Cloud Platform Identity RBAC API v1.0.1
This API provides endpoints to perform CRUD operations an permission/role assignments.
Contact: Cloud Operations
Operations
Tag: Identity.RBAC
create-identity-rbac-permission-assignments
Operation Id: create-identity-rbac-permission-assignments
Action: POST /permission-assignments
Summary: Create a new permission assignment
Description: Create new permission assignments
Body parameter
{
"scope": "/workspaces",
"principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
"permissions": [
"workspaces.read"
]
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | IdentityRbacPermissionAssignmentCreateOrUpdateOptions | false | none |
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
201 | Created | Create or update response | IdentityRbacPermissionAssignment |
400 | Bad Request | Generic error response | Problem |
401 | Unauthorized | Generic error response | Problem |
409 | Conflict | Generic error response | Problem |
422 | Unprocessable Entity | Generic error response | Problem |
500 | Internal Server Error | Generic error response | Problem |
Note
This operation does not require authentication
Code samples
POST https://api.cloudplatform.union-investment.de/identity/permission-assignments HTTP/1.1
Host: api.cloudplatform.union-investment.de
Content-Type: application/json
Accept: application/json
# You can also use wget
curl -X POST https://api.cloudplatform.union-investment.de/identity/permission-assignments \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://api.cloudplatform.union-investment.de/identity/permission-assignments', headers = headers)
print(r.json())
list-identity-rbac-permission-assignments
Operation Id: list-identity-rbac-permission-assignments
Action: GET /permission-assignments
Summary: List permission assignments
Description: List permission assignments
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | On or more permission assignments | Inline |
400 | Bad Request | Generic error response | Problem |
401 | Unauthorized | Generic error response | Problem |
500 | Internal Server Error | Generic error response | Problem |
Status Code 200
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
anonymous | [IdentityRbacPermissionAssignment] | false | none | none |
» IdentityRbacPermissionAssignment | IdentityRbacPermissionAssignment | false | none | none |
»» id | string(uuid) | true | none | A UUID which uniquelly identifies the permission assignment. |
»» scope | IdentityRbacScope | true | none | The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}" |
»» principalId | string(uuid) | true | none | none |
»» permissions | [string] | true | none | none |
Example responses
200 Response
[
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"scope": "string",
"principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
"permissions": [
"workspaces.read"
]
}
]
Note
This operation does not require authentication
Code samples
GET https://api.cloudplatform.union-investment.de/identity/permission-assignments HTTP/1.1
Host: api.cloudplatform.union-investment.de
Accept: application/json
# You can also use wget
curl -X GET https://api.cloudplatform.union-investment.de/identity/permission-assignments \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.cloudplatform.union-investment.de/identity/permission-assignments', headers = headers)
print(r.json())
get-identity-rbac-permission-assignments
Operation Id: get-identity-rbac-permission-assignments
Action: GET /permission-assignments/{id}
Summary: Get permission assignment by ID
Description: Get a specific permission assignment by the provided ID
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
id | path | string | true | none |
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A Permission Assignment | IdentityRbacPermissionAssignment |
400 | Bad Request | Generic error response | Problem |
401 | Unauthorized | Generic error response | Problem |
404 | Not Found | Generic error response | Problem |
422 | Unprocessable Entity | Generic error response | Problem |
500 | Internal Server Error | Generic error response | Problem |
Note
This operation does not require authentication
Code samples
GET https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} HTTP/1.1
Host: api.cloudplatform.union-investment.de
Accept: application/json
# You can also use wget
curl -X GET https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} \
-H 'Accept: application/json'
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id}', headers = headers)
print(r.json())
update-identity-rbac-permission-assignments
Operation Id: update-identity-rbac-permission-assignments
Action: PATCH /permission-assignments/{id}
Summary: Update a permission assignment by ID
Description: Update an existing permission assignment by ID
Body parameter
{
"scope": "/workspaces",
"principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
"permissions": [
"workspaces.read"
]
