diff --git a/pkg/api/user.go b/pkg/api/user.go index 1f1cde51f18..a6b5ae38022 100644 --- a/pkg/api/user.go +++ b/pkg/api/user.go @@ -627,13 +627,6 @@ type UpdateUserParams struct { UserID int64 `json:"user_id"` } -// swagger:response searchUsersResponse -type SearchUsersResponse struct { - // The response message - // in: body - Body user.SearchUserQueryResult `json:"body"` -} - // swagger:response userResponse type UserResponse struct { // The response message diff --git a/pkg/services/searchusers/searchusers.go b/pkg/services/searchusers/searchusers.go index bd82503d691..63bb4a3d4ba 100644 --- a/pkg/services/searchusers/searchusers.go +++ b/pkg/services/searchusers/searchusers.go @@ -53,7 +53,7 @@ func (s *OSSService) SearchUsers(c *contextmodel.ReqContext) response.Response { // Get users with paging. // // Responses: -// 200: searchUsersResponse +// 200: searchUsersWithPagingResponse // 401: unauthorisedError // 403: forbiddenError // 404: notFoundError @@ -115,3 +115,17 @@ func (s *OSSService) SearchUser(c *contextmodel.ReqContext) (*user.SearchUserQue return res, nil } + +// swagger:response searchUsersResponse +type SearchUsersResponse struct { + // The response message + // in: body + Body []*user.UserSearchHitDTO `json:"body"` +} + +// swagger:response searchUsersWithPagingResponse +type SearchUsersWithPagingResponse struct { + // The response message + // in: body + Body *user.SearchUserQueryResult `json:"body"` +} diff --git a/public/api-merged.json b/public/api-merged.json index 61d09a40afd..dbdfc846a98 100644 --- a/public/api-merged.json +++ b/public/api-merged.json @@ -22,6 +22,647 @@ }, "basePath": "/api", "paths": { + "/access-control/assignments/search": { + "post": { + "description": "Returns the result of the search through access-control role assignments.\n\nYou need to have a permission with action `teams.roles:read` on scope `teams:*`\nand a permission with action `users.roles:read` on scope `users:*`.", + "tags": [ + "enterprise" + ], + "summary": "Debug permissions.", + "operationId": "searchResult", + "responses": { + "200": { + "$ref": "#/responses/searchResultResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/roles": { + "get": { + "description": "Gets all existing roles. The response contains all global and organization local roles, for the organization which user is signed in.\n\nYou need to have a permission with action `roles:read` and scope `roles:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get all roles.", + "operationId": "listRoles", + "parameters": [ + { + "type": "boolean", + "name": "delegatable", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/listRolesResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Creates a new custom role and maps given permissions to that role. Note that roles with the same prefix as Fixed Roles can’t be created.\n\nYou need to have a permission with action `roles:write` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only create custom roles with the same, or a subset of permissions which the user has.\nFor example, if a user does not have required permissions for creating users, they won’t be able to create a custom role which allows to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Create a new custom role.", + "operationId": "createRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateRoleForm" + } + } + ], + "responses": { + "201": { + "$ref": "#/responses/createRoleResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/roles/{roleUID}": { + "get": { + "description": "Get a role for the given UID.\n\nYou need to have a permission with action `roles:read` and scope `roles:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get a role.", + "operationId": "getRole", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "You need to have a permission with action `roles:write` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only create custom roles with the same, or a subset of permissions which the user has.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Update a custom role.", + "operationId": "updateRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/UpdateRoleCommand" + } + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "description": "Delete a role with the given UID, and it’s permissions. If the role is assigned to a built-in role, the deletion operation will fail, unless force query param is set to true, and in that case all assignments will also be deleted.\n\nYou need to have a permission with action `roles:delete` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only delete a custom role with the same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to delete a custom role which allows to do that.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Delete a custom role.", + "operationId": "deleteRole", + "parameters": [ + { + "type": "boolean", + "name": "force", + "in": "query" + }, + { + "type": "boolean", + "name": "global", + "in": "query" + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/roles/{roleUID}/assignments": { + "get": { + "description": "Get role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get role assignments.", + "operationId": "getRoleAssignments", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleAssignmentsResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Set role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:add` and `teams.roles:remove` and scope `permissions:type:delegate`, and `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Set role assignments.", + "operationId": "setRoleAssignments", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SetRoleAssignmentsCommand" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/setRoleAssignmentsResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/status": { + "get": { + "description": "Returns an indicator to check if fine-grained access control is enabled or not.\n\nYou need to have a permission with action `status:accesscontrol` and scope `services:accesscontrol`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get status.", + "operationId": "getAccessControlStatus", + "responses": { + "200": { + "$ref": "#/responses/getAccessControlStatusResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/teams/{teamId}/roles": { + "get": { + "description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get team roles.", + "operationId": "listTeamRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "You need to have a permission with action `teams.roles:add` and `teams.roles:remove` and scope `permissions:type:delegate` for each.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Update team role.", + "operationId": "setTeamRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "You need to have a permission with action `teams.roles:add` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Add team role.", + "operationId": "addTeamRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AddTeamRoleCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/teams/{teamId}/roles/{roleUID}": { + "delete": { + "description": "You need to have a permission with action `teams.roles:remove` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Remove team role.", + "operationId": "removeTeamRole", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/users/{userId}/roles": { + "get": { + "description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "List roles assigned to a user.", + "operationId": "listUserRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getAllRolesResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Update the user’s role assignments to match the provided set of UIDs. This will remove any assigned roles that aren’t in the request and add roles that are in the set but are not already assigned to the user.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Set user role assignments.", + "operationId": "setUserRoles", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SetUserRolesCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Assign a role to a specific user. For bulk updates consider Set user role assignments.\n\nYou need to have a permission with action `users.roles:add` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only assign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to assign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Add a user role assignment.", + "operationId": "addUserRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AddUserRoleCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/users/{userId}/roles/{roleUID}": { + "delete": { + "description": "Revoke a role from a user. For bulk updates consider Set user role assignments.\n\nYou need to have a permission with action `users.roles:remove` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to unassign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Remove a user role assignment.", + "operationId": "removeUserRole", + "parameters": [ + { + "type": "boolean", + "description": "A flag indicating if the assignment is global or not. If set to false, the default org ID of the authenticated user will be used from the request to remove assignment.", + "name": "global", + "in": "query" + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/admin/ldap-sync-status": { + "get": { + "description": "You need to have a permission with action `ldap.status:read`.", + "tags": [ + "ldap_debug" + ], + "summary": "Returns the current state of the LDAP background sync integration.", + "operationId": "getSyncStatus", + "responses": { + "200": { + "$ref": "#/responses/getSyncStatusResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/admin/ldap/reload": { "post": { "security": [ @@ -193,6 +834,27 @@ } } }, + "/admin/provisioning/access-control/reload": { + "post": { + "tags": [ + "access_control_provisioning", + "enterprise" + ], + "summary": "You need to have a permission with action `provisioning:reload` with scope `provisioners:accesscontrol`.", + "operationId": "adminProvisioningReloadAccessControl", + "responses": { + "202": { + "$ref": "#/responses/acceptedResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + } + } + } + }, "/admin/provisioning/dashboards/reload": { "post": { "security": [ @@ -4326,6 +4988,216 @@ } } }, + "/datasources/{datasourceId}/disable-permissions": { + "post": { + "description": "Disables permissions for the data source with the given id. All existing permissions will be removed and anyone will be able to query the data source.\n\nYou need to have a permission with action `datasources.permissions:toggle` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Disable permissions for a data source.", + "operationId": "disablePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/createOrUpdateDatasourceResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/enable-permissions": { + "post": { + "description": "Enables permissions for the data source with the given id.\nNo one except Org Admins will be able to query the data source until permissions have been added\nwhich permit certain users or teams to query the data source.\n\nYou need to have a permission with action `datasources.permissions:toggle` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Enable permissions for a data source.", + "operationId": "enablePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/createOrUpdateDatasourceResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/permissions": { + "get": { + "description": "Gets all existing permissions for the data source with the given id.\n\nYou need to have a permission with action `datasources.permissions:read` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.\nDeprecated. Please use GET /api/access-control/datasources/:uid", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Get permissions for a data source.", + "operationId": "getAllPermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getAllPermissionseResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "You need to have a permission with action `datasources.permissions:read` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.\nDeprecated. Please use POST /api/access-control/datasources/:uid/users/:id, /api/access-control/datasources/:uid/teams/:id or /api/access-control/datasources/:uid/buildInRoles/:id", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Add permissions for a data source.", + "operationId": "addPermission", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "query" + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "query" + }, + { + "type": "string", + "name": "builtinRole", + "in": "query" + }, + { + "type": "integer", + "format": "int64", + "name": "permission", + "in": "query" + }, + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/addPermissionResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/permissions/{permissionId}": { + "delete": { + "description": "Removes the permission with the given permissionId for the data source with the given id.\n\nYou need to have a permission with action `datasources.permissions:delete` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.