diff --git a/pkg/api/org_users.go b/pkg/api/org_users.go index 0d35a766191..a3151f2936b 100644 --- a/pkg/api/org_users.go +++ b/pkg/api/org_users.go @@ -548,6 +548,13 @@ type RemoveOrgUserParams struct { UserID int64 `json:"user_id"` } +// swagger:parameters searchOrgUsers +type SearchOrgUsersParams struct { + // in:path + // required:true + OrgID int64 `json:"org_id"` +} + // swagger:response getOrgUsersForCurrentOrgLookupResponse type GetOrgUsersForCurrentOrgLookupResponse struct { // The response message @@ -564,7 +571,14 @@ type GetOrgUsersForCurrentOrgResponse struct { // swagger:response getOrgUsersResponse type GetOrgUsersResponse struct { - // The response message + // The response message/ // in: body Body []*org.OrgUserDTO `json:"body"` } + +// swagger:response searchOrgUsersResponse +type SearchOrgUsersResponse struct { + // The response message + // in: body + Body *org.SearchOrgUsersQueryResult `json:"body"` +} diff --git a/public/api-merged.json b/public/api-merged.json index 3d0d0e26e12..2161930dd12 100644 --- a/public/api-merged.json +++ b/public/api-merged.json @@ -22,6 +22,623 @@ }, "basePath": "/api", "paths": { + "/access-control/roles": { + "get": { + "description": "Gets all existing roles. The response contains all global and organization local roles, for the organization which user is signed in.\n\nYou need to have a permission with action `roles:read` and scope `roles:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get all roles.", + "operationId": "listRoles", + "parameters": [ + { + "type": "boolean", + "name": "delegatable", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/listRolesResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Creates a new custom role and maps given permissions to that role. Note that roles with the same prefix as Fixed Roles can’t be created.\n\nYou need to have a permission with action `roles:write` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only create custom roles with the same, or a subset of permissions which the user has.\nFor example, if a user does not have required permissions for creating users, they won’t be able to create a custom role which allows to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Create a new custom role.", + "operationId": "createRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateRoleForm" + } + } + ], + "responses": { + "201": { + "$ref": "#/responses/createRoleResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/roles/{roleUID}": { + "get": { + "description": "Get a role for the given UID.\n\nYou need to have a permission with action `roles:read` and scope `roles:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get a role.", + "operationId": "getRole", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "You need to have a permission with action `roles:write` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only create custom roles with the same, or a subset of permissions which the user has.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Update a custom role.", + "operationId": "updateRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/UpdateRoleCommand" + } + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "description": "Delete a role with the given UID, and it’s permissions. If the role is assigned to a built-in role, the deletion operation will fail, unless force query param is set to true, and in that case all assignments will also be deleted.\n\nYou need to have a permission with action `roles:delete` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only delete a custom role with the same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to delete a custom role which allows to do that.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Delete a custom role.", + "operationId": "deleteRole", + "parameters": [ + { + "type": "boolean", + "name": "force", + "in": "query" + }, + { + "type": "boolean", + "name": "global", + "in": "query" + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/roles/{roleUID}/assignments": { + "get": { + "description": "Get role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get role assignments.", + "operationId": "getRoleAssignments", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleAssignmentsResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Set role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:add` and `teams.roles:remove` and scope `permissions:type:delegate`, and `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Set role assignments.", + "operationId": "setRoleAssignments", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SetRoleAssignmentsCommand" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/setRoleAssignmentsResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/status": { + "get": { + "description": "Returns an indicator to check if fine-grained access control is enabled or not.\n\nYou need to have a permission with action `status:accesscontrol` and scope `services:accesscontrol`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get status.", + "operationId": "getAccessControlStatus", + "responses": { + "200": { + "$ref": "#/responses/getAccessControlStatusResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/teams/{teamId}/roles": { + "get": { + "description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get team roles.", + "operationId": "listTeamRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "You need to have a permission with action `teams.roles:add` and `teams.roles:remove` and scope `permissions:type:delegate` for each.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Update team role.", + "operationId": "setTeamRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "You need to have a permission with action `teams.roles:add` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Add team role.", + "operationId": "addTeamRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AddTeamRoleCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/teams/{teamId}/roles/{roleUID}": { + "delete": { + "description": "You need to have a permission with action `teams.roles:remove` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Remove team role.", + "operationId": "removeTeamRole", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/users/{userId}/roles": { + "get": { + "description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "List roles assigned to a user.", + "operationId": "listUserRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getAllRolesResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Update the user’s role assignments to match the provided set of UIDs. This will remove any assigned roles that aren’t in the request and add roles that are in the set but are not already assigned to the user.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Set user role assignments.", + "operationId": "setUserRoles", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SetUserRolesCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Assign a role to a specific user. For bulk updates consider Set user role assignments.\n\nYou need to have a permission with action `users.roles:add` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only assign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to assign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Add a user role assignment.", + "operationId": "addUserRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AddUserRoleCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/users/{userId}/roles/{roleUID}": { + "delete": { + "description": "Revoke a role from a user. For bulk updates consider Set user role assignments.\n\nYou need to have a permission with action `users.roles:remove` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to unassign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Remove a user role assignment.", + "operationId": "removeUserRole", + "parameters": [ + { + "type": "boolean", + "description": "A flag indicating if the assignment is global or not. If set to false, the default org ID of the authenticated user will be used from the request to remove assignment.", + "name": "global", + "in": "query" + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/admin/ldap-sync-status": { + "get": { + "description": "You need to have a permission with action `ldap.status:read`.", + "tags": [ + "ldap_debug" + ], + "summary": "Returns the current state of the LDAP background sync integration.", + "operationId": "getSyncStatus", + "responses": { + "200": { + "$ref": "#/responses/getSyncStatusResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/admin/ldap/reload": { "post": { "security": [ @@ -193,6 +810,27 @@ } } }, + "/admin/provisioning/access-control/reload": { + "post": { + "tags": [ + "access_control_provisioning", + "enterprise" + ], + "summary": "You need to have a permission with action `provisioning:reload` with scope `provisioners:accesscontrol`.", + "operationId": "adminProvisioningReloadAccessControl", + "responses": { + "202": { + "$ref": "#/responses/acceptedResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + } + } + } + }, "/admin/provisioning/dashboards/reload": { "post": { "security": [ @@ -1803,522 +2441,6 @@ } } }, - "/api/v1/provisioning/alert-rules": { - "post": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Create a new alert rule.", - "operationId": "RoutePostAlertRule", - "parameters": [ - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/ProvisionedAlertRule" - } - }, - { - "type": "string", - "name": "X-Disable-Provenance", - "in": "header" - } - ], - "responses": { - "201": { - "description": "ProvisionedAlertRule", - "schema": { - "$ref": "#/definitions/ProvisionedAlertRule" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - } - }, - "/api/v1/provisioning/alert-rules/{UID}": { - "get": { - "tags": [ - "provisioning" - ], - "summary": "Get a specific alert rule by UID.", - "operationId": "RouteGetAlertRule", - "parameters": [ - { - "type": "string", - "description": "Alert rule UID", - "name": "UID", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "ProvisionedAlertRule", - "schema": { - "$ref": "#/definitions/ProvisionedAlertRule" - } - }, - "404": { - "description": " Not found." - } - } - }, - "put": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Update an existing alert rule.", - "operationId": "RoutePutAlertRule", - "parameters": [ - { - "type": "string", - "description": "Alert rule UID", - "name": "UID", - "in": "path", - "required": true - }, - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/ProvisionedAlertRule" - } - }, - { - "type": "string", - "name": "X-Disable-Provenance", - "in": "header" - } - ], - "responses": { - "200": { - "description": "ProvisionedAlertRule", - "schema": { - "$ref": "#/definitions/ProvisionedAlertRule" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - }, - "delete": { - "tags": [ - "provisioning" - ], - "summary": "Delete a specific alert rule by UID.", - "operationId": "RouteDeleteAlertRule", - "parameters": [ - { - "type": "string", - "description": "Alert rule UID", - "name": "UID", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": " The alert rule was deleted successfully." - } - } - } - }, - "/api/v1/provisioning/contact-points": { - "get": { - "tags": [ - "provisioning" - ], - "summary": "Find Annotations.", - "operationId": "getAnnotations", - "parameters": [ - { - "type": "integer", - "format": "int64", - "description": "Find annotations created after specific epoch datetime in milliseconds.", - "name": "from", - "in": "query" - }, - { - "type": "integer", - "format": "int64", - "description": "Find annotations created before specific epoch datetime in milliseconds.", - "name": "to", - "in": "query" - }, - { - "type": "integer", - "format": "int64", - "description": "Limit response to annotations created by specific user.", - "name": "userId", - "in": "query" - }, - { - "type": "integer", - "format": "int64", - "description": "Find annotations for a specified alert.", - "name": "alertId", - "in": "query" - }, - { - "type": "integer", - "format": "int64", - "description": "Find annotations that are scoped to a specific dashboard", - "name": "dashboardId", - "in": "query" - }, - { - "type": "string", - "description": "Find annotations that are scoped to a specific dashboard", - "name": "dashboardUID", - "in": "query" - }, - { - "type": "integer", - "format": "int64", - "description": "Find annotations that are scoped to a specific panel", - "name": "panelId", - "in": "query" - }, - { - "type": "integer", - "format": "int64", - "description": "Max limit for results returned.", - "name": "limit", - "in": "query" - }, - { - "type": "array", - "items": { - "type": "string" - }, - "collectionFormat": "multi", - "description": "Use this to filter organization annotations. Organization annotations are annotations from an annotation data source that are not connected specifically to a dashboard or panel. You can filter by multiple tags.", - "name": "tags", - "in": "query" - }, - { - "enum": [ - "alert", - "annotation" - ], - "type": "string", - "description": "Return alerts or user created annotations", - "name": "type", - "in": "query" - }, - { - "type": "boolean", - "description": "Match any or all tags", - "name": "matchAny", - "in": "query" - } - ], - "responses": { - "200": { - "$ref": "#/responses/getAnnotationsResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - }, - "post": { - "description": "Creates an annotation in the Grafana database. The dashboardId and panelId fields are optional. If they are not specified then an organization annotation is created and can be queried in any dashboard that adds the Grafana annotations data source. When creating a region annotation include the timeEnd property.