCLUDED), PARTIAL (all its namespaces are explicitly listed, some as INCLUDED and some as EXCLUDED), and EXCLUDED (all its namespaces are explicitly listed as EXCLUDED). Namespaces can be either INCLUDED or EXCLUDED. - High, when every cluster and namespace is augmented with metadata.
52.1.2. Parameters
52.1.2.1. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
52.1.2.2. Query Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| detail | - | STANDARD |
52.1.3. Return Type
52.1.4. Content Type
- application/json
52.1.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.1.6. Samples
52.1.7. Common object reference
52.1.7.1. ComputeEffectiveAccessScopeRequestPayload
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| simpleRules |
52.1.7.2. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.1.7.2.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.1.7.3. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.1.7.4. SimpleAccessScopeRules
Each element of any repeated field is an individual rule. Rules are joined by logical OR: if there exists a rule allowing resource x, x is in the access scope.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| includedClusters |
List of | ||||
| includedNamespaces | List of SimpleAccessScopeRulesNamespace | ||||
| clusterLabelSelectors | List of StorageSetBasedLabelSelector | ||||
| namespaceLabelSelectors | List of StorageSetBasedLabelSelector |
52.1.7.5. SimpleAccessScopeRulesNamespace
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| clusterName | String | Both fields must be set. | |||
| namespaceName | String |
52.1.7.6. StorageEffectiveAccessScope
EffectiveAccessScope describes which clusters and namespaces are "in scope" given current state. Basically, if AccessScope is applied to the currently known clusters and namespaces, the result is EffectiveAccessScope.
EffectiveAccessScope represents a tree with nodes marked as included and excluded. If a node is included, all its child nodes are included.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| clusters |
52.1.7.7. StorageEffectiveAccessScopeCluster
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String | ||||
| name | String | ||||
| state | UNKNOWN, INCLUDED, EXCLUDED, PARTIAL, | ||||
| labels |
Map of | ||||
| namespaces |
52.1.7.8. StorageEffectiveAccessScopeNamespace
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String | ||||
| name | String | ||||
| state | UNKNOWN, INCLUDED, EXCLUDED, PARTIAL, | ||||
| labels |
Map of |
52.1.7.9. StorageEffectiveAccessScopeState
| Enum Values |
|---|
| UNKNOWN |
| INCLUDED |
| EXCLUDED |
| PARTIAL |
52.1.7.10. StorageSetBasedLabelSelector
SetBasedLabelSelector only allows set-based label requirements.
Next available tag: 3
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| requirements |
52.1.7.11. StorageSetBasedLabelSelectorOperator
| Enum Values |
|---|
| UNKNOWN |
| IN |
| NOT_IN |
| EXISTS |
| NOT_EXISTS |
52.1.7.12. StorageSetBasedLabelSelectorRequirement
Next available tag: 4| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| key | String | ||||
| op | UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS, | ||||
| values |
List of |
52.2. GetMyPermissions
GET /v1/mypermissions
52.2.1. Description
52.2.2. Parameters
52.2.3. Return Type
52.2.4. Content Type
- application/json
52.2.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.2.6. Samples
52.2.7. Common object reference
52.2.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.2.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.2.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.2.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.2.7.4. V1GetPermissionsResponse
GetPermissionsResponse is wire-compatible with the old format of the Role message and represents a collection of aggregated permissions.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| resourceToAccess | Map of StorageAccess |
52.3. ListPermissionSets
GET /v1/permissionsets
52.3.1. Description
52.3.2. Parameters
52.3.3. Return Type
52.3.4. Content Type
- application/json
52.3.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.3.6. Samples
52.3.7. Common object reference
52.3.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.3.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.3.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.3.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.3.7.4. StoragePermissionSet
This encodes a set of permissions for StackRox resources.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String | id is generated and cannot be changed. | |||
| name | String |
| |||
| description | String | ||||
| resourceToAccess | Map of StorageAccess | ||||
| traits |
52.3.7.5. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.3.7.6. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.3.7.7. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.3.7.8. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.3.7.9. V1ListPermissionSetsResponse
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| permissionSets | List of StoragePermissionSet |
52.4. DeletePermissionSet
DELETE /v1/permissionsets/{id}
52.4.1. Description
52.4.2. Parameters
52.4.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
52.4.3. Return Type
Object
52.4.4. Content Type
- application/json
52.4.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
52.4.6. Samples
52.4.7. Common object reference
52.4.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.4.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.4.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.5. GetPermissionSet
GET /v1/permissionsets/{id}