\nDeprecated. Please use POST /api/access-control/datasources/:uid/users/:id, /api/access-control/datasources/:uid/teams/:id or /api/access-control/datasources/:uid/buildInRoles/:id", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Remove permission for a data source.", + "operationId": "deletePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "permissionId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + } + } + } + }, "/datasources/{id}": { "get": { "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `datasources:read` and scopes: `datasources:*`, `datasources:id:*` and `datasources:id:1` (single data source).\n\nPlease refer to [updated API](#/datasources/getDataSourceByUID) instead", @@ -5257,6 +6129,216 @@ } } }, + "/licensing/check": { + "get": { + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Check license availability.", + "operationId": "getStatus", + "responses": { + "200": { + "$ref": "#/responses/getStatusResponse" + } + } + } + }, + "/licensing/custom-permissions": { + "get": { + "description": "You need to have a permission with action `licensing.reports:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get custom permissions report.", + "operationId": "getCustomPermissionsReport", + "responses": { + "200": { + "$ref": "#/responses/getCustomPermissionsReportResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/custom-permissions-csv": { + "get": { + "description": "You need to have a permission with action `licensing.reports:read`.", + "produces": [ + "text/csv" + ], + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get custom permissions report in CSV format.", + "operationId": "getCustomPermissionsCSV", + "responses": { + "200": { + "$ref": "#/responses/getCustomPermissionsReportResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/refresh-stats": { + "get": { + "description": "You need to have a permission with action `licensing:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Refresh license stats.", + "operationId": "refreshLicenseStats", + "responses": { + "200": { + "$ref": "#/responses/refreshLicenseStatsResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/token": { + "get": { + "description": "You need to have a permission with action `licensing:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get license token.", + "operationId": "getLicenseToken", + "responses": { + "200": { + "$ref": "#/responses/getLicenseTokenResponse" + } + } + }, + "post": { + "description": "You need to have a permission with action `licensing:update`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Create license token.", + "operationId": "postLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/DeleteTokenCommand" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/getLicenseTokenResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + } + } + }, + "delete": { + "description": "Removes the license stored in the Grafana database. Available in Grafana Enterprise v7.4+.\n\nYou need to have a permission with action `licensing:delete`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Remove license from database.", + "operationId": "deleteLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/DeleteTokenCommand" + } + } + ], + "responses": { + "202": { + "$ref": "#/responses/acceptedResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/token/renew": { + "post": { + "description": "Manually ask license issuer for a new token. Available in Grafana Enterprise v7.4+.\n\nYou need to have a permission with action `licensing:update`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Manually force license refresh.", + "operationId": "postRenewLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "type": "object" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/postRenewLicenseTokenResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "404": { + "$ref": "#/responses/notFoundError" + } + } + } + }, + "/logout/saml": { + "get": { + "tags": [ + "saml", + "enterprise" + ], + "summary": "GetLogout initiates single logout process.", + "operationId": "getSAMLLogout", + "responses": { + "302": { + "description": "(empty)" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/org": { "get": { "tags": [ @@ -6806,6 +7888,827 @@ } } }, + "/recording-rules": { + "get": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Lists all rules in the database: active or deleted.", + "operationId": "listRecordingRules", + "responses": { + "200": { + "$ref": "#/responses/listRecordingRulesResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Update the active status of a rule.", + "operationId": "updateRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Create a recording rule that is then registered and started.", + "operationId": "createRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/test": { + "post": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Test a recording rule.", + "operationId": "testCreateRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/writer": { + "get": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Return the prometheus remote write target.", + "operationId": "getRecordingRuleWriteTarget", + "responses": { + "200": { + "$ref": "#/responses/recordingRuleWriteTargetResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "It returns a 422 if there is not an existing prometheus data source configured.", + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Create a remote write target.", + "operationId": "createRecordingRuleWriteTarget", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PrometheusRemoteWriteTargetJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleWriteTargetResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Delete the remote write target.", + "operationId": "deleteRecordingRuleWriteTarget", + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/{recordingRuleID}": { + "delete": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Delete removes the rule from the registry and stops it.", + "operationId": "deleteRecordingRule", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "recordingRuleID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports:read` with scope `reports:*`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "List reports.", + "operationId": "getReports", + "responses": { + "200": { + "$ref": "#/responses/getReportsResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Available to org admins only and with a valid license.\n\nYou need to have a permission with action `reports.admin:create`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Create a report.", + "operationId": "createReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/createReportResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/email": { + "post": { + "description": "Generate and send a report. This API waits for the report to be generated before returning. We recommend that you set the client’s timeout to at least 60 seconds. Available to org admins only and with a valid license.\n\nOnly available in Grafana Enterprise v7.0+.\nThis API endpoint is experimental and may be deprecated in a future release. On deprecation, a migration strategy will be provided and the endpoint will remain functional until the next major release of Grafana.\n\nYou need to have a permission with action `reports:send`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Send a report.", + "operationId": "sendReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/ReportEmailDTO" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/render/pdf/{dashboardID}": { + "get": { + "description": "Please refer to [reports enterprise](#/reports/renderReportPDFs) instead. This will be removed in Grafana 10.", + "produces": [ + "application/pdf" + ], + "tags": [ + "reports", + "enterprise" + ], + "summary": "Render report for dashboard.", + "operationId": "renderReportPDF", + "deprecated": true, + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "DashboardID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "dashboardID", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "title", + "in": "query" + }, + { + "type": "string", + "name": "variables", + "in": "query" + }, + { + "type": "string", + "name": "from", + "in": "query" + }, + { + "type": "string", + "name": "to", + "in": "query" + }, + { + "type": "string", + "name": "orientation", + "in": "query" + }, + { + "type": "string", + "name": "layout", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/render/pdfs": { + "get": { + "description": "Available to all users and with a valid license.", + "produces": [ + "application/pdf" + ], + "tags": [ + "reports", + "enterprise" + ], + "summary": "Render report for multiple dashboards.", + "operationId": "renderReportPDFs", + "parameters": [ + { + "type": "string", + "name": "dashboardID", + "in": "query" + }, + { + "type": "string", + "name": "orientation", + "in": "query" + }, + { + "type": "string", + "name": "layout", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/settings": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.settings:read`x.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Get settings.", + "operationId": "getReportSettings", + "responses": { + "200": { + "$ref": "#/responses/getReportSettingsResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.settings:write`xx.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Save settings.", + "operationId": "saveReportSettings", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SettingsDTO" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/test-email": { + "post": { + "description": "Available to org admins only and with a valid license.\n\nYou need to have a permission with action `reports:send`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Send test report via email.", + "operationId": "sendTestEmail", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/{id}": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports:read` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Get a report.", + "operationId": "getReport", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getReportResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.admin:write` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Update a report.", + "operationId": "updateReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + }, + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.delete` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Delete a report.", + "operationId": "deleteReport", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/saml/acs": { + "post": { + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs assertion Consumer Service (ACS).", + "operationId": "postACS", + "parameters": [ + { + "type": "string", + "name": "RelayState", + "in": "query" + } + ], + "responses": { + "302": { + "description": "(empty)" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/saml/metadata": { + "get": { + "produces": [ + "application/xml;application/samlmetadata+xml" + ], + "tags": [ + "saml", + "enterprise" + ], + "summary": "It exposes the SP (Grafana's) metadata for the IdP's consumption.", + "operationId": "getMetadata", + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + } + } + } + }, + "/saml/slo": { + "get": { + "description": "There might be two possible requests:\n1. Logout response (callback) when Grafana initiates single logout and IdP returns response to logout request.\n2. Logout request when another SP initiates single logout and IdP sends logout request to the Grafana,\nor in case of IdP-initiated logout.", + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs Single Logout (SLO) callback.", + "operationId": "getSLO", + "responses": { + "302": { + "description": "(empty)" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "There might be two possible requests:\n1. Logout response (callback) when Grafana initiates single logout and IdP returns response to logout request.