Skip to content

Cloud Platform Identity RBAC API v1.0.1

This API provides endpoints to perform CRUD operations an permission/role assignments.

Contact: Cloud Operations

Operations

Tag: Identity.RBAC

create-identity-rbac-permission-assignments

Operation Id: create-identity-rbac-permission-assignments

Action: POST /permission-assignments

Summary: Create a new permission assignment

Description: Create new permission assignments

Body parameter

{
  "scope": "/workspaces",
  "principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
  "permissions": [
    "workspaces.read"
  ]
}

Parameters

Name In Type Required Description
body body IdentityRbacPermissionAssignmentCreateOrUpdateOptions false none

Responses

Status Meaning Description Schema
201 Created Create or update response IdentityRbacPermissionAssignment
400 Bad Request Generic error response Problem
401 Unauthorized Generic error response Problem
409 Conflict Generic error response Problem
422 Unprocessable Entity Generic error response Problem
500 Internal Server Error Generic error response Problem

Note

This operation does not require authentication

Code samples

POST https://api.cloudplatform.union-investment.de/identity/permission-assignments HTTP/1.1
Host: api.cloudplatform.union-investment.de
Content-Type: application/json
Accept: application/json

# You can also use wget
curl -X POST https://api.cloudplatform.union-investment.de/identity/permission-assignments \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.post('https://api.cloudplatform.union-investment.de/identity/permission-assignments', headers = headers)

print(r.json())

list-identity-rbac-permission-assignments

Operation Id: list-identity-rbac-permission-assignments

Action: GET /permission-assignments

Summary: List permission assignments

Description: List permission assignments

Responses

Status Meaning Description Schema
200 OK On or more permission assignments Inline
400 Bad Request Generic error response Problem
401 Unauthorized Generic error response Problem
500 Internal Server Error Generic error response Problem

Status Code 200

Name Type Required Restrictions Description
anonymous [IdentityRbacPermissionAssignment] false none none
» IdentityRbacPermissionAssignment IdentityRbacPermissionAssignment false none none
»» id string(uuid) true none A UUID which uniquelly identifies the permission assignment.
»» scope IdentityRbacScope true none The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}"
»» principalId string(uuid) true none none
»» permissions [string] true none none

Example responses

200 Response

[
  {
    "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
    "scope": "string",
    "principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
    "permissions": [
      "workspaces.read"
    ]
  }
]

Note

This operation does not require authentication

Code samples

GET https://api.cloudplatform.union-investment.de/identity/permission-assignments HTTP/1.1
Host: api.cloudplatform.union-investment.de
Accept: application/json

# You can also use wget
curl -X GET https://api.cloudplatform.union-investment.de/identity/permission-assignments \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get('https://api.cloudplatform.union-investment.de/identity/permission-assignments', headers = headers)

print(r.json())

get-identity-rbac-permission-assignments

Operation Id: get-identity-rbac-permission-assignments

Action: GET /permission-assignments/{id}

Summary: Get permission assignment by ID

Description: Get a specific permission assignment by the provided ID

Parameters

Name In Type Required Description
id path string true none

Responses

Status Meaning Description Schema
200 OK A Permission Assignment IdentityRbacPermissionAssignment
400 Bad Request Generic error response Problem
401 Unauthorized Generic error response Problem
404 Not Found Generic error response Problem
422 Unprocessable Entity Generic error response Problem
500 Internal Server Error Generic error response Problem

Note

This operation does not require authentication

Code samples

GET https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} HTTP/1.1
Host: api.cloudplatform.union-investment.de
Accept: application/json

# You can also use wget
curl -X GET https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} \
  -H 'Accept: application/json'

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get('https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id}', headers = headers)

print(r.json())

update-identity-rbac-permission-assignments

Operation Id: update-identity-rbac-permission-assignments

Action: PATCH /permission-assignments/{id}

Summary: Update a permission assignment by ID

Description: Update an existing permission assignment by ID

Body parameter

{
  "scope": "/workspaces",
  "principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
  "permissions": [
    "workspaces.read"
  ]
}

Parameters

Name In Type Required Description
body body IdentityRbacPermissionAssignmentCreateOrUpdateOptions false none
id path string true none