52.5.1. Description
52.5.2. Parameters
52.5.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
52.5.3. Return Type
52.5.4. Content Type
- application/json
52.5.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.5.6. Samples
52.5.7. Common object reference
52.5.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.5.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.5.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.5.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.5.7.4. StoragePermissionSet
This encodes a set of permissions for StackRox resources.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String | id is generated and cannot be changed. | |||
| name | String |
| |||
| description | String | ||||
| resourceToAccess | Map of StorageAccess | ||||
| traits |
52.5.7.5. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.5.7.6. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.5.7.7. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.5.7.8. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.6. PutPermissionSet
PUT /v1/permissionsets/{id}
52.6.1. Description
52.6.2. Parameters
52.6.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | id is generated and cannot be changed. | X | null |
52.6.2.2. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
52.6.3. Return Type
Object
52.6.4. Content Type
- application/json
52.6.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
52.6.6. Samples
52.6.7. Common object reference
52.6.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.6.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.6.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.6.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.6.7.4. StoragePermissionSet
This encodes a set of permissions for StackRox resources.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String | id is generated and cannot be changed. | |||
| name | String |
| |||
| description | String | ||||
| resourceToAccess | Map of StorageAccess | ||||
| traits |
52.6.7.5. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.6.7.6. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.6.7.7. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.6.7.8. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.7. PostPermissionSet
POST /v1/permissionsets
PostPermissionSet
52.7.1. Description
PermissionSet.id is disallowed in request and set in response.
52.7.2. Parameters
52.7.2.1. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
52.7.3. Return Type
52.7.4. Content Type
- application/json
52.7.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.7.6. Samples
52.7.7. Common object reference
52.7.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.7.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.7.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.7.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.7.7.4. StoragePermissionSet
This encodes a set of permissions for StackRox resources.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String | id is generated and cannot be changed. | |||
| name | String |
| |||
| description | String | ||||
| resourceToAccess | Map of StorageAccess | ||||
| traits |
52.7.7.5. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.7.7.6. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.7.7.7. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.7.7.8. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.8. GetResources
GET /v1/resources
52.8.1. Description
52.8.2. Parameters
52.8.3. Return Type
52.8.4. Content Type
- application/json
52.8.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.8.6. Samples
52.8.7. Common object reference
52.8.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.8.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.8.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.8.7.3. V1GetResourcesResponse
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| resources |
List of |
52.9. GetRoles
GET /v1/roles
52.9.1. Description
52.9.2. Parameters
52.9.3. Return Type
52.9.4. Content Type
- application/json
52.9.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.9.6. Samples
52.9.7. Common object reference
52.9.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.9.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.9.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.9.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.9.7.4. StorageRole
A role specifies which actions are allowed for which subset of cluster objects. Permissions be can either specified directly via setting resource_to_access together with global_access or by referencing a permission set by its id in permission_set_name.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| name | String |
| |||
| description | String | ||||
| permissionSetId | String | The associated PermissionSet and AccessScope for this Role. | |||
| accessScopeId | String | ||||
| globalAccess | NO_ACCESS, READ_ACCESS, READ_WRITE_ACCESS, | ||||
| resourceToAccess | Map of StorageAccess |
Deprecated 2021-04-20 in favor of | |||
| traits |
52.9.7.5. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.9.7.6. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.9.7.7. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.9.7.8. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.9.7.9. V1GetRolesResponse
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| roles | List of StorageRole |
52.10. DeleteRole
DELETE /v1/roles/{id}
52.10.1. Description
52.10.2. Parameters
52.10.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
52.10.3. Return Type
Object
52.10.4. Content Type
- application/json