\n2. Logout request when another SP initiates single logout and IdP sends logout request to the Grafana,\nor in case of IdP-initiated logout.", + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs Single Logout (SLO) callback.", + "operationId": "postSLO", + "parameters": [ + { + "type": "string", + "name": "SAMLRequest", + "in": "query" + }, + { + "type": "string", + "name": "SAMLResponse", + "in": "query" + } + ], + "responses": { + "302": { + "description": "(empty)" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/search": { "get": { "tags": [ @@ -7515,6 +9418,178 @@ } } }, + "/teams/{teamId}/groups": { + "get": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Get External Groups.", + "operationId": "getTeamGroupsApi", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getTeamGroupsApiResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Add External Group.", + "operationId": "addTeamGroupApi", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/TeamGroupMapping" + } + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Remove External Group.", + "operationId": "removeTeamGroupApiQuery", + "parameters": [ + { + "type": "string", + "name": "groupId", + "in": "query" + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/teams/{teamId}/groups/{groupId}": { + "delete": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Remove External Group.", + "operationId": "removeTeamGroupApi", + "deprecated": true, + "parameters": [ + { + "type": "string", + "name": "groupId", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/teams/{team_id}": { "get": { "tags": [ @@ -8489,7 +10564,7 @@ "operationId": "searchUsersWithPaging", "responses": { "200": { - "$ref": "#/responses/searchUsersResponse" + "$ref": "#/responses/searchUsersWithPagingResponse" }, "401": { "$ref": "#/responses/unauthorisedError" @@ -8661,6 +10736,42 @@ "Ack": { "type": "object" }, + "ActiveSyncStatusDTO": { + "description": "ActiveSyncStatusDTO holds the information for LDAP background Sync", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "nextSync": { + "type": "string", + "format": "date-time" + }, + "prevSync": { + "$ref": "#/definitions/SyncResult" + }, + "schedule": { + "type": "string" + } + } + }, + "ActiveUserStats": { + "type": "object", + "properties": { + "active_admins_and_editors": { + "type": "integer", + "format": "int64" + }, + "active_users": { + "type": "integer", + "format": "int64" + }, + "active_viewers": { + "type": "integer", + "format": "int64" + } + } + }, "AddCommand": { "type": "object", "properties": { @@ -8670,6 +10781,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -8741,6 +10853,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -8760,6 +10873,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -8767,6 +10881,25 @@ } } }, + "AddPermissionDTO": { + "type": "object", + "properties": { + "builtinRole": { + "type": "string" + }, + "permission": { + "$ref": "#/definitions/DsPermissionType" + }, + "teamId": { + "type": "integer", + "format": "int64" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, "AddServiceAccountTokenCommand": { "type": "object", "properties": { @@ -8788,6 +10921,25 @@ } } }, + "AddTeamRoleCommand": { + "type": "object", + "properties": { + "roleUid": { + "type": "string" + } + } + }, + "AddUserRoleCommand": { + "type": "object", + "properties": { + "global": { + "type": "boolean" + }, + "roleUid": { + "type": "string" + } + } + }, "Address": { "type": "object", "properties": { @@ -9582,6 +11734,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -9702,6 +11855,26 @@ } } }, + "BrandingOptionsDTO": { + "type": "object", + "properties": { + "emailFooterLink": { + "type": "string" + }, + "emailFooterMode": { + "type": "string" + }, + "emailFooterText": { + "type": "string" + }, + "emailLogoUrl": { + "type": "string" + }, + "reportLogoUrl": { + "type": "string" + } + } + }, "CalculateDiffTarget": { "type": "object", "properties": { @@ -9764,6 +11937,88 @@ } } }, + "ConfigDTO": { + "description": "ConfigDTO is model representation in transfer", + "type": "object", + "properties": { + "created": { + "type": "string", + "format": "date-time" + }, + "dashboardId": { + "type": "integer", + "format": "int64" + }, + "dashboardName": { + "type": "string" + }, + "dashboardUid": { + "type": "string" + }, + "dashboards": { + "type": "array", + "items": { + "$ref": "#/definitions/DashboardDTO" + } + }, + "enableCsv": { + "type": "boolean" + }, + "enableDashboardUrl": { + "type": "boolean" + }, + "formats": { + "type": "array", + "items": { + "$ref": "#/definitions/Type" + } + }, + "id": { + "type": "integer", + "format": "int64" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "options": { + "$ref": "#/definitions/ReportOptionsDTO" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "recipients": { + "type": "string" + }, + "replyTo": { + "type": "string" + }, + "scaleFactor": { + "type": "integer", + "format": "int64" + }, + "schedule": { + "$ref": "#/definitions/ScheduleDTO" + }, + "state": { + "$ref": "#/definitions/State" + }, + "templateVars": { + "type": "object" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, "ContactPoints": { "type": "array", "items": { @@ -10044,6 +12299,64 @@ } } }, + "CreateOrUpdateConfigCmd": { + "type": "object", + "properties": { + "dashboardId": { + "type": "integer", + "format": "int64" + }, + "dashboardUid": { + "type": "string" + }, + "dashboards": { + "type": "array", + "items": { + "$ref": "#/definitions/DashboardDTO" + } + }, + "enableCsv": { + "type": "boolean" + }, + "enableDashboardUrl": { + "type": "boolean" + }, + "formats": { + "type": "array", + "items": { + "$ref": "#/definitions/Type" + } + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "options": { + "$ref": "#/definitions/ReportOptionsDTO" + }, + "recipients": { + "type": "string" + }, + "replyTo": { + "type": "string" + }, + "scaleFactor": { + "type": "integer", + "format": "int64" + }, + "schedule": { + "$ref": "#/definitions/ScheduleDTO" + }, + "state": { + "$ref": "#/definitions/State" + }, + "templateVars": { + "type": "object" + } + } + }, "CreateOrgCommand": { "type": "object", "properties": { @@ -10086,6 +12399,42 @@ } } }, + "CreateRoleForm": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "global": { + "type": "boolean" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "uid": { + "type": "string" + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "CreateServiceAccountForm": { "type": "object", "properties": { @@ -10100,6 +12449,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -10119,6 +12469,53 @@ } } }, + "CustomPermissionsRecordDTO": { + "type": "object", + "properties": { + "customPermissions": { + "type": "string" + }, + "granteeName": { + "type": "string" + }, + "granteeType": { + "type": "string" + }, + "granteeUrl": { + "type": "string" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "isFolder": { + "type": "boolean" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "orgRole": { + "type": "string" + }, + "slug": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uid": { + "type": "string" + }, + "url": { + "type": "string" + }, + "usersCount": { + "type": "integer", + "format": "int64" + } + } + }, "DashboardACLInfoDTO": { "type": "object", "properties": { @@ -10149,6 +12546,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -10207,6 +12605,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -10222,6 +12621,20 @@ } } }, + "DashboardDTO": { + "type": "object", + "properties": { + "dashboard": { + "$ref": "#/definitions/DashboardReportDTO" + }, + "reportVariables": { + "type": "object" + }, + "timeRange": { + "$ref": "#/definitions/TimeRangeDTO" + } + } + }, "DashboardFullWithMeta": { "type": "object", "properties": { @@ -10335,6 +12748,21 @@ } } }, + "DashboardReportDTO": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + } + }, "DashboardSnapshotDTO": { "description": "DashboardSnapshotDTO without dashboard map", "type": "object", @@ -10592,6 +13020,83 @@ } } }, + "DataSourcePermissionRuleDTO": { + "type": "object", + "properties": { + "builtInRole": { + "type": "string" + }, + "created": { + "type": "string", + "format": "date-time" + }, + "datasourceId": { + "type": "integer", + "format": "int64" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "isManaged": { + "type": "boolean" + }, + "permission": { + "$ref": "#/definitions/DsPermissionType" + }, + "permissionName": { + "type": "string" + }, + "team": { + "type": "string" + }, + "teamAvatarUrl": { + "type": "string" + }, + "teamEmail": { + "type": "string" + }, + "teamId": { + "type": "integer", + "format": "int64" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "userAvatarUrl": { + "type": "string" + }, + "userEmail": { + "type": "string" + }, + "userId": { + "type": "integer", + "format": "int64" + }, + "userLogin": { + "type": "string" + } + } + }, + "DataSourcePermissionsDTO": { + "type": "object", + "properties": { + "datasourceId": { + "type": "integer", + "format": "int64" + }, + "enabled": { + "type": "boolean" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/DataSourcePermissionRuleDTO" + } + } + } + }, "DataTopic": { "description": "nolint:revive", "type": "string", @@ -10606,6 +13111,14 @@ } } }, + "DeleteTokenCommand": { + "type": "object", + "properties": { + "instance": { + "type": "string" + } + } + }, "DescendantCounts": { "type": "object", "additionalProperties": { @@ -10654,6 +13167,11 @@ "DsAccess": { "type": "string" }, + "DsPermissionType": { + "description": "Datasource permission\nDescription:\n`0` - No Access\n`1` - Query\n`2` - Edit\nEnum: 0,1,2", + "type": "integer", + "format": "int64" + }, "Duration": { "description": "A Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years.", "type": "integer", @@ -10914,6 +13432,18 @@ } } }, + "FailedUser": { + "description": "FailedUser holds the information of an user that failed", + "type": "object", + "properties": { + "Error": { + "type": "string" + }, + "Login": { + "type": "string" + } + } + }, "Failure": { "$ref": "#/definitions/ResponseDetails" }, @@ -13204,6 +15734,26 @@ } } }, + "Permission": { + "type": "object", + "title": "Permission is the model for access control permissions.", + "properties": { + "action": { + "type": "string" + }, + "created": { + "type": "string", + "format": "date-time" + }, + "scope": { + "type": "string" + }, + "updated": { + "type": "string", + "format": "date-time" + } + } + }, "PermissionDenied": { "type": "object" }, @@ -13664,6 +16214,20 @@ } } }, + "PrometheusRemoteWriteTargetJSON": { + "type": "object", + "properties": { + "data_source_uid": { + "type": "string" + }, + "id": { + "type": "string" + }, + "remote_write_path": { + "type": "string" + } + } + }, "Provenance": { "type": "string" }, @@ -14184,6 +16748,51 @@ } } }, + "RecordingRuleJSON": { + "description": "RecordingRuleJSON is the external representation of a recording rule", + "type": "object", + "properties": { + "active": { + "type": "boolean" + }, + "count": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "dest_data_source_uid": { + "type": "string" + }, + "id": { + "type": "string" + }, + "interval": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + }, + "prom_name": { + "type": "string" + }, + "queries": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false + } + }, + "range": { + "type": "integer", + "format": "int64" + }, + "target_ref_id": { + "type": "string" + } + } + }, "Regexp": { "description": "A Regexp is safe for concurrent use by multiple goroutines,\nexcept for configuration methods, such as Longest.", "type": "object", @@ -14201,6 +16810,41 @@ } } }, + "ReportEmailDTO": { + "type": "object", + "properties": { + "email": { + "type": "string" + }, + "emails": { + "description": "Comma-separated list of emails to which to send the report to.", + "type": "string" + }, + "id": { + "description": "Send the report to the emails specified in the report. Required if emails is not present.", + "type": "string", + "format": "int64" + }, + "useEmailsFromReport": { + "description": "Send the report to the emails specified in the report. Required if emails is not present.", + "type": "boolean" + } + } + }, + "ReportOptionsDTO": { + "type": "object", + "properties": { + "layout": { + "type": "string" + }, + "orientation": { + "type": "string" + }, + "timeRange": { + "$ref": "#/definitions/TimeRangeDTO" + } + } + }, "ResponseDetails": { "type": "object", "properties": { @@ -14235,6 +16879,79 @@ } } }, + "RoleAssignmentsDTO": { + "type": "object", + "properties": { + "role_uid": { + "type": "string" + }, + "service_accounts": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "teams": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "users": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, + "RoleDTO": { + "type": "object", + "properties": { + "created": { + "type": "string", + "format": "date-time" + }, + "delegatable": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "uid": { + "type": "string" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "Route": { "description": "A Route is a node that contains definitions of how to handle alerts. This is modified\nfrom the upstream alertmanager in that it adds the ObjectMatchers property.", "type": "object", @@ -14532,6 +17249,49 @@ } } }, + "ScheduleDTO": { + "type": "object", + "properties": { + "day": { + "type": "string" + }, + "dayOfMonth": { + "type": "string" + }, + "endDate": { + "type": "string", + "format": "date-time" + }, + "frequency": { + "type": "string" + }, + "hour": { + "type": "integer", + "format": "int64" + }, + "intervalAmount": { + "type": "integer", + "format": "int64" + }, + "intervalFrequency": { + "type": "string" + }, + "minute": { + "type": "integer", + "format": "int64" + }, + "startDate": { + "type": "string", + "format": "date-time" + }, + "timeZone": { + "type": "string" + }, + "workdaysOnly": { + "type": "boolean" + } + } + }, "SearchOrgServiceAccountsResult": { "description": "swagger: model", "type": "object", @@ -14580,6 +17340,50 @@ } } }, + "SearchResult": { + "type": "object", + "properties": { + "result": { + "type": "array", + "items": { + "$ref": "#/definitions/SearchResultItem" + } + } + } + }, + "SearchResultItem": { + "type": "object", + "properties": { + "action": { + "type": "string" + }, + "basicRole": { + "type": "string" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "roleName": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "teamId": { + "type": "integer", + "format": "int64" + }, + "userId": { + "type": "integer", + "format": "int64" + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "SearchTeamQueryResult": { "type": "object", "properties": { @@ -14747,6 +17551,49 @@ } } }, + "SetRoleAssignmentsCommand": { + "type": "object", + "properties": { + "service_accounts": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "teams": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "users": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, + "SetUserRolesCommand": { + "type": "object", + "properties": { + "global": { + "type": "boolean" + }, + "includeHidden": { + "type": "boolean" + }, + "roleUids": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "SettingsBag": { "type": "object", "additionalProperties": { @@ -14756,6 +17603,26 @@ } } }, + "SettingsDTO": { + "type": "object", + "properties": { + "branding": { + "$ref": "#/definitions/BrandingOptionsDTO" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, "SigV4Config": { "description": "SigV4Config is the configuration for signing remote write requests with\nAWS's SigV4 verification process. Empty values will be retrieved using the\nAWS default credentials chain.", "type": "object", @@ -14972,6 +17839,9 @@ } } }, + "State": { + "type": "string" + }, "Status": { "type": "integer", "format": "int64" @@ -14990,6 +17860,39 @@ "SupportedTransformationTypes": { "type": "string" }, + "SyncResult": { + "type": "object", + "title": "SyncResult holds the result of a sync with LDAP. This gives us information on which users were updated and how.", + "properties": { + "Elapsed": { + "$ref": "#/definitions/Duration" + }, + "FailedUsers": { + "type": "array", + "items": { + "$ref": "#/definitions/FailedUser" + } + }, + "MissingUserIds": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "Started": { + "type": "string", + "format": "date-time" + }, + "UpdatedUserIds": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, "TLSConfig": { "type": "object", "title": "TLSConfig configures the options for TLS connections.", @@ -15077,6 +17980,30 @@ } } }, + "TeamGroupDTO": { + "type": "object", + "properties": { + "groupId": { + "type": "string" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "teamId": { + "type": "integer", + "format": "int64" + } + } + }, + "TeamGroupMapping": { + "type": "object", + "properties": { + "groupId": { + "type": "string" + } + } + }, "TeamMemberDTO": { "type": "object", "properties": { @@ -15198,6 +18125,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -15470,6 +18398,104 @@ } } }, + "TimeRangeDTO": { + "type": "object", + "properties": { + "from": { + "type": "string" + }, + "to": { + "type": "string" + } + } + }, + "Token": { + "type": "object", + "properties": { + "account": { + "type": "string" + }, + "company": { + "type": "string" + }, + "details_url": { + "type": "string" + }, + "exp": { + "type": "integer", + "format": "int64" + }, + "iat": { + "type": "integer", + "format": "int64" + }, + "included_users": { + "type": "integer", + "format": "int64" + }, + "iss": { + "type": "string" + }, + "jti": { + "type": "string" + }, + "lexp": { + "type": "integer", + "format": "int64" + }, + "lic_exp_warn_days": { + "type": "integer", + "format": "int64" + }, + "lid": { + "type": "string" + }, + "limit_by": { + "type": "string" + }, + "max_concurrent_user_sessions": { + "type": "integer", + "format": "int64" + }, + "nbf": { + "type": "integer", + "format": "int64" + }, + "prod": { + "type": "array", + "items": { + "type": "string" + } + }, + "slug": { + "type": "string" + }, + "status": { + "$ref": "#/definitions/TokenStatus" + }, + "sub": { + "type": "string" + }, + "tok_exp_warn_days": { + "type": "integer", + "format": "int64" + }, + "trial": { + "type": "boolean" + }, + "trial_exp": { + "type": "integer", + "format": "int64" + }, + "update_days": { + "type": "integer", + "format": "int64" + }, + "usage_billing": { + "type": "boolean" + } + } + }, "TokenDTO": { "type": "object", "properties": { @@ -15512,6 +18538,10 @@ } } }, + "TokenStatus": { + "type": "integer", + "format": "int64" + }, "Transformation": { "type": "object", "properties": { @@ -15561,6 +18591,9 @@ } } }, + "Type": { + "type": "string" + }, "URL": { "type": "object", "title": "URL is a custom URL type that allows validation at configuration load time.", @@ -15861,6 +18894,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -15944,6 +18978,39 @@ } } }, + "UpdateRoleCommand": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "global": { + "type": "boolean" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "UpdateServiceAccountForm": { "type": "object", "properties": { @@ -15956,6 +19023,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -16035,6 +19103,7 @@ "role": { "type": "string", "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -16944,6 +20013,21 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "addPermissionResponse": { + "description": "(empty)", + "schema": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "permissionId": { + "type": "integer", + "format": "int64" + } + } + } + }, "adminCreateUserResponse": { "description": "(empty)", "schema": { @@ -16993,6 +20077,16 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "contentResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "type": "integer", + "format": "uint8" + } + } + }, "createCorrelationResponse": { "description": "(empty)", "schema": { @@ -17088,6 +20182,27 @@ "$ref": "#/definitions/Playlist" } }, + "createReportResponse": { + "description": "(empty)", + "schema": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "message": { + "type": "string" + } + } + } + }, + "createRoleResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RoleDTO" + } + }, "createServiceAccountResponse": { "description": "(empty)", "schema": { @@ -17272,6 +20387,12 @@ } } }, + "getAccessControlStatusResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/Status" + } + }, "getAlertNotificationChannelResponse": { "description": "(empty)", "schema": { @@ -17311,6 +20432,21 @@ } } }, + "getAllPermissionseResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/DataSourcePermissionsDTO" + } + }, + "getAllRolesResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + }, "getAnnotationByIDResponse": { "description": "(empty)", "schema": { @@ -17362,6 +20498,15 @@ "$ref": "#/definitions/OrgDetailsDTO" } }, + "getCustomPermissionsReportResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/CustomPermissionsRecordDTO" + } + } + }, "getDashboardPermissionsListResponse": { "description": "(empty)", "schema": { @@ -17469,6 +20614,12 @@ "$ref": "#/definitions/LibraryElementSearchResponse" } }, + "getLicenseTokenResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/Token" + } + }, "getOrgByIDResponse": { "description": "(empty)", "schema": { @@ -17571,6 +20722,39 @@ } } }, + "getReportResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/ConfigDTO" + } + }, + "getReportSettingsResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/SettingsDTO" + } + }, + "getReportsResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/ConfigDTO" + } + } + }, + "getRoleAssignmentsResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RoleAssignmentsDTO" + } + }, + "getRoleResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RoleDTO" + } + }, "getSharingOptionsResponse": { "description": "(empty)", "schema": { @@ -17606,12 +20790,30 @@ } } }, + "getStatusResponse": { + "description": "(empty)" + }, + "getSyncStatusResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/ActiveSyncStatusDTO" + } + }, "getTeamByIDResponse": { "description": "(empty)", "schema": { "$ref": "#/definitions/TeamDTO" } }, + "getTeamGroupsApiResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/TeamGroupDTO" + } + } + }, "getTeamMembersResponse": { "description": "(empty)", "schema": { @@ -17675,6 +20877,36 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "listBuiltinRolesResponse": { + "description": "(empty)", + "schema": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + } + }, + "listRecordingRulesResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + }, + "listRolesResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + }, "listSortOptionsResponse": { "description": "(empty)", "schema": { @@ -17835,6 +21067,9 @@ } } }, + "postRenewLicenseTokenResponse": { + "description": "(empty)" + }, "preconditionFailedError": { "description": "PreconditionFailedError", "schema": { @@ -17856,6 +21091,24 @@ } } }, + "recordingRuleResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + }, + "recordingRuleWriteTargetResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/PrometheusRemoteWriteTargetJSON" + } + }, + "refreshLicenseStatsResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/ActiveUserStats" + } + }, "retrieveServiceAccountResponse": { "description": "(empty)", "schema": { @@ -17904,6 +21157,12 @@ "$ref": "#/definitions/HitList" } }, + "searchResultResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/SearchResult" + } + }, "searchTeamsResponse": { "description": "(empty)", "schema": { @@ -17911,11 +21170,26 @@ } }, "searchUsersResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/UserSearchHitDTO" + } + } + }, + "searchUsersWithPagingResponse": { "description": "(empty)", "schema": { "$ref": "#/definitions/SearchUserQueryResult" } }, + "setRoleAssignmentsResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RoleAssignmentsDTO" + } + }, "testAlertResponse": { "description": "(empty)", "schema": { diff --git a/public/openapi3.json b/public/openapi3.json index e39114c079f..da61c26763b 100644 --- a/public/openapi3.json +++ b/public/openapi3.json @@ -50,6 +50,25 @@ }, "description": "AcceptedResponse" }, + "addPermissionResponse": { + "content": { + "application/json": { + "schema": { + "properties": { + "message": { + "type": "string" + }, + "permissionId": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + } + }, + "description": "(empty)" + }, "adminCreateUserResponse": { "content": { "application/json": { @@ -127,6 +146,20 @@ }, "description": "ConflictError" }, + "contentResponse": { + "content": { + "application/json": { + "schema": { + "items": { + "format": "uint8", + "type": "integer" + }, + "type": "array" + } + } + }, + "description": "(empty)" + }, "createCorrelationResponse": { "content": { "application/json": { @@ -242,6 +275,35 @@ }, "description": "(empty)" }, + "createReportResponse": { + "content": { + "application/json": { + "schema": { + "properties": { + "id": { + "format": "int64", + "type": "integer" + }, + "message": { + "type": "string" + } + }, + "type": "object" + } + } + }, + "description": "(empty)" + }, + "createRoleResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RoleDTO" + } + } + }, + "description": "(empty)" + }, "createServiceAccountResponse": { "content": { "application/json": { @@ -486,6 +548,16 @@ }, "description": "(empty)" }, + "getAccessControlStatusResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Status" + } + } + }, + "description": "(empty)" + }, "getAlertNotificationChannelResponse": { "content": { "application/json": { @@ -545,6 +617,29 @@ }, "description": "(empty)" }, + "getAllPermissionseResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DataSourcePermissionsDTO" + } + } + }, + "description": "(empty)" + }, + "getAllRolesResponse": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/RoleDTO" + }, + "type": "array" + } + } + }, + "description": "(empty)" + }, "getAnnotationByIDResponse": { "content": { "application/json": { @@ -624,6 +719,19 @@ }, "description": "(empty)" }, + "getCustomPermissionsReportResponse": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/CustomPermissionsRecordDTO" + }, + "type": "array" + } + } + }, + "description": "(empty)" + }, "getDashboardPermissionsListResponse": { "content": { "application/json": { @@ -783,6 +891,16 @@ }, "description": "(empty)" }, + "getLicenseTokenResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Token" + } + } + }, + "description": "(empty)" + }, "getOrgByIDResponse": { "content": { "application/json": { @@ -941,6 +1059,59 @@ }, "description": "(empty)" }, + "getReportResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ConfigDTO" + } + } + }, + "description": "(empty)" + }, + "getReportSettingsResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsDTO" + } + } + }, + "description": "(empty)" + }, + "getReportsResponse": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/ConfigDTO" + }, + "type": "array" + } + } + }, + "description": "(empty)" + }, + "getRoleAssignmentsResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RoleAssignmentsDTO" + } + } + }, + "description": "(empty)" + }, + "getRoleResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RoleDTO" + } + } + }, + "description": "(empty)" + }, "getSharingOptionsResponse": { "content": { "application/json": { @@ -988,6 +1159,19 @@ }, "description": "(empty)" }, + "getStatusResponse": { + "description": "(empty)" + }, + "getSyncStatusResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ActiveSyncStatusDTO" + } + } + }, + "description": "(empty)" + }, "getTeamByIDResponse": { "content": { "application/json": { @@ -998,6 +1182,19 @@ }, "description": "(empty)" }, + "getTeamGroupsApiResponse": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/TeamGroupDTO" + }, + "type": "array" + } + } + }, + "description": "(empty)" + }, "getTeamMembersResponse": { "content": { "application/json": { @@ -1089,6 +1286,48 @@ }, "description": "InternalServerError is a general error indicating something went wrong internally." }, + "listBuiltinRolesResponse": { + "content": { + "application/json": { + "schema": { + "additionalProperties": { + "items": { + "$ref": "#/components/schemas/RoleDTO" + }, + "type": "array" + }, + "type": "object" + } + } + }, + "description": "(empty)" + }, + "listRecordingRulesResponse": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/RecordingRuleJSON" + }, + "type": "array" + } + } + }, + "description": "(empty)" + }, + "listRolesResponse": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/RoleDTO" + }, + "type": "array" + } + } + }, + "description": "(empty)" + }, "listSortOptionsResponse": { "content": { "application/json": { @@ -1285,6 +1524,9 @@ }, "description": "(empty)" }, + "postRenewLicenseTokenResponse": { + "description": "(empty)" + }, "preconditionFailedError": { "content": { "application/json": { @@ -1318,6 +1560,36 @@ }, "description": "(empty)" }, + "recordingRuleResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RecordingRuleJSON" + } + } + }, + "description": "(empty)" + }, + "recordingRuleWriteTargetResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PrometheusRemoteWriteTargetJSON" + } + } + }, + "description": "(empty)" + }, + "refreshLicenseStatsResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ActiveUserStats" + } + } + }, + "description": "(empty)" + }, "retrieveServiceAccountResponse": { "content": { "application/json": { @@ -1394,6 +1666,16 @@ }, "description": "(empty)" }, + "searchResultResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SearchResult" + } + } + }, + "description": "(empty)" + }, "searchTeamsResponse": { "content": { "application/json": { @@ -1405,6 +1687,19 @@ "description": "(empty)" }, "searchUsersResponse": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/UserSearchHitDTO" + }, + "type": "array" + } + } + }, + "description": "(empty)" + }, + "searchUsersWithPagingResponse": { "content": { "application/json": { "schema": { @@ -1414,6 +1709,16 @@ }, "description": "(empty)" }, + "setRoleAssignmentsResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RoleAssignmentsDTO" + } + } + }, + "description": "(empty)" + }, "testAlertResponse": { "content": { "application/json": { @@ -1529,6 +1834,42 @@ "Ack": { "type": "object" }, + "ActiveSyncStatusDTO": { + "description": "ActiveSyncStatusDTO holds the information for LDAP background Sync", + "properties": { + "enabled": { + "type": "boolean" + }, + "nextSync": { + "format": "date-time", + "type": "string" + }, + "prevSync": { + "$ref": "#/components/schemas/SyncResult" + }, + "schedule": { + "type": "string" + } + }, + "type": "object" + }, + "ActiveUserStats": { + "properties": { + "active_admins_and_editors": { + "format": "int64", + "type": "integer" + }, + "active_users": { + "format": "int64", + "type": "integer" + }, + "active_viewers": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "AddCommand": { "properties": { "name": { @@ -1536,6 +1877,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -1607,6 +1949,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -1626,6 +1969,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -1635,6 +1979,25 @@ }, "type": "object" }, + "AddPermissionDTO": { + "properties": { + "builtinRole": { + "type": "string" + }, + "permission": { + "$ref": "#/components/schemas/DsPermissionType" + }, + "teamId": { + "format": "int64", + "type": "integer" + }, + "userId": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "AddServiceAccountTokenCommand": { "properties": { "name": { @@ -1656,6 +2019,25 @@ }, "type": "object" }, + "AddTeamRoleCommand": { + "properties": { + "roleUid": { + "type": "string" + } + }, + "type": "object" + }, + "AddUserRoleCommand": { + "properties": { + "global": { + "type": "boolean" + }, + "roleUid": { + "type": "string" + } + }, + "type": "object" + }, "Address": { "properties": { "address1": { @@ -2448,6 +2830,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -2570,6 +2953,26 @@ "title": "BasicAuth contains basic HTTP authentication credentials.", "type": "object" }, + "BrandingOptionsDTO": { + "properties": { + "emailFooterLink": { + "type": "string" + }, + "emailFooterMode": { + "type": "string" + }, + "emailFooterText": { + "type": "string" + }, + "emailLogoUrl": { + "type": "string" + }, + "reportLogoUrl": { + "type": "string" + } + }, + "type": "object" + }, "CalculateDiffTarget": { "properties": { "dashboardId": { @@ -2632,6 +3035,88 @@ "title": "Config is the top-level configuration for Alertmanager's config files.", "type": "object" }, + "ConfigDTO": { + "description": "ConfigDTO is model representation in transfer", + "properties": { + "created": { + "format": "date-time", + "type": "string" + }, + "dashboardId": { + "format": "int64", + "type": "integer" + }, + "dashboardName": { + "type": "string" + }, + "dashboardUid": { + "type": "string" + }, + "dashboards": { + "items": { + "$ref": "#/components/schemas/DashboardDTO" + }, + "type": "array" + }, + "enableCsv": { + "type": "boolean" + }, + "enableDashboardUrl": { + "type": "boolean" + }, + "formats": { + "items": { + "$ref": "#/components/schemas/Type" + }, + "type": "array" + }, + "id": { + "format": "int64", + "type": "integer" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "options": { + "$ref": "#/components/schemas/ReportOptionsDTO" + }, + "orgId": { + "format": "int64", + "type": "integer" + }, + "recipients": { + "type": "string" + }, + "replyTo": { + "type": "string" + }, + "scaleFactor": { + "format": "int64", + "type": "integer" + }, + "schedule": { + "$ref": "#/components/schemas/ScheduleDTO" + }, + "state": { + "$ref": "#/components/schemas/State" + }, + "templateVars": { + "type": "object" + }, + "updated": { + "format": "date-time", + "type": "string" + }, + "userId": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "ContactPoints": { "items": { "$ref": "#/components/schemas/EmbeddedContactPoint" @@ -2912,6 +3397,64 @@ }, "type": "object" }, + "CreateOrUpdateConfigCmd": { + "properties": { + "dashboardId": { + "format": "int64", + "type": "integer" + }, + "dashboardUid": { + "type": "string" + }, + "dashboards": { + "items": { + "$ref": "#/components/schemas/DashboardDTO" + }, + "type": "array" + }, + "enableCsv": { + "type": "boolean" + }, + "enableDashboardUrl": { + "type": "boolean" + }, + "formats": { + "items": { + "$ref": "#/components/schemas/Type" + }, + "type": "array" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "options": { + "$ref": "#/components/schemas/ReportOptionsDTO" + }, + "recipients": { + "type": "string" + }, + "replyTo": { + "type": "string" + }, + "scaleFactor": { + "format": "int64", + "type": "integer" + }, + "schedule": { + "$ref": "#/components/schemas/ScheduleDTO" + }, + "state": { + "$ref": "#/components/schemas/State" + }, + "templateVars": { + "type": "object" + } + }, + "type": "object" + }, "CreateOrgCommand": { "properties": { "name": { @@ -2954,6 +3497,42 @@ ], "type": "object" }, + "CreateRoleForm": { + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "global": { + "type": "boolean" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "items": { + "$ref": "#/components/schemas/Permission" + }, + "type": "array" + }, + "uid": { + "type": "string" + }, + "version": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "CreateServiceAccountForm": { "properties": { "isDisabled": { @@ -2966,6 +3545,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -2987,6 +3567,53 @@ }, "type": "object" }, + "CustomPermissionsRecordDTO": { + "properties": { + "customPermissions": { + "type": "string" + }, + "granteeName": { + "type": "string" + }, + "granteeType": { + "type": "string" + }, + "granteeUrl": { + "type": "string" + }, + "id": { + "format": "int64", + "type": "integer" + }, + "isFolder": { + "type": "boolean" + }, + "orgId": { + "format": "int64", + "type": "integer" + }, + "orgRole": { + "type": "string" + }, + "slug": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uid": { + "type": "string" + }, + "url": { + "type": "string" + }, + "usersCount": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "DashboardACLInfoDTO": { "properties": { "created": { @@ -3015,6 +3642,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -3073,6 +3701,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -3090,6 +3719,20 @@ }, "type": "object" }, + "DashboardDTO": { + "properties": { + "dashboard": { + "$ref": "#/components/schemas/DashboardReportDTO" + }, + "reportVariables": { + "type": "object" + }, + "timeRange": { + "$ref": "#/components/schemas/TimeRangeDTO" + } + }, + "type": "object" + }, "DashboardFullWithMeta": { "properties": { "dashboard": { @@ -3203,6 +3846,21 @@ }, "type": "object" }, + "DashboardReportDTO": { + "properties": { + "id": { + "format": "int64", + "type": "integer" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + }, + "type": "object" + }, "DashboardSnapshotDTO": { "description": "DashboardSnapshotDTO without dashboard map", "properties": { @@ -3460,6 +4118,83 @@ }, "type": "object" }, + "DataSourcePermissionRuleDTO": { + "properties": { + "builtInRole": { + "type": "string" + }, + "created": { + "format": "date-time", + "type": "string" + }, + "datasourceId": { + "format": "int64", + "type": "integer" + }, + "id": { + "format": "int64", + "type": "integer" + }, + "isManaged": { + "type": "boolean" + }, + "permission": { + "$ref": "#/components/schemas/DsPermissionType" + }, + "permissionName": { + "type": "string" + }, + "team": { + "type": "string" + }, + "teamAvatarUrl": { + "type": "string" + }, + "teamEmail": { + "type": "string" + }, + "teamId": { + "format": "int64", + "type": "integer" + }, + "updated": { + "format": "date-time", + "type": "string" + }, + "userAvatarUrl": { + "type": "string" + }, + "userEmail": { + "type": "string" + }, + "userId": { + "format": "int64", + "type": "integer" + }, + "userLogin": { + "type": "string" + } + }, + "type": "object" + }, + "DataSourcePermissionsDTO": { + "properties": { + "datasourceId": { + "format": "int64", + "type": "integer" + }, + "enabled": { + "type": "boolean" + }, + "permissions": { + "items": { + "$ref": "#/components/schemas/DataSourcePermissionRuleDTO" + }, + "type": "array" + } + }, + "type": "object" + }, "DataTopic": { "description": "nolint:revive", "title": "DataTopic is used to identify which topic the frame should be assigned to.", @@ -3474,6 +4209,14 @@ }, "type": "object" }, + "DeleteTokenCommand": { + "properties": { + "instance": { + "type": "string" + } + }, + "type": "object" + }, "DescendantCounts": { "additionalProperties": { "format": "int64", @@ -3522,6 +4265,11 @@ "DsAccess": { "type": "string" }, + "DsPermissionType": { + "description": "Datasource permission\nDescription:\n`0` - No Access\n`1` - Query\n`2` - Edit\nEnum: 0,1,2", + "format": "int64", + "type": "integer" + }, "Duration": { "description": "A Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years.", "format": "int64", @@ -3782,6 +4530,18 @@ }, "type": "object" }, + "FailedUser": { + "description": "FailedUser holds the information of an user that failed", + "properties": { + "Error": { + "type": "string" + }, + "Login": { + "type": "string" + } + }, + "type": "object" + }, "Failure": { "$ref": "#/components/schemas/ResponseDetails" }, @@ -6071,6 +6831,26 @@ }, "type": "object" }, + "Permission": { + "properties": { + "action": { + "type": "string" + }, + "created": { + "format": "date-time", + "type": "string" + }, + "scope": { + "type": "string" + }, + "updated": { + "format": "date-time", + "type": "string" + } + }, + "title": "Permission is the model for access control permissions.", + "type": "object" + }, "PermissionDenied": { "type": "object" }, @@ -6531,6 +7311,20 @@ }, "type": "object" }, + "PrometheusRemoteWriteTargetJSON": { + "properties": { + "data_source_uid": { + "type": "string" + }, + "id": { + "type": "string" + }, + "remote_write_path": { + "type": "string" + } + }, + "type": "object" + }, "Provenance": { "type": "string" }, @@ -7051,6 +7845,51 @@ "title": "Receiver configuration provides configuration on how to contact a receiver.", "type": "object" }, + "RecordingRuleJSON": { + "description": "RecordingRuleJSON is the external representation of a recording rule", + "properties": { + "active": { + "type": "boolean" + }, + "count": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "dest_data_source_uid": { + "type": "string" + }, + "id": { + "type": "string" + }, + "interval": { + "format": "int64", + "type": "integer" + }, + "name": { + "type": "string" + }, + "prom_name": { + "type": "string" + }, + "queries": { + "items": { + "additionalProperties": false, + "type": "object" + }, + "type": "array" + }, + "range": { + "format": "int64", + "type": "integer" + }, + "target_ref_id": { + "type": "string" + } + }, + "type": "object" + }, "Regexp": { "description": "A Regexp is safe for concurrent use by multiple goroutines,\nexcept for configuration methods, such as Longest.", "title": "Regexp is the representation of a compiled regular expression.", @@ -7068,6 +7907,41 @@ }, "type": "object" }, + "ReportEmailDTO": { + "properties": { + "email": { + "type": "string" + }, + "emails": { + "description": "Comma-separated list of emails to which to send the report to.", + "type": "string" + }, + "id": { + "description": "Send the report to the emails specified in the report. Required if emails is not present.", + "format": "int64", + "type": "string" + }, + "useEmailsFromReport": { + "description": "Send the report to the emails specified in the report. Required if emails is not present.", + "type": "boolean" + } + }, + "type": "object" + }, + "ReportOptionsDTO": { + "properties": { + "layout": { + "type": "string" + }, + "orientation": { + "type": "string" + }, + "timeRange": { + "$ref": "#/components/schemas/TimeRangeDTO" + } + }, + "type": "object" + }, "ResponseDetails": { "properties": { "msg": { @@ -7102,6 +7976,79 @@ }, "type": "object" }, + "RoleAssignmentsDTO": { + "properties": { + "role_uid": { + "type": "string" + }, + "service_accounts": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "teams": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "users": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object" + }, + "RoleDTO": { + "properties": { + "created": { + "format": "date-time", + "type": "string" + }, + "delegatable": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "items": { + "$ref": "#/components/schemas/Permission" + }, + "type": "array" + }, + "uid": { + "type": "string" + }, + "updated": { + "format": "date-time", + "type": "string" + }, + "version": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "Route": { "description": "A Route is a node that contains definitions of how to handle alerts. This is modified\nfrom the upstream alertmanager in that it adds the ObjectMatchers property.", "properties": { @@ -7399,6 +8346,49 @@ }, "type": "object" }, + "ScheduleDTO": { + "properties": { + "day": { + "type": "string" + }, + "dayOfMonth": { + "type": "string" + }, + "endDate": { + "format": "date-time", + "type": "string" + }, + "frequency": { + "type": "string" + }, + "hour": { + "format": "int64", + "type": "integer" + }, + "intervalAmount": { + "format": "int64", + "type": "integer" + }, + "intervalFrequency": { + "type": "string" + }, + "minute": { + "format": "int64", + "type": "integer" + }, + "startDate": { + "format": "date-time", + "type": "string" + }, + "timeZone": { + "type": "string" + }, + "workdaysOnly": { + "type": "boolean" + } + }, + "type": "object" + }, "SearchOrgServiceAccountsResult": { "description": "swagger: model", "properties": { @@ -7447,6 +8437,50 @@ }, "type": "object" }, + "SearchResult": { + "properties": { + "result": { + "items": { + "$ref": "#/components/schemas/SearchResultItem" + }, + "type": "array" + } + }, + "type": "object" + }, + "SearchResultItem": { + "properties": { + "action": { + "type": "string" + }, + "basicRole": { + "type": "string" + }, + "orgId": { + "format": "int64", + "type": "integer" + }, + "roleName": { + "type": "string" + }, + "scope": { + "type": "string" + }, + "teamId": { + "format": "int64", + "type": "integer" + }, + "userId": { + "format": "int64", + "type": "integer" + }, + "version": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "SearchTeamQueryResult": { "properties": { "page": { @@ -7613,6 +8647,49 @@ }, "type": "object" }, + "SetRoleAssignmentsCommand": { + "properties": { + "service_accounts": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "teams": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "users": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "type": "object" + }, + "SetUserRolesCommand": { + "properties": { + "global": { + "type": "boolean" + }, + "includeHidden": { + "type": "boolean" + }, + "roleUids": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "SettingsBag": { "additionalProperties": { "additionalProperties": { @@ -7622,6 +8699,26 @@ }, "type": "object" }, + "SettingsDTO": { + "properties": { + "branding": { + "$ref": "#/components/schemas/BrandingOptionsDTO" + }, + "id": { + "format": "int64", + "type": "integer" + }, + "orgId": { + "format": "int64", + "type": "integer" + }, + "userId": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "SigV4Config": { "description": "SigV4Config is the configuration for signing remote write requests with\nAWS's SigV4 verification process. Empty values will be retrieved using the\nAWS default credentials chain.", "properties": { @@ -7838,6 +8935,9 @@ "title": "Spec defines model for Spec.", "type": "object" }, + "State": { + "type": "string" + }, "Status": { "format": "int64", "type": "integer" @@ -7856,6 +8956,39 @@ "SupportedTransformationTypes": { "type": "string" }, + "SyncResult": { + "properties": { + "Elapsed": { + "$ref": "#/components/schemas/Duration" + }, + "FailedUsers": { + "items": { + "$ref": "#/components/schemas/FailedUser" + }, + "type": "array" + }, + "MissingUserIds": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + }, + "Started": { + "format": "date-time", + "type": "string" + }, + "UpdatedUserIds": { + "items": { + "format": "int64", + "type": "integer" + }, + "type": "array" + } + }, + "title": "SyncResult holds the result of a sync with LDAP. This gives us information on which users were updated and how.", + "type": "object" + }, "TLSConfig": { "properties": { "ca_file": { @@ -7943,6 +9076,30 @@ }, "type": "object" }, + "TeamGroupDTO": { + "properties": { + "groupId": { + "type": "string" + }, + "orgId": { + "format": "int64", + "type": "integer" + }, + "teamId": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "TeamGroupMapping": { + "properties": { + "groupId": { + "type": "string" + } + }, + "type": "object" + }, "TeamMemberDTO": { "properties": { "auth_module": { @@ -8062,6 +9219,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -8336,6 +9494,104 @@ }, "type": "object" }, + "TimeRangeDTO": { + "properties": { + "from": { + "type": "string" + }, + "to": { + "type": "string" + } + }, + "type": "object" + }, + "Token": { + "properties": { + "account": { + "type": "string" + }, + "company": { + "type": "string" + }, + "details_url": { + "type": "string" + }, + "exp": { + "format": "int64", + "type": "integer" + }, + "iat": { + "format": "int64", + "type": "integer" + }, + "included_users": { + "format": "int64", + "type": "integer" + }, + "iss": { + "type": "string" + }, + "jti": { + "type": "string" + }, + "lexp": { + "format": "int64", + "type": "integer" + }, + "lic_exp_warn_days": { + "format": "int64", + "type": "integer" + }, + "lid": { + "type": "string" + }, + "limit_by": { + "type": "string" + }, + "max_concurrent_user_sessions": { + "format": "int64", + "type": "integer" + }, + "nbf": { + "format": "int64", + "type": "integer" + }, + "prod": { + "items": { + "type": "string" + }, + "type": "array" + }, + "slug": { + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/TokenStatus" + }, + "sub": { + "type": "string" + }, + "tok_exp_warn_days": { + "format": "int64", + "type": "integer" + }, + "trial": { + "type": "boolean" + }, + "trial_exp": { + "format": "int64", + "type": "integer" + }, + "update_days": { + "format": "int64", + "type": "integer" + }, + "usage_billing": { + "type": "boolean" + } + }, + "type": "object" + }, "TokenDTO": { "properties": { "created": { @@ -8378,6 +9634,10 @@ }, "type": "object" }, + "TokenStatus": { + "format": "int64", + "type": "integer" + }, "Transformation": { "properties": { "expression": { @@ -8427,6 +9687,9 @@ }, "type": "object" }, + "Type": { + "type": "string" + }, "URL": { "properties": { "ForceQuery": { @@ -8725,6 +9988,7 @@ "properties": { "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -8810,6 +10074,39 @@ }, "type": "object" }, + "UpdateRoleCommand": { + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "global": { + "type": "boolean" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "items": { + "$ref": "#/components/schemas/Permission" + }, + "type": "array" + }, + "version": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "UpdateServiceAccountForm": { "properties": { "isDisabled": { @@ -8820,6 +10117,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -8899,6 +10197,7 @@ }, "role": { "enum": [ + "None", "Viewer", "Editor", "Admin" @@ -9800,6 +11099,701 @@ }, "openapi": "3.0.3", "paths": { + "/access-control/assignments/search": { + "post": { + "description": "Returns the result of the search through access-control role assignments.\n\nYou need to have a permission with action `teams.roles:read` on scope `teams:*`\nand a permission with action `users.roles:read` on scope `users:*`.", + "operationId": "searchResult", + "responses": { + "200": { + "$ref": "#/components/responses/searchResultResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Debug permissions.", + "tags": [ + "enterprise" + ] + } + }, + "/access-control/roles": { + "get": { + "description": "Gets all existing roles. The response contains all global and organization local roles, for the organization which user is signed in.\n\nYou need to have a permission with action `roles:read` and scope `roles:*`.", + "operationId": "listRoles", + "parameters": [ + { + "in": "query", + "name": "delegatable", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/listRolesResponse" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get all roles.", + "tags": [ + "access_control", + "enterprise" + ] + }, + "post": { + "description": "Creates a new custom role and maps given permissions to that role. Note that roles with the same prefix as Fixed Roles can’t be created.\n\nYou need to have a permission with action `roles:write` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only create custom roles with the same, or a subset of permissions which the user has.\nFor example, if a user does not have required permissions for creating users, they won’t be able to create a custom role which allows to do that. This is done to prevent escalation of privileges.", + "operationId": "createRole", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateRoleForm" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "201": { + "$ref": "#/components/responses/createRoleResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Create a new custom role.", + "tags": [ + "access_control", + "enterprise" + ] + } + }, + "/access-control/roles/{roleUID}": { + "delete": { + "description": "Delete a role with the given UID, and it’s permissions. If the role is assigned to a built-in role, the deletion operation will fail, unless force query param is set to true, and in that case all assignments will also be deleted.\n\nYou need to have a permission with action `roles:delete` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only delete a custom role with the same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to delete a custom role which allows to do that.", + "operationId": "deleteRole", + "parameters": [ + { + "in": "query", + "name": "force", + "schema": { + "type": "boolean" + } + }, + { + "in": "query", + "name": "global", + "schema": { + "type": "boolean" + } + }, + { + "in": "path", + "name": "roleUID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Delete a custom role.", + "tags": [ + "access_control", + "enterprise" + ] + }, + "get": { + "description": "Get a role for the given UID.\n\nYou need to have a permission with action `roles:read` and scope `roles:*`.", + "operationId": "getRole", + "parameters": [ + { + "in": "path", + "name": "roleUID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/getRoleResponse" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get a role.", + "tags": [ + "access_control", + "enterprise" + ] + }, + "put": { + "description": "You need to have a permission with action `roles:write` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only create custom roles with the same, or a subset of permissions which the user has.", + "operationId": "updateRole", + "parameters": [ + { + "in": "path", + "name": "roleUID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/UpdateRoleCommand" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/getRoleResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Update a custom role.", + "tags": [ + "access_control", + "enterprise" + ] + } + }, + "/access-control/roles/{roleUID}/assignments": { + "get": { + "description": "Get role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.", + "operationId": "getRoleAssignments", + "parameters": [ + { + "in": "path", + "name": "roleUID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/getRoleAssignmentsResponse" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get role assignments.", + "tags": [ + "access_control", + "enterprise" + ] + }, + "put": { + "description": "Set role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:add` and `teams.roles:remove` and scope `permissions:type:delegate`, and `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate`.", + "operationId": "setRoleAssignments", + "parameters": [ + { + "in": "path", + "name": "roleUID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SetRoleAssignmentsCommand" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/setRoleAssignmentsResponse" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Set role assignments.", + "tags": [ + "access_control", + "enterprise" + ] + } + }, + "/access-control/status": { + "get": { + "description": "Returns an indicator to check if fine-grained access control is enabled or not.