\nThe format for `time` and `timeEnd` should be epoch numbers in millisecond resolution.\nThe response for this HTTP request is slightly different in versions prior to v6.4. In prior versions you would also get an endId if you where creating a region. But in 6.4 regions are represented using a single event with time and timeEnd properties.", - "tags": [ - "annotations" - ], - "summary": "Create Annotation.", - "operationId": "postAnnotation", - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PostAnnotationsCmd" - } - } - ], - "responses": { - "200": { - "$ref": "#/responses/postAnnotationResponse" - }, - "400": { - "$ref": "#/responses/badRequestError" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/annotations/graphite": { - "post": { - "description": "Creates an annotation by using Graphite-compatible event format. The `when` and `data` fields are optional. If `when` is not specified then the current time will be used as annotation’s timestamp. The `tags` field can also be in prior to Graphite `0.10.0` format (string with multiple tags being separated by a space).", - "tags": [ - "annotations" - ], - "summary": "Create Annotation in Graphite format.", - "operationId": "postGraphiteAnnotation", - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PostGraphiteAnnotationsCmd" - } - } - ], - "responses": { - "200": { - "$ref": "#/responses/postAnnotationResponse" - }, - "400": { - "$ref": "#/responses/badRequestError" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/annotations/mass-delete": { - "post": { - "tags": [ - "annotations" - ], - "summary": "Delete multiple annotations.", - "operationId": "massDeleteAnnotations", - "parameters": [ - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/MassDeleteAnnotationsCmd" - } - } - ], - "responses": { - "200": { - "$ref": "#/responses/okResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/annotations/tags": { - "get": { - "description": "Find all the event tags created in the annotations.", - "tags": [ - "annotations" - ], - "summary": "Find Annotations Tags.", - "operationId": "getAnnotationTags", - "parameters": [ - { - "type": "string", - "description": "Tag is a string that you can use to filter tags.", - "name": "tag", - "in": "query" - }, - { - "type": "string", - "default": "100", - "description": "Max limit for results returned.", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "$ref": "#/responses/getAnnotationTagsResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/annotations/{annotation_id}": { - "get": { - "tags": [ - "annotations" - ], - "summary": "Get Annotation by ID.", - "operationId": "getAnnotationByID", - "parameters": [ - { - "type": "string", - "name": "annotation_id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "$ref": "#/responses/getAnnotationByIDResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - }, - "put": { - "description": "Updates all properties of an annotation that matches the specified id. To only update certain property, consider using the Patch Annotation operation.", - "tags": [ - "annotations" - ], - "summary": "Update Annotation.", - "operationId": "updateAnnotation", - "parameters": [ - { - "type": "string", - "name": "annotation_id", - "in": "path", - "required": true - }, - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/UpdateAnnotationsCmd" - } - } - ], - "responses": { - "200": { - "$ref": "#/responses/okResponse" - }, - "400": { - "$ref": "#/responses/badRequestError" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - }, - "delete": { - "description": "Deletes the annotation that matches the specified ID.", - "tags": [ - "annotations" - ], - "summary": "Delete Annotation By ID.", - "operationId": "deleteAnnotationByID", - "parameters": [ - { - "type": "string", - "name": "annotation_id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "$ref": "#/responses/okResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - }, - "patch": { - "description": "Updates one or more properties of an annotation that matches the specified ID.\nThis operation currently supports updating of the `text`, `tags`, `time` and `timeEnd` properties.\nThis is available in Grafana 6.0.0-beta2 and above.", - "tags": [ - "annotations" - ], - "summary": "Patch Annotation.", - "operationId": "patchAnnotation", - "parameters": [ - { - "type": "string", - "name": "annotation_id", - "in": "path", - "required": true - }, - { - "name": "body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PatchAnnotationsCmd" - } - } - ], - "responses": { - "200": { - "$ref": "#/responses/okResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "404": { - "$ref": "#/responses/notFoundError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, "/api/v1/provisioning/alert-rules": { "get": { "tags": [ @@ -3417,956 +3539,6 @@ } } }, - "/dashboards/id/{DashboardID}/versions/{DashboardVersionID}": { - "get": { - "description": "Please refer to [updated API](#/dashboard_versions/getDashboardVersionByUID) instead", - "tags": [ - "dashboard_versions" - ], - "summary": "Get a specific dashboard version.", - "operationId": "getDashboardVersionByID", - "deprecated": true, - "parameters": [ - { - "type": "string", - "description": "Filter by name", - "name": "name", - "in": "query" - } - ], - "responses": { - "200": { - "description": "ContactPoints", - "schema": { - "$ref": "#/definitions/ContactPoints" - } - } - } - }, - "post": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Create a contact point.", - "operationId": "RoutePostContactpoints", - "parameters": [ - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/EmbeddedContactPoint" - } - } - ], - "responses": { - "202": { - "description": "EmbeddedContactPoint", - "schema": { - "$ref": "#/definitions/EmbeddedContactPoint" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - } - }, - "/api/v1/provisioning/contact-points/{UID}": { - "put": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Update an existing contact point.", - "operationId": "RoutePutContactpoint", - "parameters": [ - { - "type": "string", - "description": "UID is the contact point unique identifier", - "name": "UID", - "in": "path", - "required": true - }, - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/EmbeddedContactPoint" - } - } - ], - "responses": { - "202": { - "description": "Ack", - "schema": { - "$ref": "#/definitions/Ack" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - }, - "delete": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Delete a contact point.", - "operationId": "RouteDeleteContactpoints", - "parameters": [ - { - "type": "string", - "description": "UID is the contact point unique identifier", - "name": "UID", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": " The contact point was deleted successfully." - } - } - } - }, - "/api/v1/provisioning/folder/{FolderUID}/rule-groups/{Group}": { - "get": { - "tags": [ - "provisioning" - ], - "summary": "Get a rule group.", - "operationId": "RouteGetAlertRuleGroup", - "parameters": [ - { - "type": "string", - "name": "FolderUID", - "in": "path", - "required": true - }, - { - "type": "string", - "name": "Group", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "AlertRuleGroup", - "schema": { - "$ref": "#/definitions/AlertRuleGroup" - } - }, - "404": { - "description": " Not found." - } - } - }, - "put": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Update the interval of a rule group.", - "operationId": "RoutePutAlertRuleGroup", - "parameters": [ - { - "type": "string", - "name": "FolderUID", - "in": "path", - "required": true - }, - { - "type": "string", - "name": "Group", - "in": "path", - "required": true - }, - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/AlertRuleGroup" - } - } - ], - "responses": { - "200": { - "description": "AlertRuleGroup", - "schema": { - "$ref": "#/definitions/AlertRuleGroup" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - } - }, - "/api/v1/provisioning/mute-timings": { - "get": { - "tags": [ - "provisioning" - ], - "summary": "Get all the mute timings.", - "operationId": "RouteGetMuteTimings", - "responses": { - "200": { - "description": "MuteTimings", - "schema": { - "$ref": "#/definitions/MuteTimings" - } - } - } - }, - "post": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Create a new mute timing.", - "operationId": "RoutePostMuteTiming", - "parameters": [ - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/MuteTimeInterval" - } - } - ], - "responses": { - "201": { - "description": "MuteTimeInterval", - "schema": { - "$ref": "#/definitions/MuteTimeInterval" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - } - }, - "/api/v1/provisioning/mute-timings/{name}": { - "get": { - "tags": [ - "provisioning" - ], - "summary": "Get a mute timing.", - "operationId": "RouteGetMuteTiming", - "parameters": [ - { - "type": "string", - "description": "Mute timing name", - "name": "name", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "MuteTimeInterval", - "schema": { - "$ref": "#/definitions/MuteTimeInterval" - } - }, - "404": { - "description": " Not found." - } - } - }, - "put": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Replace an existing mute timing.", - "operationId": "RoutePutMuteTiming", - "parameters": [ - { - "type": "string", - "description": "Mute timing name", - "name": "name", - "in": "path", - "required": true - }, - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/MuteTimeInterval" - } - } - ], - "responses": { - "200": { - "description": "MuteTimeInterval", - "schema": { - "$ref": "#/definitions/MuteTimeInterval" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - }, - "delete": { - "tags": [ - "provisioning" - ], - "summary": "Delete a mute timing.", - "operationId": "RouteDeleteMuteTiming", - "parameters": [ - { - "type": "string", - "description": "Mute timing name", - "name": "name", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": " The mute timing was deleted successfully." - } - } - } - }, - "/api/v1/provisioning/policies": { - "get": { - "tags": [ - "provisioning" - ], - "summary": "Get the notification policy tree.", - "operationId": "RouteGetPolicyTree", - "responses": { - "200": { - "description": "Route", - "schema": { - "$ref": "#/definitions/Route" - } - } - } - }, - "put": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Sets the notification policy tree.", - "operationId": "RoutePutPolicyTree", - "parameters": [ - { - "description": "The new notification routing tree to use", - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/Route" - } - } - ], - "responses": { - "202": { - "description": "Ack", - "schema": { - "$ref": "#/definitions/Ack" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - }, - "delete": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Clears the notification policy tree.", - "operationId": "RouteResetPolicyTree", - "responses": { - "202": { - "description": "Ack", - "schema": { - "$ref": "#/definitions/Ack" - } - } - } - } - }, - "/api/v1/provisioning/templates": { - "get": { - "tags": [ - "provisioning" - ], - "summary": "Get all message templates.", - "operationId": "RouteGetTemplates", - "responses": { - "200": { - "description": "MessageTemplates", - "schema": { - "$ref": "#/definitions/MessageTemplates" - } - }, - "404": { - "description": " Not found." - } - } - } - }, - "/api/v1/provisioning/templates/{name}": { - "get": { - "tags": [ - "provisioning" - ], - "summary": "Get a message