52.10.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
52.10.6. Samples
52.10.7. Common object reference
52.10.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.10.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.10.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.11. GetRole
GET /v1/roles/{id}
52.11.1. Description
52.11.2. Parameters
52.11.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
52.11.3. Return Type
52.11.4. Content Type
- application/json
52.11.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.11.6. Samples
52.11.7. Common object reference
52.11.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.11.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.11.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.11.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.11.7.4. StorageRole
A role specifies which actions are allowed for which subset of cluster objects. Permissions be can either specified directly via setting resource_to_access together with global_access or by referencing a permission set by its id in permission_set_name.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| name | String |
| |||
| description | String | ||||
| permissionSetId | String | The associated PermissionSet and AccessScope for this Role. | |||
| accessScopeId | String | ||||
| globalAccess | NO_ACCESS, READ_ACCESS, READ_WRITE_ACCESS, | ||||
| resourceToAccess | Map of StorageAccess |
Deprecated 2021-04-20 in favor of | |||
| traits |
52.11.7.5. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.11.7.6. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.11.7.7. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.11.7.8. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.12. CreateRole
POST /v1/roles/{name}
52.12.1. Description
52.12.2. Parameters
52.12.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| name | X | null |
52.12.2.2. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
52.12.3. Return Type
Object
52.12.4. Content Type
- application/json
52.12.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
52.12.6. Samples
52.12.7. Common object reference
52.12.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.12.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.12.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.12.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.12.7.4. StorageRole
A role specifies which actions are allowed for which subset of cluster objects. Permissions be can either specified directly via setting resource_to_access together with global_access or by referencing a permission set by its id in permission_set_name.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| name | String |
| |||
| description | String | ||||
| permissionSetId | String | The associated PermissionSet and AccessScope for this Role. | |||
| accessScopeId | String | ||||
| globalAccess | NO_ACCESS, READ_ACCESS, READ_WRITE_ACCESS, | ||||
| resourceToAccess | Map of StorageAccess |
Deprecated 2021-04-20 in favor of | |||
| traits |
52.12.7.5. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.12.7.6. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.12.7.7. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.12.7.8. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.13. UpdateRole
PUT /v1/roles/{name}
52.13.1. Description
52.13.2. Parameters
52.13.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| name | `name` and `description` are provided by the user and can be changed. | X | null |
52.13.2.2. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
52.13.3. Return Type
Object
52.13.4. Content Type
- application/json
52.13.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
52.13.6. Samples
52.13.7. Common object reference
52.13.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.13.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.13.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.13.7.3. StorageAccess
| Enum Values |
|---|
| NO_ACCESS |
| READ_ACCESS |
| READ_WRITE_ACCESS |
52.13.7.4. StorageRole
A role specifies which actions are allowed for which subset of cluster objects. Permissions be can either specified directly via setting resource_to_access together with global_access or by referencing a permission set by its id in permission_set_name.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| name | String |
| |||
| description | String | ||||
| permissionSetId | String | The associated PermissionSet and AccessScope for this Role. | |||
| accessScopeId | String | ||||
| globalAccess | NO_ACCESS, READ_ACCESS, READ_WRITE_ACCESS, | ||||
| resourceToAccess | Map of StorageAccess |
Deprecated 2021-04-20 in favor of | |||
| traits |
52.13.7.5. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.13.7.6. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.13.7.7. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.13.7.8. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.14. GetNamespacesForClusterAndPermissions
GET /v1/sac/clusters/{clusterId}/namespaces
GetNamespacesForClusterAndPermissions
52.14.1. Description
Returns the list of namespace ID and namespace name pairs that belong to the requested cluster and for which the user has at least read access granted for the list of requested permissions that have namespace scope or narrower (i.e. global and cluster permissions from the input are ignored). If the input only contains permissions at global or cluster level, the output will be an empty list. If no permission is given in input, all namespaces allowed by the requester scope for any permission with namespace scope or narrower will be part of the response.