\n\nYou need to have a permission with action `status:accesscontrol` and scope `services:accesscontrol`.", + "operationId": "getAccessControlStatus", + "responses": { + "200": { + "$ref": "#/components/responses/getAccessControlStatusResponse" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get status.", + "tags": [ + "access_control", + "enterprise" + ] + } + }, + "/access-control/teams/{teamId}/roles": { + "get": { + "description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.", + "operationId": "listTeamRoles", + "parameters": [ + { + "in": "path", + "name": "teamId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get team roles.", + "tags": [ + "access_control", + "enterprise" + ] + }, + "post": { + "description": "You need to have a permission with action `teams.roles:add` and scope `permissions:type:delegate`.", + "operationId": "addTeamRole", + "parameters": [ + { + "in": "path", + "name": "teamId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AddTeamRoleCommand" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Add team role.", + "tags": [ + "access_control", + "enterprise" + ] + }, + "put": { + "description": "You need to have a permission with action `teams.roles:add` and `teams.roles:remove` and scope `permissions:type:delegate` for each.", + "operationId": "setTeamRoles", + "parameters": [ + { + "in": "path", + "name": "teamId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Update team role.", + "tags": [ + "access_control", + "enterprise" + ] + } + }, + "/access-control/teams/{teamId}/roles/{roleUID}": { + "delete": { + "description": "You need to have a permission with action `teams.roles:remove` and scope `permissions:type:delegate`.", + "operationId": "removeTeamRole", + "parameters": [ + { + "in": "path", + "name": "roleUID", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "teamId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Remove team role.", + "tags": [ + "access_control", + "enterprise" + ] + } + }, + "/access-control/users/{userId}/roles": { + "get": { + "description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.", + "operationId": "listUserRoles", + "parameters": [ + { + "in": "path", + "name": "userId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/getAllRolesResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "List roles assigned to a user.", + "tags": [ + "access_control", + "enterprise" + ] + }, + "post": { + "description": "Assign a role to a specific user. For bulk updates consider Set user role assignments.\n\nYou need to have a permission with action `users.roles:add` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only assign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to assign a role which will allow to do that. This is done to prevent escalation of privileges.", + "operationId": "addUserRole", + "parameters": [ + { + "in": "path", + "name": "userId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AddUserRoleCommand" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Add a user role assignment.", + "tags": [ + "access_control", + "enterprise" + ] + }, + "put": { + "description": "Update the user’s role assignments to match the provided set of UIDs. This will remove any assigned roles that aren’t in the request and add roles that are in the set but are not already assigned to the user.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.", + "operationId": "setUserRoles", + "parameters": [ + { + "in": "path", + "name": "userId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SetUserRolesCommand" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Set user role assignments.", + "tags": [ + "access_control", + "enterprise" + ] + } + }, + "/access-control/users/{userId}/roles/{roleUID}": { + "delete": { + "description": "Revoke a role from a user. For bulk updates consider Set user role assignments.\n\nYou need to have a permission with action `users.roles:remove` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to unassign a role which will allow to do that. This is done to prevent escalation of privileges.", + "operationId": "removeUserRole", + "parameters": [ + { + "description": "A flag indicating if the assignment is global or not. If set to false, the default org ID of the authenticated user will be used from the request to remove assignment.", + "in": "query", + "name": "global", + "schema": { + "type": "boolean" + } + }, + { + "in": "path", + "name": "roleUID", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "userId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Remove a user role assignment.", + "tags": [ + "access_control", + "enterprise" + ] + } + }, + "/admin/ldap-sync-status": { + "get": { + "description": "You need to have a permission with action `ldap.status:read`.", + "operationId": "getSyncStatus", + "responses": { + "200": { + "$ref": "#/components/responses/getSyncStatusResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Returns the current state of the LDAP background sync integration.", + "tags": [ + "ldap_debug" + ] + } + }, "/admin/ldap/reload": { "post": { "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `ldap.config:reload`.", @@ -9976,6 +11970,27 @@ ] } }, + "/admin/provisioning/access-control/reload": { + "post": { + "operationId": "adminProvisioningReloadAccessControl", + "responses": { + "202": { + "$ref": "#/components/responses/acceptedResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + } + }, + "summary": "You need to have a permission with action `provisioning:reload` with scope `provisioners:accesscontrol`.", + "tags": [ + "access_control_provisioning", + "enterprise" + ] + } + }, "/admin/provisioning/dashboards/reload": { "post": { "description": "Reloads the provisioning config files for dashboards again. It won’t return until the new provisioned entities are already stored in the database. In case of dashboards, it will stop polling for changes in dashboard files and then restart it with new configurations after returning.\nIf you are running Grafana Enterprise and have Fine-grained access control enabled, you need to have a permission with action `provisioning:reload` and scope `provisioners:dashboards`.", @@ -14538,6 +16553,236 @@ ] } }, + "/datasources/{datasourceId}/disable-permissions": { + "post": { + "description": "Disables permissions for the data source with the given id. All existing permissions will be removed and anyone will be able to query the data source.\n\nYou need to have a permission with action `datasources.permissions:toggle` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.", + "operationId": "disablePermissions", + "parameters": [ + { + "in": "path", + "name": "datasourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/createOrUpdateDatasourceResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Disable permissions for a data source.", + "tags": [ + "datasource_permissions", + "enterprise" + ] + } + }, + "/datasources/{datasourceId}/enable-permissions": { + "post": { + "description": "Enables permissions for the data source with the given id.\nNo one except Org Admins will be able to query the data source until permissions have been added\nwhich permit certain users or teams to query the data source.\n\nYou need to have a permission with action `datasources.permissions:toggle` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.", + "operationId": "enablePermissions", + "parameters": [ + { + "in": "path", + "name": "datasourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/createOrUpdateDatasourceResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Enable permissions for a data source.", + "tags": [ + "datasource_permissions", + "enterprise" + ] + } + }, + "/datasources/{datasourceId}/permissions": { + "get": { + "description": "Gets all existing permissions for the data source with the given id.\n\nYou need to have a permission with action `datasources.permissions:read` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.\nDeprecated. Please use GET /api/access-control/datasources/:uid", + "operationId": "getAllPermissions", + "parameters": [ + { + "in": "path", + "name": "datasourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/getAllPermissionseResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get permissions for a data source.", + "tags": [ + "datasource_permissions", + "enterprise" + ] + }, + "post": { + "description": "You need to have a permission with action `datasources.permissions:read` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.\nDeprecated. Please use POST /api/access-control/datasources/:uid/users/:id, /api/access-control/datasources/:uid/teams/:id or /api/access-control/datasources/:uid/buildInRoles/:id", + "operationId": "addPermission", + "parameters": [ + { + "in": "query", + "name": "userId", + "schema": { + "format": "int64", + "type": "integer" + } + }, + { + "in": "query", + "name": "teamId", + "schema": { + "format": "int64", + "type": "integer" + } + }, + { + "in": "query", + "name": "builtinRole", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "permission", + "schema": { + "format": "int64", + "type": "integer" + } + }, + { + "in": "path", + "name": "datasourceId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/addPermissionResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Add permissions for a data source.", + "tags": [ + "datasource_permissions", + "enterprise" + ] + } + }, + "/datasources/{datasourceId}/permissions/{permissionId}": { + "delete": { + "description": "Removes the permission with the given permissionId for the data source with the given id.\n\nYou need to have a permission with action `datasources.permissions:delete` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).\n\nDeprecated: true.\nDeprecated. Please use POST /api/access-control/datasources/:uid/users/:id, /api/access-control/datasources/:uid/teams/:id or /api/access-control/datasources/:uid/buildInRoles/:id", + "operationId": "deletePermissions", + "parameters": [ + { + "in": "path", + "name": "datasourceId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "permissionId", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + } + }, + "summary": "Remove permission for a data source.", + "tags": [ + "datasource_permissions", + "enterprise" + ] + } + }, "/datasources/{id}": { "delete": { "deprecated": true, @@ -15549,6 +17794,216 @@ ] } }, + "/licensing/check": { + "get": { + "operationId": "getStatus", + "responses": { + "200": { + "$ref": "#/components/responses/getStatusResponse" + } + }, + "summary": "Check license availability.", + "tags": [ + "licensing", + "enterprise" + ] + } + }, + "/licensing/custom-permissions": { + "get": { + "description": "You need to have a permission with action `licensing.reports:read`.", + "operationId": "getCustomPermissionsReport", + "responses": { + "200": { + "$ref": "#/components/responses/getCustomPermissionsReportResponse" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get custom permissions report.", + "tags": [ + "licensing", + "enterprise" + ] + } + }, + "/licensing/custom-permissions-csv": { + "get": { + "description": "You need to have a permission with action `licensing.reports:read`.", + "operationId": "getCustomPermissionsCSV", + "responses": { + "200": { + "$ref": "#/components/responses/getCustomPermissionsReportResponse" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get custom permissions report in CSV format.", + "tags": [ + "licensing", + "enterprise" + ] + } + }, + "/licensing/refresh-stats": { + "get": { + "description": "You need to have a permission with action `licensing:read`.", + "operationId": "refreshLicenseStats", + "responses": { + "200": { + "$ref": "#/components/responses/refreshLicenseStatsResponse" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Refresh license stats.", + "tags": [ + "licensing", + "enterprise" + ] + } + }, + "/licensing/token": { + "delete": { + "description": "Removes the license stored in the Grafana database. Available in Grafana Enterprise v7.4+.\n\nYou need to have a permission with action `licensing:delete`.", + "operationId": "deleteLicenseToken", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeleteTokenCommand" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "202": { + "$ref": "#/components/responses/acceptedResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "422": { + "$ref": "#/components/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Remove license from database.", + "tags": [ + "licensing", + "enterprise" + ] + }, + "get": { + "description": "You need to have a permission with action `licensing:read`.", + "operationId": "getLicenseToken", + "responses": { + "200": { + "$ref": "#/components/responses/getLicenseTokenResponse" + } + }, + "summary": "Get license token.", + "tags": [ + "licensing", + "enterprise" + ] + }, + "post": { + "description": "You need to have a permission with action `licensing:update`.", + "operationId": "postLicenseToken", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeleteTokenCommand" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/getLicenseTokenResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + } + }, + "summary": "Create license token.", + "tags": [ + "licensing", + "enterprise" + ] + } + }, + "/licensing/token/renew": { + "post": { + "description": "Manually ask license issuer for a new token. Available in Grafana Enterprise v7.4+.