template.", - "operationId": "RouteGetTemplate", - "parameters": [ - { - "type": "string", - "description": "Template Name", - "name": "name", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "description": "MessageTemplate", - "schema": { - "$ref": "#/definitions/MessageTemplate" - } - }, - "404": { - "description": " Not found." - } - } - }, - "put": { - "consumes": [ - "application/json" - ], - "tags": [ - "provisioning" - ], - "summary": "Updates an existing template.", - "operationId": "RoutePutTemplate", - "parameters": [ - { - "type": "string", - "description": "Template Name", - "name": "name", - "in": "path", - "required": true - }, - { - "name": "Body", - "in": "body", - "schema": { - "$ref": "#/definitions/MessageTemplateContent" - } - } - ], - "responses": { - "202": { - "description": "MessageTemplate", - "schema": { - "$ref": "#/definitions/MessageTemplate" - } - }, - "400": { - "description": "ValidationError", - "schema": { - "$ref": "#/definitions/ValidationError" - } - } - } - }, - "delete": { - "tags": [ - "provisioning" - ], - "summary": "Delete a template.", - "operationId": "RouteDeleteTemplate", - "parameters": [ - { - "type": "string", - "description": "Template Name", - "name": "name", - "in": "path", - "required": true - } - ], - "responses": { - "204": { - "description": " The template was deleted successfully." - } - } - } - }, - "/auth/keys": { - "get": { - "description": "Will return auth keys.", - "tags": [ - "api_keys" - ], - "summary": "Get auth keys.", - "operationId": "getAPIkeys", - "parameters": [ - { - "type": "boolean", - "default": false, - "description": "Show expired keys", - "name": "includeExpired", - "in": "query" - } - ], - "responses": { - "200": { - "$ref": "#/responses/getAPIkeyResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "404": { - "$ref": "#/responses/notFoundError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - }, - "post": { - "description": "Will return details of the created API key.", - "tags": [ - "api_keys" - ], - "summary": "Creates an API key.", - "operationId": "addAPIkey", - "parameters": [ - { - "name": "Body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/AddCommand" - } - } - ], - "responses": { - "200": { - "$ref": "#/responses/postAPIkeyResponse" - }, - "400": { - "$ref": "#/responses/badRequestError" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "409": { - "$ref": "#/responses/conflictError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/auth/keys/{id}": { - "delete": { - "tags": [ - "api_keys" - ], - "summary": "Delete API key.", - "operationId": "deleteAPIkey", - "parameters": [ - { - "type": "integer", - "format": "int64", - "name": "id", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "$ref": "#/responses/okResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "404": { - "$ref": "#/responses/notFoundError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/dashboard/snapshots": { - "get": { - "tags": [ - "snapshots" - ], - "summary": "List snapshots.", - "operationId": "searchDashboardSnapshots", - "parameters": [ - { - "type": "string", - "description": "Search Query", - "name": "query", - "in": "query" - }, - { - "type": "integer", - "format": "int64", - "default": 1000, - "description": "Limit the number of returned results", - "name": "limit", - "in": "query" - } - ], - "responses": { - "200": { - "$ref": "#/responses/searchDashboardSnapshotsResponse" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/dashboards/calculate-diff": { - "post": { - "produces": [ - "application/json", - "text/html" - ], - "tags": [ - "dashboards" - ], - "summary": "Perform diff on two dashboards.", - "operationId": "calculateDashboardDiff", - "parameters": [ - { - "name": "Body", - "in": "body", - "required": true, - "schema": { - "type": "object", - "properties": { - "base": { - "$ref": "#/definitions/CalculateDiffTarget" - }, - "diffType": { - "description": "The type of diff to return\nDescription:\n`basic`\n`json`", - "type": "string", - "enum": [ - "basic", - "json" - ] - }, - "new": { - "$ref": "#/definitions/CalculateDiffTarget" - } - } - } - } - ], - "responses": { - "200": { - "$ref": "#/responses/calculateDashboardDiffResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/dashboards/db": { - "post": { - "description": "Creates a new dashboard or updates an existing dashboard.", - "tags": [ - "dashboards" - ], - "summary": "Create / Update dashboard", - "operationId": "postDashboard", - "parameters": [ - { - "name": "Body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/SaveDashboardCommand" - } - } - ], - "responses": { - "200": { - "$ref": "#/responses/postDashboardResponse" - }, - "400": { - "$ref": "#/responses/badRequestError" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "404": { - "$ref": "#/responses/notFoundError" - }, - "412": { - "$ref": "#/responses/preconditionFailedError" - }, - "422": { - "$ref": "#/responses/unprocessableEntityError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/dashboards/home": { - "get": { - "tags": [ - "dashboards" - ], - "summary": "Get home dashboard.", - "operationId": "getHomeDashboard", - "responses": { - "200": { - "$ref": "#/responses/getHomeDashboardResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/dashboards/id/{DashboardID}/permissions": { - "get": { - "description": "Please refer to [updated API](#/dashboard_permissions/getDashboardPermissionsListByUID) instead", - "tags": [ - "dashboard_permissions" - ], - "summary": "Gets all existing permissions for the given dashboard.", - "operationId": "getDashboardPermissionsListByID", - "deprecated": true, - "parameters": [ - { - "type": "integer", - "format": "int64", - "name": "DashboardID", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "$ref": "#/responses/getDashboardPermissionsListResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "404": { - "$ref": "#/responses/notFoundError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - }, - "post": { - "description": "Please refer to [updated API](#/dashboard_permissions/updateDashboardPermissionsByUID) instead\n\nThis operation will remove existing permissions if they’re not included in the request.", - "tags": [ - "dashboard_permissions" - ], - "summary": "Updates permissions for a dashboard.", - "operationId": "updateDashboardPermissionsByID", - "deprecated": true, - "parameters": [ - { - "name": "Body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/UpdateDashboardACLCommand" - } - }, - { - "type": "integer", - "format": "int64", - "name": "DashboardID", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "$ref": "#/responses/okResponse" - }, - "400": { - "$ref": "#/responses/badRequestError" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "404": { - "$ref": "#/responses/notFoundError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/dashboards/id/{DashboardID}/restore": { - "post": { - "description": "Please refer to [updated API](#/dashboard_versions/restoreDashboardVersionByUID) instead", - "tags": [ - "dashboard_versions" - ], - "summary": "Restore a dashboard to a given dashboard version.", - "operationId": "restoreDashboardVersionByID", - "deprecated": true, - "parameters": [ - { - "name": "Body", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/RestoreDashboardVersionCommand" - } - }, - { - "type": "integer", - "format": "int64", - "name": "DashboardID", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "$ref": "#/responses/postDashboardResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "404": { - "$ref": "#/responses/notFoundError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, - "/dashboards/id/{DashboardID}/versions": { - "get": { - "description": "Please refer to [updated API](#/dashboard_versions/getDashboardVersionsByUID) instead", - "tags": [ - "dashboard_versions" - ], - "summary": "Gets all existing versions for the dashboard.", - "operationId": "getDashboardVersionsByID", - "deprecated": true, - "parameters": [ - { - "type": "integer", - "format": "int64", - "name": "DashboardID", - "in": "path", - "required": true - } - ], - "responses": { - "200": { - "$ref": "#/responses/dashboardVersionsResponse" - }, - "401": { - "$ref": "#/responses/unauthorisedError" - }, - "403": { - "$ref": "#/responses/forbiddenError" - }, - "404": { - "$ref": "#/responses/notFoundError" - }, - "500": { - "$ref": "#/responses/internalServerError" - } - } - } - }, "/dashboards/id/{DashboardID}/versions/{DashboardVersionID}": { "get": { "description": "Please refer to [updated API](#/dashboard_versions/getDashboardVersionByUID) instead", @@ -5623,6 +4795,216 @@ } } }, + "/datasources/{datasourceId}/disable-permissions": { + "post": { + "description": "Disables permissions for the data source with the given id. All existing permissions will be removed and anyone will be able to query the data source.\n\nYou need to have a permission with action `datasources.permissions:toggle` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Disable permissions for a data source.", + "operationId": "disablePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/createOrUpdateDatasourceResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/enable-permissions": { + "post": { + "description": "Enables permissions for the data source with the given id.\nNo one except Org Admins will be able to query the data source until permissions have been added\nwhich permit certain users or teams to query the data source.\n\nYou need to have a permission with action `datasources.permissions:toggle` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Enable permissions for a data source.", + "operationId": "enablePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/createOrUpdateDatasourceResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/permissions": { + "get": { + "description": "Gets all existing permissions for the data source with the given id.\n\nYou need to have a permission with action `datasources.permissions:read` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Get permissions for a data source.", + "operationId": "getAllPermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getAllPermissionseResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "You need to have a permission with action `datasources.permissions:read` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Add permissions for a data source.", + "operationId": "addPermission", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "query" + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "query" + }, + { + "type": "string", + "name": "builtinRole", + "in": "query" + }, + { + "type": "integer", + "format": "int64", + "name": "permission", + "in": "query" + }, + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/addPermissionResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/permissions/{permissionId}": { + "delete": { + "description": "Removes the permission with the given permissionId for the data source with the given id.\n\nYou need to have a permission with action `datasources.permissions:delete` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Remove permission for a data source.", + "operationId": "deletePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "permissionId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + } + } + } + }, "/datasources/{id}": { "get": { "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `datasources:read` and scopes: `datasources:*`, `datasources:id:*` and `datasources:id:1` (single data source).