Responses

Status Meaning Description Schema
200 OK A Permission Assignment IdentityRbacPermissionAssignment
400 Bad Request Generic error response Problem
401 Unauthorized Generic error response Problem
404 Not Found Generic error response Problem
422 Unprocessable Entity Generic error response Problem
500 Internal Server Error Generic error response Problem

Note

This operation does not require authentication

Code samples

PATCH https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} HTTP/1.1
Host: api.cloudplatform.union-investment.de
Content-Type: application/json
Accept: application/json

# You can also use wget
curl -X PATCH https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.patch('https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id}', headers = headers)

print(r.json())

delete-identity-rbac-permission-assignments

Operation Id: delete-identity-rbac-permission-assignments

Action: DELETE /permission-assignments/{id}

Summary: Delete a permission assignment by ID

Description: Delete a specific permission assignment by ID

Parameters

Name In Type Required Description
id path string true none

Responses

Status Meaning Description Schema
204 No Content OK None
400 Bad Request Generic error response Problem
401 Unauthorized Generic error response Problem
404 Not Found Generic error response Problem
500 Internal Server Error Generic error response Problem

Note

This operation does not require authentication

Code samples

DELETE https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} HTTP/1.1
Host: api.cloudplatform.union-investment.de
Accept: application/problem+json

# You can also use wget
curl -X DELETE https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id} \
  -H 'Accept: application/problem+json'

import requests
headers = {
  'Accept': 'application/problem+json'
}

r = requests.delete('https://api.cloudplatform.union-investment.de/identity/permission-assignments/{id}', headers = headers)

print(r.json())

do-identity-rbac-check-permissions

Operation Id: do-identity-rbac-check-permissions

Action: POST /check-permissions

Summary: Check identity permissions

Description: Request a authorization decision based on the data provided in the request body

Body parameter

{
  "service": "cloudplatform",
  "data": {
    "principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
    "scope": "/",
    "requiredPermissions": [
      "generic.read"
    ],
    "operator": "anyOf"
  }
}

Parameters

Name In Type Required Description
body body IdentityRbacAuthorizationDecisionRequest false none

Responses

Status Meaning Description Schema
200 OK none IdentityRbacAuthorizationDecision
400 Bad Request Generic error response Problem
401 Unauthorized Generic error response Problem
422 Unprocessable Entity Generic error response Problem
500 Internal Server Error Generic error response Problem

Note

This operation does not require authentication

Code samples

POST https://api.cloudplatform.union-investment.de/identity/check-permissions HTTP/1.1
Host: api.cloudplatform.union-investment.de
Content-Type: application/json
Accept: application/json

# You can also use wget
curl -X POST https://api.cloudplatform.union-investment.de/identity/check-permissions \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.post('https://api.cloudplatform.union-investment.de/identity/check-permissions', headers = headers)

print(r.json())

Schemas

IdentityRbacInnerError

{
  "code": "string",
  "innererror": {
    "code": "string",
    "innererror": {
      "code": "string",
      "innererror": {
        "code": "string",
        "innererror": {
          "code": null,
          "innererror": null
        }
      }
    }
  }
}

Properties

Name Type Required Restrictions Description
code string false none none
innererror IdentityRbacInnerError false none none

IdentityRbacError

{
  "code": "string",
  "message": "string",
  "target": "string",
  "details": [
    {
      "code": "string",
      "innererror": {
        "code": "string",
        "innererror": {
          "code": "string",
          "innererror": {}
        }
      }
    }
  ],
  "innererror": {
    "code": "string",
    "innererror": {
      "code": "string",
      "innererror": {
        "code": "string",
        "innererror": {
          "code": null,
          "innererror": null
        }
      }
    }
  }
}

Properties

Name Type Required Restrictions Description
code string false none none
message string false none none
target string false none none
details [IdentityRbacInnerError] false none none
innererror IdentityRbacInnerError false none none