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | IdentityRbacPermissionAssignmentCreateOrUpdateOptions | false | none |
id | path | string | true | none |
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | A Permission Assignment | IdentityRbacPermissionAssignment |
400 | Bad Request | Generic error response | Problem |
401 | Unauthorized | Generic error response | Problem |
404 | Not Found | Generic error response | Problem |
422 | Unprocessable Entity | Generic error response | Problem |
500 | Internal Server Error | Generic error response | Problem |
Note
This operation does not require authentication
Code samples
PATCH https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} HTTP/1.1
Host: api.cloudplatform.union-investment.de
Content-Type: application/json
Accept: application/json
# You can also use wget
curl -X PATCH https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.patch('https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id}', headers = headers)
print(r.json())
delete-identity-rbac-permission-assignments
Operation Id: delete-identity-rbac-permission-assignments
Action: DELETE /permission-assignments/{id}
Summary: Delete a permission assignment by ID
Description: Delete a specific permission assignment by ID
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
id | path | string | true | none |
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
204 | No Content | OK | None |
400 | Bad Request | Generic error response | Problem |
401 | Unauthorized | Generic error response | Problem |
404 | Not Found | Generic error response | Problem |
500 | Internal Server Error | Generic error response | Problem |
Note
This operation does not require authentication
Code samples
DELETE https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} HTTP/1.1
Host: api.cloudplatform.union-investment.de
Accept: application/problem+json
# You can also use wget
curl -X DELETE https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} \
-H 'Accept: application/problem+json'
import requests
headers = {
'Accept': 'application/problem+json'
}
r = requests.delete('https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id}', headers = headers)
print(r.json())
do-identity-rbac-check-permissions
Operation Id: do-identity-rbac-check-permissions
Action: POST /check-permissions
Summary: Check identity permissions
Description: Request a authorization decision based on the data provided in the request body
Body parameter
{
"service": "cloudplatform",
"data": {
"principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
"scope": "/",
"requiredPermissions": [
"generic.read"
],
"operator": "anyOf"
}
}
Parameters
Name | In | Type | Required | Description |
---|---|---|---|---|
body | body | IdentityRbacAuthorizationDecisionRequest | false | none |
Responses
Status | Meaning | Description | Schema |
---|---|---|---|
200 | OK | none | IdentityRbacAuthorizationDecision |
400 | Bad Request | Generic error response | Problem |
401 | Unauthorized | Generic error response | Problem |
422 | Unprocessable Entity | Generic error response | Problem |
500 | Internal Server Error | Generic error response | Problem |
Note
This operation does not require authentication
Code samples
POST https://api.cloudplatform.union-investment.de/identity/check-permissions HTTP/1.1
Host: api.cloudplatform.union-investment.de
Content-Type: application/json
Accept: application/json
# You can also use wget
curl -X POST https://api.cloudplatform.union-investment.de/identity/check-permissions \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://api.cloudplatform.union-investment.de/identity/check-permissions', headers = headers)
print(r.json())
Schemas
IdentityRbacInnerError
{
"code": "string",
"innererror": {
"code": "string",
"innererror": {
"code": "string",
"innererror": {
"code": "string",
"innererror": {
"code": null,
"innererror": null
}
}
}
}
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
code | string | false | none | none |
innererror | IdentityRbacInnerError | false | none | none |
IdentityRbacError
{
"code": "string",
"message": "string",
"target": "string",
"details": [
{
"code": "string",
"innererror": {
"code": "string",
"innererror": {
"code": "string",
"innererror": {}
}
}
}
],
"innererror": {
"code": "string",
"innererror": {
"code": "string",
"innererror": {
"code": "string",
"innererror": {
"code": null,
"innererror": null
}
}
}
}
}
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
code | string | false | none | none |
message | string | false | none | none |
target | string | false | none | none |
details | [IdentityRbacInnerError] | false | none | none |
innererror | IdentityRbacInnerError | false | none | none |
Problem
{
"type": "/some/uri-reference",
"title": "some title for the error situation",
"status": 100,
"detail": "some description for the error situation",
"instance": "/some/uri-reference#specific-occurrence-context",
"cause": {
"code": "string",
"message": "string",
"target": "string",
"details": [
{
"code": "string",
"innererror": {