\n\nPlease refer to [updated API](#/datasources/getDataSourceByUID) instead", @@ -6478,6 +5860,216 @@ } } }, + "/licensing/check": { + "get": { + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Check license availability.", + "operationId": "getStatus", + "responses": { + "200": { + "$ref": "#/responses/getStatusResponse" + } + } + } + }, + "/licensing/custom-permissions": { + "get": { + "description": "You need to have a permission with action `licensing.reports:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get custom permissions report.", + "operationId": "getCustomPermissionsReport", + "responses": { + "200": { + "$ref": "#/responses/getCustomPermissionsReportResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/custom-permissions-csv": { + "get": { + "description": "You need to have a permission with action `licensing.reports:read`.", + "produces": [ + "text/csv" + ], + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get custom permissions report in CSV format.", + "operationId": "getCustomPermissionsCSV", + "responses": { + "200": { + "$ref": "#/responses/getCustomPermissionsReportResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/refresh-stats": { + "get": { + "description": "You need to have a permission with action `licensing:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Refresh license stats.", + "operationId": "refreshLicenseStats", + "responses": { + "200": { + "$ref": "#/responses/refreshLicenseStatsResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/token": { + "get": { + "description": "You need to have a permission with action `licensing:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get license token.", + "operationId": "getLicenseToken", + "responses": { + "200": { + "$ref": "#/responses/getLicenseTokenResponse" + } + } + }, + "post": { + "description": "You need to have a permission with action `licensing:update`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Create license token.", + "operationId": "postLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/DeleteTokenCommand" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/getLicenseTokenResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + } + } + }, + "delete": { + "description": "Removes the license stored in the Grafana database. Available in Grafana Enterprise v7.4+.\n\nYou need to have a permission with action `licensing:delete`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Remove license from database.", + "operationId": "deleteLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/DeleteTokenCommand" + } + } + ], + "responses": { + "202": { + "$ref": "#/responses/acceptedResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/token/renew": { + "post": { + "description": "Manually ask license issuer for a new token. Available in Grafana Enterprise v7.4+.\n\nYou need to have a permission with action `licensing:update`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Manually force license refresh.", + "operationId": "postRenewLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "type": "object" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/postRenewLicenseTokenResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "404": { + "$ref": "#/responses/notFoundError" + } + } + } + }, + "/logout/saml": { + "get": { + "tags": [ + "saml", + "enterprise" + ], + "summary": "GetLogout initiates single logout process.", + "operationId": "getSAMLLogout", + "responses": { + "302": { + "description": "(empty)" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/org": { "get": { "tags": [ @@ -7419,6 +7011,44 @@ } } }, + "/orgs/{org_id}/users/search": { + "get": { + "security": [ + { + "basic": [] + } + ], + "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `org.users:read` with scope `users:*`.", + "tags": [ + "orgs" + ], + "summary": "Search Users in Organization.", + "operationId": "searchOrgUsers", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "org_id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/searchOrgUsersResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/orgs/{org_id}/users/{user_id}": { "delete": { "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `org.users:remove` with scope `users:*`.", @@ -8023,6 +7653,827 @@ } } }, + "/recording-rules": { + "get": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Lists all rules in the database: active or deleted.", + "operationId": "listRecordingRules", + "responses": { + "200": { + "$ref": "#/responses/listRecordingRulesResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Update the active status of a rule.", + "operationId": "updateRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Create a recording rule that is then registered and started.", + "operationId": "createRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/test": { + "post": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Test a recording rule.", + "operationId": "testCreateRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/writer": { + "get": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Return the prometheus remote write target.", + "operationId": "getRecordingRuleWriteTarget", + "responses": { + "200": { + "$ref": "#/responses/recordingRuleWriteTargetResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "It returns a 422 if there is not an existing prometheus data source configured.", + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Create a remote write target.", + "operationId": "createRecordingRuleWriteTarget", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PrometheusRemoteWriteTargetJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleWriteTargetResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Delete the remote write target.", + "operationId": "deleteRecordingRuleWriteTarget", + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/{recordingRuleID}": { + "delete": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Delete removes the rule from the registry and stops it.", + "operationId": "deleteRecordingRule", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "recordingRuleID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports:read` with scope `reports:*`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "List reports.", + "operationId": "getReports", + "responses": { + "200": { + "$ref": "#/responses/getReportsResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Available to org admins only and with a valid license.\n\nYou need to have a permission with action `reports.admin:create`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Create a report.", + "operationId": "createReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/createReportResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/email": { + "post": { + "description": "Generate and send a report. This API waits for the report to be generated before returning. We recommend that you set the client’s timeout to at least 60 seconds. Available to org admins only and with a valid license.\n\nOnly available in Grafana Enterprise v7.0+.\nThis API endpoint is experimental and may be deprecated in a future release. On deprecation, a migration strategy will be provided and the endpoint will remain functional until the next major release of Grafana.\n\nYou need to have a permission with action `reports:send`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Send a report.", + "operationId": "sendReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/ReportEmailDTO" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/render/pdf/{dashboardID}": { + "get": { + "description": "Please refer to [reports enterprise](#/reports/renderReportPDFs) instead. This will be removed in Grafana 10.", + "produces": [ + "application/pdf" + ], + "tags": [ + "reports", + "enterprise" + ], + "summary": "Render report for dashboard.", + "operationId": "renderReportPDF", + "deprecated": true, + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "DashboardID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "dashboardID", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "title", + "in": "query" + }, + { + "type": "string", + "name": "variables", + "in": "query" + }, + { + "type": "string", + "name": "from", + "in": "query" + }, + { + "type": "string", + "name": "to", + "in": "query" + }, + { + "type": "string", + "name": "orientation", + "in": "query" + }, + { + "type": "string", + "name": "layout", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/render/pdfs": { + "get": { + "description": "Available to all users and with a valid license.", + "produces": [ + "application/pdf" + ], + "tags": [ + "reports", + "enterprise" + ], + "summary": "Render report for multiple dashboards.", + "operationId": "renderReportPDFs", + "parameters": [ + { + "type": "string", + "name": "dashboardID", + "in": "query" + }, + { + "type": "string", + "name": "orientation", + "in": "query" + }, + { + "type": "string", + "name": "layout", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/settings": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.settings:read`x.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Get settings.", + "operationId": "getReportSettings", + "responses": { + "200": { + "$ref": "#/responses/getReportSettingsResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.settings:write`xx.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Save settings.", + "operationId": "saveReportSettings", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SettingsDTO" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/test-email": { + "post": { + "description": "Available to org admins only and with a valid license.\n\nYou need to have a permission with action `reports:send`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Send test report via email.", + "operationId": "sendTestEmail", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/{id}": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports:read` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Get a report.", + "operationId": "getReport", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getReportResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.admin:write` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Update a report.", + "operationId": "updateReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + }, + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.delete` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Delete a report.", + "operationId": "deleteReport", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/saml/acs": { + "post": { + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs assertion Consumer Service (ACS).", + "operationId": "postACS", + "parameters": [ + { + "type": "string", + "name": "RelayState", + "in": "query" + } + ], + "responses": { + "302": { + "description": "(empty)" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/saml/metadata": { + "get": { + "produces": [ + "application/xml;application/samlmetadata+xml" + ], + "tags": [ + "saml", + "enterprise" + ], + "summary": "It exposes the SP (Grafana's) metadata for the IdP's consumption.", + "operationId": "getMetadata", + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + } + } + } + }, + "/saml/slo": { + "get": { + "description": "There might be two possible requests:\n1. Logout response (callback) when Grafana initiates single logout and IdP returns response to logout request.\n2. Logout request when another SP initiates single logout and IdP sends logout request to the Grafana,\nor in case of IdP-initiated logout.", + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs Single Logout (SLO) callback.", + "operationId": "getSLO", + "responses": { + "302": { + "description": "(empty)" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "There might be two possible requests:\n1. Logout response (callback) when Grafana initiates single logout and IdP returns response to logout request.