52.14.2. Parameters
52.14.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| clusterId | X | null |
52.14.2.2. Query Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| permissions |
| - | null |
52.14.3. Return Type
52.14.4. Content Type
- application/json
52.14.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.14.6. Samples
52.14.7. Common object reference
52.14.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.14.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.14.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.14.7.3. V1GetNamespacesForClusterAndPermissionsResponse
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| namespaces | List of V1ScopeObject |
52.14.7.4. V1ScopeObject
ScopeObject represents an ID, name pair, which can apply to any entity that takes part in an access scope (so far Cluster and Namespace).
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String | ||||
| name | String |
52.15. GetClustersForPermissions
GET /v1/sac/clusters
GetClustersForPermissions
52.15.1. Description
Returns the list of cluster ID and cluster name pairs that have at least read allowed by the scope of the requesting user for the list of requested permissions. Effective access scopes are only considered for input permissions that have cluster scope or narrower (i.e. global permissions from the input are ignored). If the input only contains permissions at global level, the output will be an empty list. If no permission is given in input, all clusters allowed by the requester scope for any permission with cluster scope or narrower will be part of the response.
52.15.2. Parameters
52.15.2.1. Query Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| pagination.limit | - | null | ||
| pagination.offset | - | null | ||
| pagination.sortOption.field | - | null | ||
| pagination.sortOption.reversed | - | null | ||
| pagination.sortOption.aggregateBy.aggrFunc | - | UNSET | ||
| pagination.sortOption.aggregateBy.distinct | - | null | ||
| permissions |
| - | null |
52.15.3. Return Type
52.15.4. Content Type
- application/json
52.15.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.15.6. Samples
52.15.7. Common object reference
52.15.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.15.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.15.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.15.7.3. V1GetClustersForPermissionsResponse
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| clusters | List of V1ScopeObject |
52.15.7.4. V1ScopeObject
ScopeObject represents an ID, name pair, which can apply to any entity that takes part in an access scope (so far Cluster and Namespace).
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String | ||||
| name | String |
52.16. ListSimpleAccessScopes
GET /v1/simpleaccessscopes
52.16.1. Description
52.16.2. Parameters
52.16.3. Return Type
52.16.4. Content Type
- application/json
52.16.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.16.6. Samples
52.16.7. Common object reference
52.16.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.16.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.16.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.16.7.3. SimpleAccessScopeRules
Each element of any repeated field is an individual rule. Rules are joined by logical OR: if there exists a rule allowing resource x, x is in the access scope.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| includedClusters |
List of | ||||
| includedNamespaces | List of SimpleAccessScopeRulesNamespace | ||||
| clusterLabelSelectors | List of StorageSetBasedLabelSelector | ||||
| namespaceLabelSelectors | List of StorageSetBasedLabelSelector |
52.16.7.4. SimpleAccessScopeRulesNamespace
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| clusterName | String | Both fields must be set. | |||
| namespaceName | String |
52.16.7.5. StorageSetBasedLabelSelector
SetBasedLabelSelector only allows set-based label requirements.