"code": "string",
"innererror": {}
}
}
],
"innererror": {
"code": "string",
"innererror": {
"code": "string",
"innererror": {
"code": null,
"innererror": null
}
}
}
}
}
https://datatracker.ietf.org/doc/html/rfc7807
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
type | string(uri) | true | none | A URI reference that uniquely identifies the problem type only in the context of the provided API. Opposed to the specification in RFC-7807, it is neither recommended to be dereferenceable and point to a human-readable documentation nor globally unique for the problem type. |
title | string | false | none | A short summary of the problem type. Written in English and readable for engineers, usually not suited for non technical stakeholders and not localized. |
status | integer(int32) | false | none | The HTTP status code generated by the origin server for this occurrence of the problem. |
detail | string | false | none | A human readable explanation specific to this occurrence of the problem that is helpful to locate the problem and give advice on how to proceed. Written in English and readable for engineers, usually not suited for non technical stakeholders and not localized. |
instance | string(uri-reference) | false | none | A URI reference that identifies the specific occurrence of the problem, e.g. by adding a fragment identifier or sub-path to the problem type. May be used to locate the root of this problem in the source code. |
cause | IdentityRbacError | false | none | none |
IdentityRbacServiceName
IdentityRbacServiceName
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
IdentityRbacServiceName | string | false | none | The identifier of the Service for which the RBAC evaluation should take place. |
Enumerated Values
Property | Value |
---|---|
IdentityRbacServiceName | cloudplatform |
IdentityRbacAuthorizationDecision
IdentityRbacAuthorizationDecision
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
allow | boolean | true | none | none |
reason | [string] | true | none | none |
IdentityRbacAuthorizationDecisionRequest
{
"service": "cloudplatform",
"data": {
"principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
"scope": "string",
"requiredPermissions": [
"string"
],
"operator": "allOf"
}
}
IdentityRbacAuthorizationDecisionRequest
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
service | IdentityRbacServiceName | true | none | The identifier of the Service for which the RBAC evaluation should take place. |
data | object | true | none | none |
» principalId | string(uuid) | true | none | none |
» scope | IdentityRbacScope | true | none | The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}" |
» requiredPermissions | [string] | true | none | none |
» operator | string | true | none | none |
Enumerated Values
Property | Value |
---|---|
operator | allOf |
operator | anyOf |
IdentityRbacScope
IdentityRbacScope
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
IdentityRbacScope | string | false | none | The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}" |
IdentityRbacPermissionAssignment
{
"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"scope": "string",
"principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
"permissions": [
"workspaces.read"
]
}
IdentityRbacPermissionAssignment
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
id | string(uuid) | true | none | A UUID which uniquelly identifies the permission assignment. |
scope | IdentityRbacScope | true | none | The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}" |
principalId | string(uuid) | true | none | none |
permissions | [string] | true | none | none |
IdentityRbacPermissionAssignmentCreateOrUpdateOptions
{
"scope": "string",
"principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
"permissions": [
"workspaces.read"
]
}
IdentityRbacPermissionAssignmentCreateOrUpdateOptions
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
scope | IdentityRbacScope | true | none | The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}" |
principalId | string(uuid) | true | none | none |
permissions | [string] | true | none | none |
IdentityRbacOpaBackendRequest
{
"input": {
"principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
"scope": "string",
"operator": "anyOf",
"requiredPermissions": [
"string"
]
}
}
IdentityRbacOpaBackendRequest
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
input | object | true | none | none |
» principalId | string(uuid) | true | none | none |
» scope | string | true | none | none |
» operator | string | false | none | none |
» requiredPermissions | [string] | true | none | none |
Enumerated Values
Property | Value |
---|---|
operator | anyOf |
operator | allOf |
IdentityRbacOpaBackendResponse
IdentityRbacOpaBackendResponse
Properties
Name | Type | Required | Restrictions | Description |
---|---|---|---|---|
result | object | false | none | none |
» allow | boolean | false | none | none |
» reason | [string] | false | none | none |