\n2. Logout request when another SP initiates single logout and IdP sends logout request to the Grafana,\nor in case of IdP-initiated logout.", + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs Single Logout (SLO) callback.", + "operationId": "postSLO", + "parameters": [ + { + "type": "string", + "name": "SAMLRequest", + "in": "query" + }, + { + "type": "string", + "name": "SAMLResponse", + "in": "query" + } + ], + "responses": { + "302": { + "description": "(empty)" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/search": { "get": { "tags": [ @@ -8167,7 +8618,7 @@ "tags": [ "service_accounts" ], - "summary": "# Create service account", + "summary": "Create service account", "operationId": "createServiceAccount", "parameters": [ { @@ -8203,7 +8654,7 @@ "tags": [ "service_accounts" ], - "summary": "# Search service accounts with paging", + "summary": "Search service accounts with paging", "operationId": "searchOrgServiceAccountsWithPaging", "parameters": [ { @@ -8259,7 +8710,7 @@ "tags": [ "service_accounts" ], - "summary": "# Get single serviceaccount by Id", + "summary": "Get single serviceaccount by Id", "operationId": "retrieveServiceAccount", "parameters": [ { @@ -8296,7 +8747,7 @@ "tags": [ "service_accounts" ], - "summary": "# Delete service account", + "summary": "Delete service account", "operationId": "deleteServiceAccount", "parameters": [ { @@ -8330,7 +8781,7 @@ "tags": [ "service_accounts" ], - "summary": "# Update service account", + "summary": "Update service account", "operationId": "updateServiceAccount", "parameters": [ { @@ -8376,7 +8827,7 @@ "tags": [ "service_accounts" ], - "summary": "# Get service account tokens", + "summary": "Get service account tokens", "operationId": "listTokens", "parameters": [ { @@ -8410,7 +8861,7 @@ "tags": [ "service_accounts" ], - "summary": "# CreateNewToken adds a token to a service account", + "summary": "CreateNewToken adds a token to a service account", "operationId": "createToken", "parameters": [ { @@ -8459,7 +8910,7 @@ "tags": [ "service_accounts" ], - "summary": "# DeleteToken deletes service account tokens", + "summary": "DeleteToken deletes service account tokens", "operationId": "deleteToken", "parameters": [ { @@ -8732,6 +9183,135 @@ } } }, + "/teams/{teamId}/groups": { + "get": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Get External Groups.", + "operationId": "getTeamGroupsApi", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getTeamGroupsApiResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Add External Group.", + "operationId": "addTeamGroupApi", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/TeamGroupMapping" + } + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/teams/{teamId}/groups/{groupId}": { + "delete": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Remove External Group.", + "operationId": "removeTeamGroupApi", + "parameters": [ + { + "type": "string", + "name": "groupId", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/teams/{team_id}": { "get": { "tags": [ @@ -9878,6 +10458,42 @@ "Ack": { "type": "object" }, + "ActiveSyncStatusDTO": { + "description": "ActiveSyncStatusDTO holds the information for LDAP background Sync", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "nextSync": { + "type": "string", + "format": "date-time" + }, + "prevSync": { + "$ref": "#/definitions/SyncResult" + }, + "schedule": { + "type": "string" + } + } + }, + "ActiveUserStats": { + "type": "object", + "properties": { + "active_admins_and_editors": { + "type": "integer", + "format": "int64" + }, + "active_users": { + "type": "integer", + "format": "int64" + }, + "active_viewers": { + "type": "integer", + "format": "int64" + } + } + }, "AddCommand": { "type": "object", "properties": { @@ -9984,6 +10600,25 @@ } } }, + "AddPermissionDTO": { + "type": "object", + "properties": { + "builtinRole": { + "type": "string" + }, + "permission": { + "$ref": "#/definitions/DsPermissionType" + }, + "teamId": { + "type": "integer", + "format": "int64" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, "AddServiceAccountTokenCommand": { "type": "object", "properties": { @@ -10005,6 +10640,25 @@ } } }, + "AddTeamRoleCommand": { + "type": "object", + "properties": { + "roleUid": { + "type": "string" + } + } + }, + "AddUserRoleCommand": { + "type": "object", + "properties": { + "global": { + "type": "boolean" + }, + "roleUid": { + "type": "string" + } + } + }, "Address": { "type": "object", "properties": { @@ -10756,6 +11410,26 @@ } } }, + "BrandingOptionsDTO": { + "type": "object", + "properties": { + "emailFooterLink": { + "type": "string" + }, + "emailFooterMode": { + "type": "string" + }, + "emailFooterText": { + "type": "string" + }, + "emailLogoUrl": { + "type": "string" + }, + "reportLogoUrl": { + "type": "string" + } + } + }, "CalculateDiffTarget": { "type": "object", "properties": { @@ -10818,6 +11492,88 @@ } } }, + "ConfigDTO": { + "description": "ConfigDTO is model representation in transfer", + "type": "object", + "properties": { + "created": { + "type": "string", + "format": "date-time" + }, + "dashboardId": { + "type": "integer", + "format": "int64" + }, + "dashboardName": { + "type": "string" + }, + "dashboardUid": { + "type": "string" + }, + "dashboards": { + "type": "array", + "items": { + "$ref": "#/definitions/DashboardDTO" + } + }, + "enableCsv": { + "type": "boolean" + }, + "enableDashboardUrl": { + "type": "boolean" + }, + "formats": { + "type": "array", + "items": { + "$ref": "#/definitions/Type" + } + }, + "id": { + "type": "integer", + "format": "int64" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "options": { + "$ref": "#/definitions/ReportOptionsDTO" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "recipients": { + "type": "string" + }, + "replyTo": { + "type": "string" + }, + "scaleFactor": { + "type": "integer", + "format": "int64" + }, + "schedule": { + "$ref": "#/definitions/ScheduleDTO" + }, + "state": { + "$ref": "#/definitions/State" + }, + "templateVars": { + "type": "object" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, "ContactPoints": { "type": "array", "items": { @@ -11070,6 +11826,64 @@ } } }, + "CreateOrUpdateConfigCmd": { + "type": "object", + "properties": { + "dashboardId": { + "type": "integer", + "format": "int64" + }, + "dashboardUid": { + "type": "string" + }, + "dashboards": { + "type": "array", + "items": { + "$ref": "#/definitions/DashboardDTO" + } + }, + "enableCsv": { + "type": "boolean" + }, + "enableDashboardUrl": { + "type": "boolean" + }, + "formats": { + "type": "array", + "items": { + "$ref": "#/definitions/Type" + } + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "options": { + "$ref": "#/definitions/ReportOptionsDTO" + }, + "recipients": { + "type": "string" + }, + "replyTo": { + "type": "string" + }, + "scaleFactor": { + "type": "integer", + "format": "int64" + }, + "schedule": { + "$ref": "#/definitions/ScheduleDTO" + }, + "state": { + "$ref": "#/definitions/State" + }, + "templateVars": { + "type": "object" + } + } + }, "CreateOrgCommand": { "type": "object", "properties": { @@ -11112,6 +11926,42 @@ } } }, + "CreateRoleForm": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "global": { + "type": "boolean" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "uid": { + "type": "string" + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "CreateServiceAccountForm": { "type": "object", "properties": { @@ -11145,6 +11995,53 @@ } } }, + "CustomPermissionsRecordDTO": { + "type": "object", + "properties": { + "customPermissions": { + "type": "string" + }, + "granteeName": { + "type": "string" + }, + "granteeType": { + "type": "string" + }, + "granteeUrl": { + "type": "string" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "isFolder": { + "type": "boolean" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "orgRole": { + "type": "string" + }, + "slug": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uid": { + "type": "string" + }, + "url": { + "type": "string" + }, + "usersCount": { + "type": "integer", + "format": "int64" + } + } + }, "DashboardACLInfoDTO": { "type": "object", "properties": { @@ -11248,6 +12145,20 @@ } } }, + "DashboardDTO": { + "type": "object", + "properties": { + "dashboard": { + "$ref": "#/definitions/DashboardReportDTO" + }, + "reportVariables": { + "type": "object" + }, + "timeRange": { + "$ref": "#/definitions/TimeRangeDTO" + } + } + }, "DashboardFullWithMeta": { "type": "object", "properties": { @@ -11364,6 +12275,21 @@ } } }, + "DashboardReportDTO": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + } + }, "DashboardSnapshot": { "description": "DashboardSnapshot model", "type": "object", @@ -11484,8 +12410,8 @@ "format": "date-time" }, "createdBy": { - "description": "Since we get created by with left join user table, this can be null technically,\nbut in reality it will always be set, when database is not corrupted.", - "type": "string" + "type": "integer", + "format": "int64" }, "dashboardId": { "type": "integer", @@ -11494,6 +12420,9 @@ "dashboardUid": { "type": "string" }, + "data": { + "$ref": "#/definitions/Json" + }, "id": { "type": "integer", "format": "int64" @@ -11516,7 +12445,7 @@ } }, "DashboardVersionMeta": { - "description": "DashboardVersionMeta extends the dashboard version model with the names\nassociated with the UserIds, overriding the field with the same name from\nthe DashboardVersion model.", + "description": "DashboardVersionMeta extends the DashboardVersionDTO with the names\nassociated with the UserIds, overriding the field with the same name from\nthe DashboardVersionDTO model.", "type": "object", "properties": { "created": { @@ -11715,7 +12644,85 @@ } } }, + "DataSourcePermissionRuleDTO": { + "type": "object", + "properties": { + "builtInRole": { + "type": "string" + }, + "created": { + "type": "string", + "format": "date-time" + }, + "datasourceId": { + "type": "integer", + "format": "int64" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "isManaged": { + "type": "boolean" + }, + "permission": { + "$ref": "#/definitions/DsPermissionType" + }, + "permissionName": { + "type": "string" + }, + "team": { + "type": "string" + }, + "teamAvatarUrl": { + "type": "string" + }, + "teamEmail": { + "type": "string" + }, + "teamId": { + "type": "integer", + "format": "int64" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "userAvatarUrl": { + "type": "string" + }, + "userEmail": { + "type": "string" + }, + "userId": { + "type": "integer", + "format": "int64" + }, + "userLogin": { + "type": "string" + } + } + }, + "DataSourcePermissionsDTO": { + "type": "object", + "properties": { + "datasourceId": { + "type": "integer", + "format": "int64" + }, + "enabled": { + "type": "boolean" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/DataSourcePermissionRuleDTO" + } + } + } + }, "DataTopic": { + "description": "nolint:revive", "type": "string", "title": "DataTopic is used to identify which topic the frame should be assigned to." }, @@ -11728,6 +12735,14 @@ } } }, + "DeleteTokenCommand": { + "type": "object", + "properties": { + "instance": { + "type": "string" + } + } + }, "DiscoveryBase": { "type": "object", "required": [ @@ -11748,6 +12763,11 @@ "DsAccess": { "type": "string" }, + "DsPermissionType": { + "description": "Datasource permission\nDescription:\n`0` - No Access\n`1` - Query\n`2` - Edit\nEnum: 0,1,2", + "type": "integer", + "format": "int64" + }, "Duration": { "description": "A Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years.", "type": "integer", @@ -11971,6 +12991,18 @@ } } }, + "FailedUser": { + "description": "FailedUser holds the information of an user that failed", + "type": "object", + "properties": { + "Error": { + "type": "string" + }, + "Login": { + "type": "string" + } + } + }, "Failure": { "$ref": "#/definitions/ResponseDetails" }, @@ -12966,6 +13998,23 @@ "format": "int64", "title": "InspectType is a type for the Inspect property of a Notice." }, + "Item": { + "type": "object", + "title": "Item defines model for Item.", + "properties": { + "title": { + "description": "Title is an unused property -- it will be removed in the future", + "type": "string" + }, + "type": { + "$ref": "#/definitions/ItemType" + }, + "value": { + "description": "Value depends on type and describes the playlist item.\n\ndashboard_by_id: The value is an internal numerical identifier set by Grafana. This\nis not portable as the numerical identifier is non-deterministic between different instances.\nWill be replaced by dashboard_by_uid in the future. (deprecated)\ndashboard_by_tag: The value is a tag which is set on any number of dashboards. All\ndashboards behind the tag will be added to the playlist.\ndashboard_by_uid: The value is the dashboard UID", + "type": "string" + } + } + }, "ItemDTO": { "type": "object", "properties": { @@ -13040,6 +14089,10 @@ } } }, + "ItemType": { + "type": "string", + "title": "Type of the item." + }, "Json": { "type": "object" }, @@ -13791,6 +14844,12 @@ "type": "boolean" } }, + "authLabels": { + "type": "array", + "items": { + "type": "string" + } + }, "avatarUrl": { "type": "string" }, @@ -13916,6 +14975,9 @@ "PatchAnnotationsCmd": { "type": "object", "properties": { + "data": { + "$ref": "#/definitions/Json" + }, "id": { "type": "integer", "format": "int64" @@ -14049,6 +15111,26 @@ } } }, + "Permission": { + "type": "object", + "title": "Permission is the model for access control permissions.", + "properties": { + "action": { + "type": "string" + }, + "created": { + "type": "string", + "format": "date-time" + }, + "scope": { + "type": "string" + }, + "updated": { + "type": "string", + "format": "date-time" + } + } + }, "PermissionDenied": { "type": "object" }, @@ -14111,25 +15193,30 @@ }, "PlaylistItem": { "type": "object", - "title": "PlaylistItem defines model for playlist.Item.", "properties": { + "Id": { + "type": "integer", + "format": "int64" + }, + "PlaylistId": { + "type": "integer", + "format": "int64" + }, + "order": { + "type": "integer", + "format": "int64" + }, "title": { - "description": "Title is an unused property -- it will be removed in the future", "type": "string" }, "type": { - "$ref": "#/definitions/PlaylistItemType" + "type": "string" }, "value": { - "description": "Value depends on type and describes the playlist item.\n\ndashboard_by_id: The value is an internal numerical identifier set by Grafana. This\nis not portable as the numerical identifier is non-deterministic between different instances.