Next available tag: 3
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| requirements |
52.16.7.6. StorageSetBasedLabelSelectorOperator
| Enum Values |
|---|
| UNKNOWN |
| IN |
| NOT_IN |
| EXISTS |
| NOT_EXISTS |
52.16.7.7. StorageSetBasedLabelSelectorRequirement
Next available tag: 4| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| key | String | ||||
| op | UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS, | ||||
| values |
List of |
52.16.7.8. StorageSimpleAccessScope
Simple access scope is a (simple) selection criteria for scoped resources. It does not allow multi-component AND-rules nor set operations on names.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String |
| |||
| name | String |
| |||
| description | String | ||||
| rules | |||||
| traits |
52.16.7.9. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.16.7.10. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.16.7.11. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.16.7.12. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.16.7.13. V1ListSimpleAccessScopesResponse
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| accessScopes | List of StorageSimpleAccessScope |
52.17. DeleteSimpleAccessScope
DELETE /v1/simpleaccessscopes/{id}
52.17.1. Description
52.17.2. Parameters
52.17.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
52.17.3. Return Type
Object
52.17.4. Content Type
- application/json
52.17.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
52.17.6. Samples
52.17.7. Common object reference
52.17.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.17.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.17.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.18. GetSimpleAccessScope
GET /v1/simpleaccessscopes/{id}
52.18.1. Description
52.18.2. Parameters
52.18.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
52.18.3. Return Type
52.18.4. Content Type
- application/json
52.18.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.18.6. Samples
52.18.7. Common object reference
52.18.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.18.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.18.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.18.7.3. SimpleAccessScopeRules
Each element of any repeated field is an individual rule. Rules are joined by logical OR: if there exists a rule allowing resource x, x is in the access scope.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| includedClusters |
List of | ||||
| includedNamespaces | List of SimpleAccessScopeRulesNamespace | ||||
| clusterLabelSelectors | List of StorageSetBasedLabelSelector | ||||
| namespaceLabelSelectors | List of StorageSetBasedLabelSelector |
52.18.7.4. SimpleAccessScopeRulesNamespace
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| clusterName | String | Both fields must be set. | |||
| namespaceName | String |
52.18.7.5. StorageSetBasedLabelSelector
SetBasedLabelSelector only allows set-based label requirements.
Next available tag: 3
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| requirements |
52.18.7.6. StorageSetBasedLabelSelectorOperator
| Enum Values |
|---|
| UNKNOWN |
| IN |
| NOT_IN |
| EXISTS |
| NOT_EXISTS |
52.18.7.7. StorageSetBasedLabelSelectorRequirement
Next available tag: 4| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| key | String | ||||
| op | UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS, | ||||
| values |
List of |
52.18.7.8. StorageSimpleAccessScope
Simple access scope is a (simple) selection criteria for scoped resources. It does not allow multi-component AND-rules nor set operations on names.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String |
| |||
| name | String |
| |||
| description | String | ||||
| rules | |||||
| traits |
52.18.7.9. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.18.7.10. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.18.7.11. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.18.7.12. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.19. PutSimpleAccessScope
PUT /v1/simpleaccessscopes/{id}
52.19.1. Description
52.19.2. Parameters
52.19.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | `id` is generated and cannot be changed. | X | null |
52.19.2.2. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
52.19.3. Return Type
Object
52.19.4. Content Type
- application/json
52.19.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
52.19.6. Samples
52.19.7. Common object reference
52.19.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.19.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.19.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.19.7.3. SimpleAccessScopeRules
Each element of any repeated field is an individual rule. Rules are joined by logical OR: if there exists a rule allowing resource x, x is in the access scope.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| includedClusters |
List of | ||||
| includedNamespaces | List of SimpleAccessScopeRulesNamespace | ||||
| clusterLabelSelectors | List of StorageSetBasedLabelSelector | ||||
| namespaceLabelSelectors | List of StorageSetBasedLabelSelector |
52.19.7.4. SimpleAccessScopeRulesNamespace
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| clusterName | String | Both fields must be set. | |||
| namespaceName | String |
52.19.7.5. StorageSetBasedLabelSelector
SetBasedLabelSelector only allows set-based label requirements.
Next available tag: 3
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| requirements |
52.19.7.6. StorageSetBasedLabelSelectorOperator
| Enum Values |
|---|
| UNKNOWN |
| IN |
| NOT_IN |
| EXISTS |
| NOT_EXISTS |
52.19.7.7. StorageSetBasedLabelSelectorRequirement
Next available tag: 4| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| key | String | ||||
| op | UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS, | ||||
| values |
List of |
52.19.7.8. StorageSimpleAccessScope
Simple access scope is a (simple) selection criteria for scoped resources. It does not allow multi-component AND-rules nor set operations on names.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String |
| |||
| name | String |
| |||
| description | String | ||||
| rules | |||||
| traits |
52.19.7.9. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.19.7.10. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.19.7.11. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.19.7.12. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
52.20. PostSimpleAccessScope
POST /v1/simpleaccessscopes
PostSimpleAccessScope
52.20.1. Description
SimpleAccessScope.id is disallowed in request and set in response.