Problem

{
  "type": "/some/uri-reference",
  "title": "some title for the error situation",
  "status": 100,
  "detail": "some description for the error situation",
  "instance": "/some/uri-reference#specific-occurrence-context",
  "cause": {
    "code": "string",
    "message": "string",
    "target": "string",
    "details": [
      {
        "code": "string",
        "innererror": {
          "code": "string",
          "innererror": {}
        }
      }
    ],
    "innererror": {
      "code": "string",
      "innererror": {
        "code": "string",
        "innererror": {
          "code": null,
          "innererror": null
        }
      }
    }
  }
}

https://datatracker.ietf.org/doc/html/rfc7807

Properties

Name Type Required Restrictions Description
type string(uri) true none A URI reference that uniquely identifies the problem type only in the context of the provided API. Opposed to the specification in RFC-7807, it is neither recommended to be dereferenceable and point to a human-readable documentation nor globally unique for the problem type.
title string false none A short summary of the problem type. Written in English and readable for engineers, usually not suited for non technical stakeholders and not localized.
status integer(int32) false none The HTTP status code generated by the origin server for this occurrence of the problem.
detail string false none A human readable explanation specific to this occurrence of the problem that is helpful to locate the problem and give advice on how to proceed. Written in English and readable for engineers, usually not suited for non technical stakeholders and not localized.
instance string(uri-reference) false none A URI reference that identifies the specific occurrence of the problem, e.g. by adding a fragment identifier or sub-path to the problem type. May be used to locate the root of this problem in the source code.
cause IdentityRbacError false none none

IdentityRbacServiceName

"cloudplatform"

IdentityRbacServiceName

Properties

Name Type Required Restrictions Description
IdentityRbacServiceName string false none The identifier of the Service for which the RBAC evaluation should take place.

Enumerated Values

Property Value
IdentityRbacServiceName cloudplatform

IdentityRbacAuthorizationDecision

{
  "allow": false,
  "reason": [
    "string"
  ]
}

IdentityRbacAuthorizationDecision

Properties

Name Type Required Restrictions Description
allow boolean true none none
reason [string] true none none

IdentityRbacAuthorizationDecisionRequest

{
  "service": "cloudplatform",
  "data": {
    "principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
    "scope": "string",
    "requiredPermissions": [
      "string"
    ],
    "operator": "allOf"
  }
}

IdentityRbacAuthorizationDecisionRequest

Properties

Name Type Required Restrictions Description
service IdentityRbacServiceName true none The identifier of the Service for which the RBAC evaluation should take place.
data object true none none
» principalId string(uuid) true none none
» scope IdentityRbacScope true none The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}"
» requiredPermissions [string] true none none
» operator string true none none

Enumerated Values

Property Value
operator allOf
operator anyOf

IdentityRbacScope

"string"

IdentityRbacScope

Properties

Name Type Required Restrictions Description
IdentityRbacScope string false none The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}"

IdentityRbacPermissionAssignment

{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "scope": "string",
  "principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
  "permissions": [
    "workspaces.read"
  ]
}

IdentityRbacPermissionAssignment

Properties

Name Type Required Restrictions Description
id string(uuid) true none A UUID which uniquelly identifies the permission assignment.
scope IdentityRbacScope true none The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}"
principalId string(uuid) true none none
permissions [string] true none none

IdentityRbacPermissionAssignmentCreateOrUpdateOptions

{
  "scope": "string",
  "principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
  "permissions": [
    "workspaces.read"
  ]
}

IdentityRbacPermissionAssignmentCreateOrUpdateOptions

Properties

Name Type Required Restrictions Description
scope IdentityRbacScope true none The scope can be any REST resource instance. For example, "/" or "/workspaces/{id}/environments/{env}"
principalId string(uuid) true none none
permissions [string] true none none

IdentityRbacOpaBackendRequest

{
  "input": {
    "principalId": "0a52818d-1e0c-4e64-848e-4d04f9e914e5",
    "scope": "string",
    "operator": "anyOf",
    "requiredPermissions": [
      "string"
    ]
  }
}

IdentityRbacOpaBackendRequest

Properties

Name Type Required Restrictions Description
input object true none none
» principalId string(uuid) true none none
» scope string true none none
» operator string false none none
» requiredPermissions [string] true none none

Enumerated Values

Property Value
operator anyOf
operator allOf

IdentityRbacOpaBackendResponse

{
  "result": {
    "allow": false,
    "reason": [
      "string"
    ]
  }
}

IdentityRbacOpaBackendResponse

Properties

Name Type Required Restrictions Description
result object false none none
» allow boolean false none none
» reason [string] false none none