\nWill be replaced by dashboard_by_uid in the future. (deprecated)\ndashboard_by_tag: The value is a tag which is set on any number of dashboards. All\ndashboards behind the tag will be added to the playlist.\ndashboard_by_uid: The value is the dashboard UID", "type": "string" } } }, - "PlaylistItemType": { - "type": "string", - "title": "Type of the item." - }, "Playlists": { "type": "array", "items": { @@ -14495,6 +15582,20 @@ } } }, + "PrometheusRemoteWriteTargetJSON": { + "type": "object", + "properties": { + "data_source_uid": { + "type": "string" + }, + "id": { + "type": "string" + }, + "remote_write_path": { + "type": "string" + } + } + }, "Provenance": { "type": "string" }, @@ -15002,6 +16103,51 @@ } } }, + "RecordingRuleJSON": { + "description": "RecordingRuleJSON is the external representation of a recording rule", + "type": "object", + "properties": { + "active": { + "type": "boolean" + }, + "count": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "dest_data_source_uid": { + "type": "string" + }, + "id": { + "type": "string" + }, + "interval": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + }, + "prom_name": { + "type": "string" + }, + "queries": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": false + } + }, + "range": { + "type": "integer", + "format": "int64" + }, + "target_ref_id": { + "type": "string" + } + } + }, "Regexp": { "description": "A Regexp is safe for concurrent use by multiple goroutines,\nexcept for configuration methods, such as Longest.", "type": "object", @@ -15019,6 +16165,41 @@ } } }, + "ReportEmailDTO": { + "type": "object", + "properties": { + "email": { + "type": "string" + }, + "emails": { + "description": "Comma-separated list of emails to which to send the report to.", + "type": "string" + }, + "id": { + "description": "Send the report to the emails specified in the report. Required if emails is not present.", + "type": "string", + "format": "int64" + }, + "useEmailsFromReport": { + "description": "Send the report to the emails specified in the report. Required if emails is not present.", + "type": "boolean" + } + } + }, + "ReportOptionsDTO": { + "type": "object", + "properties": { + "layout": { + "type": "string" + }, + "orientation": { + "type": "string" + }, + "timeRange": { + "$ref": "#/definitions/TimeRangeDTO" + } + } + }, "ResponseDetails": { "type": "object", "properties": { @@ -15053,6 +16234,79 @@ } } }, + "RoleAssignmentsDTO": { + "type": "object", + "properties": { + "role_uid": { + "type": "string" + }, + "service_accounts": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "teams": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "users": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, + "RoleDTO": { + "type": "object", + "properties": { + "created": { + "type": "string", + "format": "date-time" + }, + "delegatable": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "uid": { + "type": "string" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "Route": { "description": "A Route is a node that contains definitions of how to handle alerts. This is modified\nfrom the upstream alertmanager in that it adds the ObjectMatchers property.", "type": "object", @@ -15401,6 +16655,29 @@ } } }, + "SearchOrgUsersQueryResult": { + "type": "object", + "properties": { + "orgUsers": { + "type": "array", + "items": { + "$ref": "#/definitions/OrgUserDTO" + } + }, + "page": { + "type": "integer", + "format": "int64" + }, + "perPage": { + "type": "integer", + "format": "int64" + }, + "totalCount": { + "type": "integer", + "format": "int64" + } + } + }, "SearchTeamQueryResult": { "type": "object", "properties": { @@ -15568,6 +16845,49 @@ } } }, + "SetRoleAssignmentsCommand": { + "type": "object", + "properties": { + "service_accounts": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "teams": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "users": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, + "SetUserRolesCommand": { + "type": "object", + "properties": { + "global": { + "type": "boolean" + }, + "includeHidden": { + "type": "boolean" + }, + "roleUids": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "SettingsBag": { "type": "object", "additionalProperties": { @@ -15577,6 +16897,26 @@ } } }, + "SettingsDTO": { + "type": "object", + "properties": { + "branding": { + "$ref": "#/definitions/BrandingOptionsDTO" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, "SigV4Config": { "description": "SigV4Config is the configuration for signing remote write requests with\nAWS's SigV4 verification process. Empty values will be retrieved using the\nAWS default credentials chain.", "type": "object", @@ -15748,6 +17088,9 @@ "SmtpNotEnabled": { "$ref": "#/definitions/ResponseDetails" }, + "State": { + "type": "string" + }, "Status": { "type": "integer", "format": "int64" @@ -15763,6 +17106,39 @@ } } }, + "SyncResult": { + "type": "object", + "title": "SyncResult holds the result of a sync with LDAP. This gives us information on which users were updated and how.", + "properties": { + "Elapsed": { + "$ref": "#/definitions/Duration" + }, + "FailedUsers": { + "type": "array", + "items": { + "$ref": "#/definitions/FailedUser" + } + }, + "MissingUserIds": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "Started": { + "type": "string", + "format": "date-time" + }, + "UpdatedUserIds": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, "TLSConfig": { "type": "object", "title": "TLSConfig configures the options for TLS connections.", @@ -15844,6 +17220,30 @@ } } }, + "TeamGroupDTO": { + "type": "object", + "properties": { + "groupId": { + "type": "string" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "teamId": { + "type": "integer", + "format": "int64" + } + } + }, + "TeamGroupMapping": { + "type": "object", + "properties": { + "groupId": { + "type": "string" + } + } + }, "TeamMemberDTO": { "type": "object", "properties": { @@ -16161,6 +17561,104 @@ } } }, + "TimeRangeDTO": { + "type": "object", + "properties": { + "from": { + "type": "string" + }, + "to": { + "type": "string" + } + } + }, + "Token": { + "type": "object", + "properties": { + "account": { + "type": "string" + }, + "company": { + "type": "string" + }, + "details_url": { + "type": "string" + }, + "exp": { + "type": "integer", + "format": "int64" + }, + "iat": { + "type": "integer", + "format": "int64" + }, + "included_users": { + "type": "integer", + "format": "int64" + }, + "iss": { + "type": "string" + }, + "jti": { + "type": "string" + }, + "lexp": { + "type": "integer", + "format": "int64" + }, + "lic_exp_warn_days": { + "type": "integer", + "format": "int64" + }, + "lid": { + "type": "string" + }, + "limit_by": { + "type": "string" + }, + "max_concurrent_user_sessions": { + "type": "integer", + "format": "int64" + }, + "nbf": { + "type": "integer", + "format": "int64" + }, + "prod": { + "type": "array", + "items": { + "type": "string" + } + }, + "slug": { + "type": "string" + }, + "status": { + "$ref": "#/definitions/TokenStatus" + }, + "sub": { + "type": "string" + }, + "tok_exp_warn_days": { + "type": "integer", + "format": "int64" + }, + "trial": { + "type": "boolean" + }, + "trial_exp": { + "type": "integer", + "format": "int64" + }, + "update_days": { + "type": "integer", + "format": "int64" + }, + "usage_billing": { + "type": "boolean" + } + } + }, "TokenDTO": { "type": "object", "properties": { @@ -16203,6 +17701,10 @@ } } }, + "TokenStatus": { + "type": "integer", + "format": "int64" + }, "TrimDashboardCommand": { "type": "object", "properties": { @@ -16225,6 +17727,9 @@ } } }, + "Type": { + "type": "string" + }, "URL": { "type": "object", "title": "URL is a custom URL type that allows validation at configuration load time.", @@ -16341,6 +17846,9 @@ "UpdateAnnotationsCmd": { "type": "object", "properties": { + "data": { + "$ref": "#/definitions/Json" + }, "id": { "type": "integer", "format": "int64" @@ -16601,6 +18109,39 @@ } } }, + "UpdateRoleCommand": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "global": { + "type": "boolean" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "UpdateServiceAccountForm": { "type": "object", "properties": { @@ -16630,7 +18171,7 @@ "Email": { "type": "string" }, - "Id": { + "ID": { "type": "integer", "format": "int64" }, @@ -17564,6 +19105,21 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "addPermissionResponse": { + "description": "(empty)", + "schema": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "permissionId": { + "type": "integer", + "format": "int64" + } + } + } + }, "adminCreateUserResponse": { "description": "(empty)", "schema": { @@ -17613,6 +19169,16 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "contentResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "type": "integer", + "format": "uint8" + } + } + }, "createCorrelationResponse": { "description": "(empty)", "schema": { @@ -17708,6 +19274,27 @@ "$ref": "#/definitions/Playlist" } }, + "createReportResponse": { + "description": "(empty)", + "schema": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "message": { + "type": "string" + } + } + } + }, + "createRoleResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RoleDTO" + } + }, "createServiceAccountResponse": { "description": "(empty)", "schema": { @@ -17892,6 +19479,12 @@ } } }, + "getAccessControlStatusResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/Status" + } + }, "getAlertNotificationChannelResponse": { "description": "(empty)", "schema": { @@ -17931,6 +19524,21 @@ } } }, + "getAllPermissionseResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/DataSourcePermissionsDTO" + } + }, + "getAllRolesResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + }, "getAnnotationByIDResponse": { "description": "(empty)", "schema": { @@ -17982,6 +19590,15 @@ "$ref": "#/definitions/OrgDetailsDTO" } }, + "getCustomPermissionsReportResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/CustomPermissionsRecordDTO" + } + } + }, "getDashboardPermissionsListResponse": { "description": "(empty)", "schema": { @@ -18083,6 +19700,12 @@ "$ref": "#/definitions/LibraryElementSearchResponse" } }, + "getLicenseTokenResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/Token" + } + }, "getOrgByIDResponse": { "description": "(empty)", "schema": { @@ -18142,7 +19765,7 @@ "schema": { "type": "array", "items": { - "$ref": "#/definitions/PlaylistItem" + "$ref": "#/definitions/Item" } } }, @@ -18191,6 +19814,39 @@ } } }, + "getReportResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/ConfigDTO" + } + }, + "getReportSettingsResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/SettingsDTO" + } + }, + "getReportsResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/ConfigDTO" + } + } + }, + "getRoleAssignmentsResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RoleAssignmentsDTO" + } + }, + "getRoleResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RoleDTO" + } + }, "getSharingOptionsResponse": { "description": "(empty)", "schema": { @@ -18226,12 +19882,30 @@ } } }, + "getStatusResponse": { + "description": "(empty)" + }, + "getSyncStatusResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/ActiveSyncStatusDTO" + } + }, "getTeamByIDResponse": { "description": "(empty)", "schema": { "$ref": "#/definitions/TeamDTO" } }, + "getTeamGroupsApiResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/TeamGroupDTO" + } + } + }, "getTeamMembersResponse": { "description": "(empty)", "schema": { @@ -18295,6 +19969,36 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "listBuiltinRolesResponse": { + "description": "(empty)", + "schema": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + } + }, + "listRecordingRulesResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + }, + "listRolesResponse": { + "description": "(empty)", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + }, "listSortOptionsResponse": { "description": "(empty)", "schema": { @@ -18455,6 +20159,9 @@ } } }, + "postRenewLicenseTokenResponse": { + "description": "(empty)" + }, "preconditionFailedError": { "description": "PreconditionFailedError", "schema": { @@ -18476,6 +20183,24 @@ } } }, + "recordingRuleResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + }, + "recordingRuleWriteTargetResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/PrometheusRemoteWriteTargetJSON" + } + }, + "refreshLicenseStatsResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/ActiveUserStats" + } + }, "retrieveServiceAccountResponse": { "description": "(empty)", "schema": { @@ -18497,6 +20222,12 @@ "$ref": "#/definitions/SearchOrgServiceAccountsResult" } }, + "searchOrgUsersResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/SearchOrgUsersQueryResult" + } + }, "searchOrgsResponse": { "description": "(empty)", "schema": { @@ -18530,6 +20261,12 @@ "$ref": "#/definitions/SearchUserQueryResult" } }, + "setRoleAssignmentsResponse": { + "description": "(empty)", + "schema": { + "$ref": "#/definitions/RoleAssignmentsDTO" + } + }, "testAlertResponse": { "description": "(empty)", "schema": { diff --git a/public/api-spec.json b/public/api-spec.json index bee5a749acf..14bca1499d2 100644 --- a/public/api-spec.json +++ b/public/api-spec.json @@ -22,6 +22,623 @@ }, "basePath": "/api", "paths": { + "/access-control/roles": { + "get": { + "description": "Gets all existing roles. The response contains all global and organization local roles, for the organization which user is signed in.