52.20.2. Parameters
52.20.2.1. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
52.20.3. Return Type
52.20.4. Content Type
- application/json
52.20.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
52.20.6. Samples
52.20.7. Common object reference
52.20.7.1. ProtobufAny
Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.
Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.
Example 1: Pack and unpack a message in C++.
Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
...
}Example 2: Pack and unpack a message in Java.
Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
foo = any.unpack(Foo.getDefaultInstance());
}Example 3: Pack and unpack a message in Python.foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
any.Unpack(foo)
...Example 4: Pack and unpack a message in Gofoo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
...
}The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".
52.20.7.1.1. JSON representation
The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:
package google.profile;
message Person {
string first_name = 1;
string last_name = 2;
}{
"@type": "type.googleapis.com/google.profile.Person",
"firstName": <string>,
"lastName": <string>
}
If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):
{
"@type": "type.googleapis.com/google.protobuf.Duration",
"value": "1.212s"
}| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| typeUrl | String |
A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in | |||
| value | byte[] | Must be a valid serialized protocol buffer of the above specified type. | byte |
52.20.7.2. RuntimeError
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| error | String | ||||
| code | Integer | int32 | |||
| message | String | ||||
| details | List of ProtobufAny |
52.20.7.3. SimpleAccessScopeRules
Each element of any repeated field is an individual rule. Rules are joined by logical OR: if there exists a rule allowing resource x, x is in the access scope.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| includedClusters |
List of | ||||
| includedNamespaces | List of SimpleAccessScopeRulesNamespace | ||||
| clusterLabelSelectors | List of StorageSetBasedLabelSelector | ||||
| namespaceLabelSelectors | List of StorageSetBasedLabelSelector |
52.20.7.4. SimpleAccessScopeRulesNamespace
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| clusterName | String | Both fields must be set. | |||
| namespaceName | String |
52.20.7.5. StorageSetBasedLabelSelector
SetBasedLabelSelector only allows set-based label requirements.
Next available tag: 3
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| requirements |
52.20.7.6. StorageSetBasedLabelSelectorOperator
| Enum Values |
|---|
| UNKNOWN |
| IN |
| NOT_IN |
| EXISTS |
| NOT_EXISTS |
52.20.7.7. StorageSetBasedLabelSelectorRequirement
Next available tag: 4| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| key | String | ||||
| op | UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS, | ||||
| values |
List of |
52.20.7.8. StorageSimpleAccessScope
Simple access scope is a (simple) selection criteria for scoped resources. It does not allow multi-component AND-rules nor set operations on names.
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| id | String |
| |||
| name | String |
| |||
| description | String | ||||
| rules | |||||
| traits |
52.20.7.9. StorageTraits
| Field Name | Required | Nullable | Type | Description | Format |
|---|---|---|---|---|---|
| mutabilityMode | ALLOW_MUTATE, ALLOW_MUTATE_FORCED, | ||||
| visibility | VISIBLE, HIDDEN, | ||||
| origin | IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED, |
52.20.7.10. TraitsMutabilityMode
EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.
Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.
| Enum Values |
|---|
| ALLOW_MUTATE |
| ALLOW_MUTATE_FORCED |
52.20.7.11. TraitsOrigin
Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.
| Enum Values |
|---|
| IMPERATIVE |
| DEFAULT |
| DECLARATIVE |
| DECLARATIVE_ORPHANED |
52.20.7.12. TraitsVisibility
EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.
| Enum Values |
|---|
| VISIBLE |
| HIDDEN |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}