Red Hat SummitChapter 58. Role Service
58.1. Role Service
58.1.1. ComputeEffectiveAccessScope
POST /v1/computeeffectiveaccessscope
ComputeEffectiveAccessScope
58.1.1.1. Description
Returns effective access scope based on the rules in the request. Does not persist anything; not idempotent due to possible changes to clusters and namespaces. POST is chosen due to potentially large payload. There are advantages in both keeping the response slim and detailed. If only IDs of selected clusters and namespaces are included, response latency and processing time are lower but the caller shall overlay the response with its view of the world which is susceptible to consistency issues. Listing all clusters and namespaces with related metadata is convenient for the caller but bloat the message with secondary data. We let the caller decide what level of detail they would like to have: - Minimal, when only roots of included subtrees are listed by their IDs. Clusters can be either INCLUDED (its namespaces are included but are not listed) or PARTIAL (at least one namespace is explicitly included). Namespaces can only be INCLUDED. - Standard [default], when all known clusters and namespaces are listed with their IDs and names. Clusters can be INCLUDED (all its namespaces are explicitly listed as INCLUDED), PARTIAL (all its namespaces are explicitly listed, some as INCLUDED and some as EXCLUDED), and EXCLUDED (all its namespaces are explicitly listed as EXCLUDED). Namespaces can be either INCLUDED or EXCLUDED. - High, when every cluster and namespace is augmented with metadata.
58.1.1.2. Parameters
58.1.1.2.1. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| accessScope | X |
58.1.1.2.2. Query Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| detail | - | STANDARD |
58.1.1.3. Return Type
58.1.1.4. Content Type
- application/json
58.1.1.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.1.6. Samples
58.1.2. CreateRole
POST /v1/roles/{name}
58.1.2.1. Description
58.1.2.2. Parameters
58.1.2.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| name | X | null |
58.1.2.2.2. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| role | X |
58.1.2.3. Return Type
Object
58.1.2.4. Content Type
- application/json
58.1.2.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
58.1.2.6. Samples
58.1.3. DeletePermissionSet
DELETE /v1/permissionsets/{id}
58.1.3.1. Description
58.1.3.2. Parameters
58.1.3.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
58.1.3.3. Return Type
Object
58.1.3.4. Content Type
- application/json
58.1.3.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
58.1.3.6. Samples
58.1.4. DeleteRole
DELETE /v1/roles/{id}
58.1.4.1. Description
58.1.4.2. Parameters
58.1.4.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
58.1.4.3. Return Type
Object
58.1.4.4. Content Type
- application/json
58.1.4.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
58.1.4.6. Samples
58.1.5. DeleteSimpleAccessScope
DELETE /v1/simpleaccessscopes/{id}
58.1.5.1. Description
58.1.5.2. Parameters
58.1.5.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
58.1.5.3. Return Type
Object
58.1.5.4. Content Type
- application/json
58.1.5.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
58.1.5.6. Samples
58.1.6. GetClustersForPermissions
GET /v1/sac/clusters
GetClustersForPermissions
58.1.6.1. Description
Returns the list of cluster ID and cluster name pairs that have at least read allowed by the scope of the requesting user for the list of requested permissions. Effective access scopes are only considered for input permissions that have cluster scope or narrower (i.e. global permissions from the input are ignored). If the input only contains permissions at global level, the output will be an empty list. If no permission is given in input, all clusters allowed by the requester scope for any permission with cluster scope or narrower will be part of the response.
58.1.6.2. Parameters
58.1.6.2.1. Query Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| pagination.limit | - | null | ||
| pagination.offset | - | null | ||
| pagination.sortOption.field | - | null | ||
| pagination.sortOption.reversed | - | null | ||
| pagination.sortOption.aggregateBy.aggrFunc | - | UNSET | ||
| pagination.sortOption.aggregateBy.distinct | - | null | ||
| permissions |
| - | null |
58.1.6.3. Return Type
58.1.6.4. Content Type
- application/json
58.1.6.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.6.6. Samples
58.1.7. GetMyPermissions
GET /v1/mypermissions
58.1.7.1. Description
58.1.7.2. Parameters
58.1.7.3. Return Type
58.1.7.4. Content Type
- application/json
58.1.7.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.7.6. Samples
58.1.8. GetNamespacesForClusterAndPermissions
GET /v1/sac/clusters/{clusterId}/namespaces
GetNamespacesForClusterAndPermissions
58.1.8.1. Description
Returns the list of namespace ID and namespace name pairs that belong to the requested cluster and for which the user has at least read access granted for the list of requested permissions that have namespace scope or narrower (i.e. global and cluster permissions from the input are ignored). If the input only contains permissions at global or cluster level, the output will be an empty list. If no permission is given in input, all namespaces allowed by the requester scope for any permission with namespace scope or narrower will be part of the response.