\n\nYou need to have a permission with action `roles:read` and scope `roles:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get all roles.", + "operationId": "listRoles", + "parameters": [ + { + "type": "boolean", + "name": "delegatable", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/listRolesResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Creates a new custom role and maps given permissions to that role. Note that roles with the same prefix as Fixed Roles can’t be created.\n\nYou need to have a permission with action `roles:write` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only create custom roles with the same, or a subset of permissions which the user has.\nFor example, if a user does not have required permissions for creating users, they won’t be able to create a custom role which allows to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Create a new custom role.", + "operationId": "createRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateRoleForm" + } + } + ], + "responses": { + "201": { + "$ref": "#/responses/createRoleResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/roles/{roleUID}": { + "get": { + "description": "Get a role for the given UID.\n\nYou need to have a permission with action `roles:read` and scope `roles:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get a role.", + "operationId": "getRole", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "You need to have a permission with action `roles:write` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only create custom roles with the same, or a subset of permissions which the user has.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Update a custom role.", + "operationId": "updateRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/UpdateRoleCommand" + } + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "description": "Delete a role with the given UID, and it’s permissions. If the role is assigned to a built-in role, the deletion operation will fail, unless force query param is set to true, and in that case all assignments will also be deleted.\n\nYou need to have a permission with action `roles:delete` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only delete a custom role with the same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to delete a custom role which allows to do that.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Delete a custom role.", + "operationId": "deleteRole", + "parameters": [ + { + "type": "boolean", + "name": "force", + "in": "query" + }, + { + "type": "boolean", + "name": "global", + "in": "query" + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/roles/{roleUID}/assignments": { + "get": { + "description": "Get role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:list` and scope `teams:id:*` and `users.roles:list` and scope `users:id:*`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get role assignments.", + "operationId": "getRoleAssignments", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getRoleAssignmentsResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Set role assignments for the role with the given UID.\n\nYou need to have a permission with action `teams.roles:add` and `teams.roles:remove` and scope `permissions:type:delegate`, and `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Set role assignments.", + "operationId": "setRoleAssignments", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SetRoleAssignmentsCommand" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/setRoleAssignmentsResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/status": { + "get": { + "description": "Returns an indicator to check if fine-grained access control is enabled or not.\n\nYou need to have a permission with action `status:accesscontrol` and scope `services:accesscontrol`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get status.", + "operationId": "getAccessControlStatus", + "responses": { + "200": { + "$ref": "#/responses/getAccessControlStatusResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/teams/{teamId}/roles": { + "get": { + "description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Get team roles.", + "operationId": "listTeamRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "You need to have a permission with action `teams.roles:add` and `teams.roles:remove` and scope `permissions:type:delegate` for each.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Update team role.", + "operationId": "setTeamRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "You need to have a permission with action `teams.roles:add` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Add team role.", + "operationId": "addTeamRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AddTeamRoleCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/teams/{teamId}/roles/{roleUID}": { + "delete": { + "description": "You need to have a permission with action `teams.roles:remove` and scope `permissions:type:delegate`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Remove team role.", + "operationId": "removeTeamRole", + "parameters": [ + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/users/{userId}/roles": { + "get": { + "description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "List roles assigned to a user.", + "operationId": "listUserRoles", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getAllRolesResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Update the user’s role assignments to match the provided set of UIDs. This will remove any assigned roles that aren’t in the request and add roles that are in the set but are not already assigned to the user.\nIf you want to add or remove a single role, consider using Add a user role assignment or Remove a user role assignment instead.\n\nYou need to have a permission with action `users.roles:add` and `users.roles:remove` and scope `permissions:type:delegate` for each. `permissions:type:delegate` scope ensures that users can only assign or unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to assign or unassign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Set user role assignments.", + "operationId": "setUserRoles", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SetUserRolesCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Assign a role to a specific user. For bulk updates consider Set user role assignments.\n\nYou need to have a permission with action `users.roles:add` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only assign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to assign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Add a user role assignment.", + "operationId": "addUserRole", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AddUserRoleCommand" + } + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/access-control/users/{userId}/roles/{roleUID}": { + "delete": { + "description": "Revoke a role from a user. For bulk updates consider Set user role assignments.\n\nYou need to have a permission with action `users.roles:remove` and scope `permissions:type:delegate`. `permissions:type:delegate` scope ensures that users can only unassign roles which have same, or a subset of permissions which the user has. For example, if a user does not have required permissions for creating users, they won’t be able to unassign a role which will allow to do that. This is done to prevent escalation of privileges.", + "tags": [ + "access_control", + "enterprise" + ], + "summary": "Remove a user role assignment.", + "operationId": "removeUserRole", + "parameters": [ + { + "type": "boolean", + "description": "A flag indicating if the assignment is global or not. If set to false, the default org ID of the authenticated user will be used from the request to remove assignment.", + "name": "global", + "in": "query" + }, + { + "type": "string", + "name": "roleUID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/admin/ldap-sync-status": { + "get": { + "description": "You need to have a permission with action `ldap.status:read`.", + "tags": [ + "ldap_debug" + ], + "summary": "Returns the current state of the LDAP background sync integration.", + "operationId": "getSyncStatus", + "responses": { + "200": { + "$ref": "#/responses/getSyncStatusResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/admin/ldap/reload": { "post": { "security": [ @@ -193,6 +810,27 @@ } } }, + "/admin/provisioning/access-control/reload": { + "post": { + "tags": [ + "access_control_provisioning", + "enterprise" + ], + "summary": "You need to have a permission with action `provisioning:reload` with scope `provisioners:accesscontrol`.", + "operationId": "adminProvisioningReloadAccessControl", + "responses": { + "202": { + "$ref": "#/responses/acceptedResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + } + } + } + }, "/admin/provisioning/dashboards/reload": { "post": { "security": [ @@ -2825,7 +3463,7 @@ }, "/datasources/proxy/uid/{uid}/{datasource_proxy_route}": { "get": { - "description": "Returns all folders that the authenticated user has permission to view.\nIf nested folders are enabled, it expects an additional query parameter with the parent folder UID.", + "description": "Proxies all calls to the actual data source.", "tags": [ "datasources" ], @@ -2838,19 +3476,11 @@ "in": "path", "required": true }, - { - "type": "integer", - "format": "int64", - "default": 1, - "description": "Page index for starting fetching folders", - "name": "page", - "in": "query" - }, { "type": "string", - "description": "The parent folder UID", - "name": "parent_uid", - "in": "query" + "name": "uid", + "in": "path", + "required": true } ], "responses": { @@ -3493,6 +4123,216 @@ } } }, + "/datasources/{datasourceId}/disable-permissions": { + "post": { + "description": "Disables permissions for the data source with the given id. All existing permissions will be removed and anyone will be able to query the data source.\n\nYou need to have a permission with action `datasources.permissions:toggle` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Disable permissions for a data source.", + "operationId": "disablePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/createOrUpdateDatasourceResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/enable-permissions": { + "post": { + "description": "Enables permissions for the data source with the given id.\nNo one except Org Admins will be able to query the data source until permissions have been added\nwhich permit certain users or teams to query the data source.\n\nYou need to have a permission with action `datasources.permissions:toggle` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Enable permissions for a data source.", + "operationId": "enablePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/createOrUpdateDatasourceResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/permissions": { + "get": { + "description": "Gets all existing permissions for the data source with the given id.\n\nYou need to have a permission with action `datasources.permissions:read` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Get permissions for a data source.", + "operationId": "getAllPermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getAllPermissionseResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "You need to have a permission with action `datasources.permissions:read` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Add permissions for a data source.", + "operationId": "addPermission", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "userId", + "in": "query" + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "query" + }, + { + "type": "string", + "name": "builtinRole", + "in": "query" + }, + { + "type": "integer", + "format": "int64", + "name": "permission", + "in": "query" + }, + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/addPermissionResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/datasources/{datasourceId}/permissions/{permissionId}": { + "delete": { + "description": "Removes the permission with the given permissionId for the data source with the given id.