\n\nYou need to have a permission with action `licensing:update`.", + "operationId": "postRenewLicenseToken", + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/postRenewLicenseTokenResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + } + }, + "summary": "Manually force license refresh.", + "tags": [ + "licensing", + "enterprise" + ] + } + }, + "/logout/saml": { + "get": { + "operationId": "getSAMLLogout", + "responses": { + "302": { + "description": "(empty)" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "GetLogout initiates single logout process.", + "tags": [ + "saml", + "enterprise" + ] + } + }, "/org": { "get": { "operationId": "getCurrentOrg", @@ -17216,6 +19671,865 @@ ] } }, + "/recording-rules": { + "get": { + "operationId": "listRecordingRules", + "responses": { + "200": { + "$ref": "#/components/responses/listRecordingRulesResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Lists all rules in the database: active or deleted.", + "tags": [ + "recording_rules", + "enterprise" + ] + }, + "post": { + "operationId": "createRecordingRule", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RecordingRuleJSON" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/recordingRuleResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Create a recording rule that is then registered and started.", + "tags": [ + "recording_rules", + "enterprise" + ] + }, + "put": { + "operationId": "updateRecordingRule", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RecordingRuleJSON" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/recordingRuleResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Update the active status of a rule.", + "tags": [ + "recording_rules", + "enterprise" + ] + } + }, + "/recording-rules/test": { + "post": { + "operationId": "testCreateRecordingRule", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RecordingRuleJSON" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "422": { + "$ref": "#/components/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Test a recording rule.", + "tags": [ + "recording_rules", + "enterprise" + ] + } + }, + "/recording-rules/writer": { + "delete": { + "operationId": "deleteRecordingRuleWriteTarget", + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Delete the remote write target.", + "tags": [ + "recording_rules", + "enterprise" + ] + }, + "get": { + "operationId": "getRecordingRuleWriteTarget", + "responses": { + "200": { + "$ref": "#/components/responses/recordingRuleWriteTargetResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Return the prometheus remote write target.", + "tags": [ + "recording_rules", + "enterprise" + ] + }, + "post": { + "description": "It returns a 422 if there is not an existing prometheus data source configured.", + "operationId": "createRecordingRuleWriteTarget", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/PrometheusRemoteWriteTargetJSON" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/recordingRuleWriteTargetResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "422": { + "$ref": "#/components/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Create a remote write target.", + "tags": [ + "recording_rules", + "enterprise" + ] + } + }, + "/recording-rules/{recordingRuleID}": { + "delete": { + "operationId": "deleteRecordingRule", + "parameters": [ + { + "in": "path", + "name": "recordingRuleID", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Delete removes the rule from the registry and stops it.", + "tags": [ + "recording_rules", + "enterprise" + ] + } + }, + "/reports": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports:read` with scope `reports:*`.", + "operationId": "getReports", + "responses": { + "200": { + "$ref": "#/components/responses/getReportsResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "List reports.", + "tags": [ + "reports", + "enterprise" + ] + }, + "post": { + "description": "Available to org admins only and with a valid license.\n\nYou need to have a permission with action `reports.admin:create`.", + "operationId": "createReport", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateOrUpdateConfigCmd" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/createReportResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Create a report.", + "tags": [ + "reports", + "enterprise" + ] + } + }, + "/reports/email": { + "post": { + "description": "Generate and send a report. This API waits for the report to be generated before returning. We recommend that you set the client’s timeout to at least 60 seconds. Available to org admins only and with a valid license.\n\nOnly available in Grafana Enterprise v7.0+.\nThis API endpoint is experimental and may be deprecated in a future release. On deprecation, a migration strategy will be provided and the endpoint will remain functional until the next major release of Grafana.\n\nYou need to have a permission with action `reports:send`.", + "operationId": "sendReport", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ReportEmailDTO" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Send a report.", + "tags": [ + "reports", + "enterprise" + ] + } + }, + "/reports/render/pdf/{dashboardID}": { + "get": { + "deprecated": true, + "description": "Please refer to [reports enterprise](#/reports/renderReportPDFs) instead. This will be removed in Grafana 10.", + "operationId": "renderReportPDF", + "parameters": [ + { + "in": "path", + "name": "DashboardID", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + }, + { + "in": "path", + "name": "dashboardID", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + }, + { + "in": "query", + "name": "title", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "variables", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "from", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "to", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "orientation", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "layout", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/contentResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Render report for dashboard.", + "tags": [ + "reports", + "enterprise" + ] + } + }, + "/reports/render/pdfs": { + "get": { + "description": "Available to all users and with a valid license.", + "operationId": "renderReportPDFs", + "parameters": [ + { + "in": "query", + "name": "dashboardID", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "orientation", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "layout", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/contentResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Render report for multiple dashboards.", + "tags": [ + "reports", + "enterprise" + ] + } + }, + "/reports/settings": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.settings:read`x.", + "operationId": "getReportSettings", + "responses": { + "200": { + "$ref": "#/components/responses/getReportSettingsResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get settings.", + "tags": [ + "reports", + "enterprise" + ] + }, + "post": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.settings:write`xx.", + "operationId": "saveReportSettings", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SettingsDTO" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Save settings.", + "tags": [ + "reports", + "enterprise" + ] + } + }, + "/reports/test-email": { + "post": { + "description": "Available to org admins only and with a valid license.\n\nYou need to have a permission with action `reports:send`.", + "operationId": "sendTestEmail", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateOrUpdateConfigCmd" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Send test report via email.", + "tags": [ + "reports", + "enterprise" + ] + } + }, + "/reports/{id}": { + "delete": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.delete` with scope `reports:id:\u003creport ID\u003e`.", + "operationId": "deleteReport", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Delete a report.", + "tags": [ + "reports", + "enterprise" + ] + }, + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports:read` with scope `reports:id:\u003creport ID\u003e`.", + "operationId": "getReport", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/getReportResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get a report.", + "tags": [ + "reports", + "enterprise" + ] + }, + "put": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.admin:write` with scope `reports:id:\u003creport ID\u003e`.", + "operationId": "updateReport", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CreateOrUpdateConfigCmd" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Update a report.", + "tags": [ + "reports", + "enterprise" + ] + } + }, + "/saml/acs": { + "post": { + "operationId": "postACS", + "parameters": [ + { + "in": "query", + "name": "RelayState", + "schema": { + "type": "string" + } + } + ], + "responses": { + "302": { + "description": "(empty)" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "It performs assertion Consumer Service (ACS).", + "tags": [ + "saml", + "enterprise" + ] + } + }, + "/saml/metadata": { + "get": { + "operationId": "getMetadata", + "responses": { + "200": { + "$ref": "#/components/responses/contentResponse" + } + }, + "summary": "It exposes the SP (Grafana's) metadata for the IdP's consumption.", + "tags": [ + "saml", + "enterprise" + ] + } + }, + "/saml/slo": { + "get": { + "description": "There might be two possible requests:\n1. Logout response (callback) when Grafana initiates single logout and IdP returns response to logout request.\n2. Logout request when another SP initiates single logout and IdP sends logout request to the Grafana,\nor in case of IdP-initiated logout.", + "operationId": "getSLO", + "responses": { + "302": { + "description": "(empty)" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "It performs Single Logout (SLO) callback.", + "tags": [ + "saml", + "enterprise" + ] + }, + "post": { + "description": "There might be two possible requests:\n1. Logout response (callback) when Grafana initiates single logout and IdP returns response to logout request.\n2. Logout request when another SP initiates single logout and IdP sends logout request to the Grafana,\nor in case of IdP-initiated logout.", + "operationId": "postSLO", + "parameters": [ + { + "in": "query", + "name": "SAMLRequest", + "schema": { + "type": "string" + } + }, + { + "in": "query", + "name": "SAMLResponse", + "schema": { + "type": "string" + } + } + ], + "responses": { + "302": { + "description": "(empty)" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "It performs Single Logout (SLO) callback.", + "tags": [ + "saml", + "enterprise" + ] + } + }, "/search": { "get": { "operationId": "search", @@ -17993,6 +21307,193 @@ ] } }, + "/teams/{teamId}/groups": { + "delete": { + "operationId": "removeTeamGroupApiQuery", + "parameters": [ + { + "in": "query", + "name": "groupId", + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "teamId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Remove External Group.", + "tags": [ + "sync_team_groups", + "enterprise" + ] + }, + "get": { + "operationId": "getTeamGroupsApi", + "parameters": [ + { + "in": "path", + "name": "teamId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/getTeamGroupsApiResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Get External Groups.", + "tags": [ + "sync_team_groups", + "enterprise" + ] + }, + "post": { + "operationId": "addTeamGroupApi", + "parameters": [ + { + "in": "path", + "name": "teamId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TeamGroupMapping" + } + } + }, + "required": true, + "x-originalParamName": "body" + }, + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Add External Group.", + "tags": [ + "sync_team_groups", + "enterprise" + ] + } + }, + "/teams/{teamId}/groups/{groupId}": { + "delete": { + "deprecated": true, + "operationId": "removeTeamGroupApi", + "parameters": [ + { + "in": "path", + "name": "groupId", + "required": true, + "schema": { + "type": "string" + } + }, + { + "in": "path", + "name": "teamId", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/okResponse" + }, + "400": { + "$ref": "#/components/responses/badRequestError" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "404": { + "$ref": "#/components/responses/notFoundError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "summary": "Remove External Group.", + "tags": [ + "sync_team_groups", + "enterprise" + ] + } + }, "/teams/{team_id}": { "delete": { "operationId": "deleteTeamByID", @@ -19020,7 +22521,7 @@ "operationId": "searchUsersWithPaging", "responses": { "200": { - "$ref": "#/components/responses/searchUsersResponse" + "$ref": "#/components/responses/searchUsersWithPagingResponse" }, "401": { "$ref": "#/components/responses/unauthorisedError"