58.1.8.2. Parameters
58.1.8.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| clusterId | X | null |
58.1.8.2.2. Query Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| permissions |
| - | null |
58.1.8.3. Return Type
58.1.8.4. Content Type
- application/json
58.1.8.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.8.6. Samples
58.1.9. GetPermissionSet
GET /v1/permissionsets/{id}
58.1.9.1. Description
58.1.9.2. Parameters
58.1.9.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
58.1.9.3. Return Type
58.1.9.4. Content Type
- application/json
58.1.9.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.9.6. Samples
58.1.10. GetResources
GET /v1/resources
58.1.10.1. Description
58.1.10.2. Parameters
58.1.10.3. Return Type
58.1.10.4. Content Type
- application/json
58.1.10.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.10.6. Samples
58.1.11. GetRole
GET /v1/roles/{id}
58.1.11.1. Description
58.1.11.2. Parameters
58.1.11.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
58.1.11.3. Return Type
58.1.11.4. Content Type
- application/json
58.1.11.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.11.6. Samples
58.1.12. GetRoles
GET /v1/roles
58.1.12.1. Description
58.1.12.2. Parameters
58.1.12.3. Return Type
58.1.12.4. Content Type
- application/json
58.1.12.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.12.6. Samples
58.1.13. GetSimpleAccessScope
GET /v1/simpleaccessscopes/{id}
58.1.13.1. Description
58.1.13.2. Parameters
58.1.13.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | X | null |
58.1.13.3. Return Type
58.1.13.4. Content Type
- application/json
58.1.13.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.13.6. Samples
58.1.14. ListPermissionSets
GET /v1/permissionsets
58.1.14.1. Description
58.1.14.2. Parameters
58.1.14.3. Return Type
58.1.14.4. Content Type
- application/json
58.1.14.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.14.6. Samples
58.1.15. ListSimpleAccessScopes
GET /v1/simpleaccessscopes
58.1.15.1. Description
58.1.15.2. Parameters
58.1.15.3. Return Type
58.1.15.4. Content Type
- application/json
58.1.15.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.15.6. Samples
58.1.16. PostPermissionSet
POST /v1/permissionsets
PostPermissionSet
58.1.16.1. Description
PermissionSet.id is disallowed in request and set in response.
58.1.16.2. Parameters
58.1.16.2.1. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | This encodes a set of permissions for StackRox resources. StoragePermissionSet | X |
58.1.16.3. Return Type
58.1.16.4. Content Type
- application/json
58.1.16.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.16.6. Samples
58.1.17. PostSimpleAccessScope
POST /v1/simpleaccessscopes
PostSimpleAccessScope
58.1.17.1. Description
SimpleAccessScope.id is disallowed in request and set in response.
58.1.17.2. Parameters
58.1.17.2.1. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | Simple access scope is a (simple) selection criteria for scoped resources. It does not allow multi-component AND-rules nor set operations on names. StorageSimpleAccessScope | X |
58.1.17.3. Return Type
58.1.17.4. Content Type
- application/json
58.1.17.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. | |
| 0 | An unexpected error response. |
58.1.17.6. Samples
58.1.18. PutPermissionSet
PUT /v1/permissionsets/{id}
58.1.18.1. Description
58.1.18.2. Parameters
58.1.18.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id | id is generated and cannot be changed. | X | null |
58.1.18.2.2. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
58.1.18.3. Return Type
Object
58.1.18.4. Content Type
- application/json
58.1.18.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
58.1.18.6. Samples
58.1.19. PutSimpleAccessScope
PUT /v1/simpleaccessscopes/{id}
58.1.19.1. Description
58.1.19.2. Parameters
58.1.19.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| id |
| X | null |
58.1.19.2.2. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
58.1.19.3. Return Type
Object
58.1.19.4. Content Type
- application/json
58.1.19.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
58.1.19.6. Samples
58.1.20. UpdateRole
PUT /v1/roles/{name}
58.1.20.1. Description
58.1.20.2. Parameters
58.1.20.2.1. Path Parameters
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| name |
| X | null |
58.1.20.2.2. Body Parameter
| Name | Description | Required | Default | Pattern |
|---|---|---|---|---|
| body | X |
58.1.20.3. Return Type
Object
58.1.20.4. Content Type
- application/json
58.1.20.5. Responses
| Code | Message | Datatype |
|---|---|---|
| 200 | A successful response. |
|
| 0 | An unexpected error response. |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}