\n\nYou need to have a permission with action `datasources.permissions:delete` and scopes `datasources:*`, `datasources:id:*`, `datasources:id:1` (single data source).", + "tags": [ + "datasource_permissions", + "enterprise" + ], + "summary": "Remove permission for a data source.", + "operationId": "deletePermissions", + "parameters": [ + { + "type": "string", + "name": "datasourceId", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "permissionId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + } + } + } + }, "/datasources/{id}": { "get": { "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `datasources:read` and scopes: `datasources:*`, `datasources:id:*` and `datasources:id:1` (single data source).\n\nPlease refer to [updated API](#/datasources/getDataSourceByUID) instead", @@ -3728,7 +4568,7 @@ }, "/folders": { "get": { - "description": "Returns all folders that the authenticated user has permission to view.", + "description": "Returns all folders that the authenticated user has permission to view.\nIf nested folders are enabled, it expects an additional query parameter with the parent folder UID.", "tags": [ "folders" ], @@ -3750,6 +4590,12 @@ "description": "Page index for starting fetching folders", "name": "page", "in": "query" + }, + { + "type": "string", + "description": "The parent folder UID", + "name": "parent_uid", + "in": "query" } ], "responses": { @@ -4342,6 +5188,216 @@ } } }, + "/licensing/check": { + "get": { + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Check license availability.", + "operationId": "getStatus", + "responses": { + "200": { + "$ref": "#/responses/getStatusResponse" + } + } + } + }, + "/licensing/custom-permissions": { + "get": { + "description": "You need to have a permission with action `licensing.reports:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get custom permissions report.", + "operationId": "getCustomPermissionsReport", + "responses": { + "200": { + "$ref": "#/responses/getCustomPermissionsReportResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/custom-permissions-csv": { + "get": { + "description": "You need to have a permission with action `licensing.reports:read`.", + "produces": [ + "text/csv" + ], + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get custom permissions report in CSV format.", + "operationId": "getCustomPermissionsCSV", + "responses": { + "200": { + "$ref": "#/responses/getCustomPermissionsReportResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/refresh-stats": { + "get": { + "description": "You need to have a permission with action `licensing:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Refresh license stats.", + "operationId": "refreshLicenseStats", + "responses": { + "200": { + "$ref": "#/responses/refreshLicenseStatsResponse" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/token": { + "get": { + "description": "You need to have a permission with action `licensing:read`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Get license token.", + "operationId": "getLicenseToken", + "responses": { + "200": { + "$ref": "#/responses/getLicenseTokenResponse" + } + } + }, + "post": { + "description": "You need to have a permission with action `licensing:update`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Create license token.", + "operationId": "postLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/DeleteTokenCommand" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/getLicenseTokenResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + } + } + }, + "delete": { + "description": "Removes the license stored in the Grafana database. Available in Grafana Enterprise v7.4+.\n\nYou need to have a permission with action `licensing:delete`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Remove license from database.", + "operationId": "deleteLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/DeleteTokenCommand" + } + } + ], + "responses": { + "202": { + "$ref": "#/responses/acceptedResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/licensing/token/renew": { + "post": { + "description": "Manually ask license issuer for a new token. Available in Grafana Enterprise v7.4+.\n\nYou need to have a permission with action `licensing:update`.", + "tags": [ + "licensing", + "enterprise" + ], + "summary": "Manually force license refresh.", + "operationId": "postRenewLicenseToken", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "type": "object" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/postRenewLicenseTokenResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "404": { + "$ref": "#/responses/notFoundError" + } + } + } + }, + "/logout/saml": { + "get": { + "tags": [ + "saml", + "enterprise" + ], + "summary": "GetLogout initiates single logout process.", + "operationId": "getSAMLLogout", + "responses": { + "302": { + "description": "" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/org": { "get": { "tags": [ @@ -5283,6 +6339,44 @@ } } }, + "/orgs/{org_id}/users/search": { + "get": { + "security": [ + { + "basic": [] + } + ], + "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `org.users:read` with scope `users:*`.", + "tags": [ + "orgs" + ], + "summary": "Search Users in Organization.", + "operationId": "searchOrgUsers", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "org_id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/searchOrgUsersResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/orgs/{org_id}/users/{user_id}": { "delete": { "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `org.users:remove` with scope `users:*`.", @@ -5887,6 +6981,827 @@ } } }, + "/recording-rules": { + "get": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Lists all rules in the database: active or deleted.", + "operationId": "listRecordingRules", + "responses": { + "200": { + "$ref": "#/responses/listRecordingRulesResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Update the active status of a rule.", + "operationId": "updateRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Create a recording rule that is then registered and started.", + "operationId": "createRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/test": { + "post": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Test a recording rule.", + "operationId": "testCreateRecordingRule", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/writer": { + "get": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Return the prometheus remote write target.", + "operationId": "getRecordingRuleWriteTarget", + "responses": { + "200": { + "$ref": "#/responses/recordingRuleWriteTargetResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "It returns a 422 if there is not an existing prometheus data source configured.", + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Create a remote write target.", + "operationId": "createRecordingRuleWriteTarget", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PrometheusRemoteWriteTargetJSON" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/recordingRuleWriteTargetResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "422": { + "$ref": "#/responses/unprocessableEntityError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Delete the remote write target.", + "operationId": "deleteRecordingRuleWriteTarget", + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/recording-rules/{recordingRuleID}": { + "delete": { + "tags": [ + "recording_rules", + "enterprise" + ], + "summary": "Delete removes the rule from the registry and stops it.", + "operationId": "deleteRecordingRule", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "recordingRuleID", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports:read` with scope `reports:*`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "List reports.", + "operationId": "getReports", + "responses": { + "200": { + "$ref": "#/responses/getReportsResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Available to org admins only and with a valid license.\n\nYou need to have a permission with action `reports.admin:create`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Create a report.", + "operationId": "createReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/createReportResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/email": { + "post": { + "description": "Generate and send a report. This API waits for the report to be generated before returning. We recommend that you set the client’s timeout to at least 60 seconds. Available to org admins only and with a valid license.\n\nOnly available in Grafana Enterprise v7.0+.\nThis API endpoint is experimental and may be deprecated in a future release. On deprecation, a migration strategy will be provided and the endpoint will remain functional until the next major release of Grafana.\n\nYou need to have a permission with action `reports:send`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Send a report.", + "operationId": "sendReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/ReportEmailDTO" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/render/pdf/{dashboardID}": { + "get": { + "description": "Please refer to [reports enterprise](#/reports/renderReportPDFs) instead. This will be removed in Grafana 10.", + "produces": [ + "application/pdf" + ], + "tags": [ + "reports", + "enterprise" + ], + "summary": "Render report for dashboard.", + "operationId": "renderReportPDF", + "deprecated": true, + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "DashboardID", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "dashboardID", + "in": "path", + "required": true + }, + { + "type": "string", + "name": "title", + "in": "query" + }, + { + "type": "string", + "name": "variables", + "in": "query" + }, + { + "type": "string", + "name": "from", + "in": "query" + }, + { + "type": "string", + "name": "to", + "in": "query" + }, + { + "type": "string", + "name": "orientation", + "in": "query" + }, + { + "type": "string", + "name": "layout", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/render/pdfs": { + "get": { + "description": "Available to all users and with a valid license.", + "produces": [ + "application/pdf" + ], + "tags": [ + "reports", + "enterprise" + ], + "summary": "Render report for multiple dashboards.", + "operationId": "renderReportPDFs", + "parameters": [ + { + "type": "string", + "name": "dashboardID", + "in": "query" + }, + { + "type": "string", + "name": "orientation", + "in": "query" + }, + { + "type": "string", + "name": "layout", + "in": "query" + } + ], + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/settings": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.settings:read`x.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Get settings.", + "operationId": "getReportSettings", + "responses": { + "200": { + "$ref": "#/responses/getReportSettingsResponse" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.settings:write`xx.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Save settings.", + "operationId": "saveReportSettings", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/SettingsDTO" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/test-email": { + "post": { + "description": "Available to org admins only and with a valid license.\n\nYou need to have a permission with action `reports:send`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Send test report via email.", + "operationId": "sendTestEmail", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/reports/{id}": { + "get": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports:read` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Get a report.", + "operationId": "getReport", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getReportResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "put": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.admin:write` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Update a report.", + "operationId": "updateReport", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CreateOrUpdateConfigCmd" + } + }, + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "delete": { + "description": "Available to org admins only and with a valid or expired license.\n\nYou need to have a permission with action `reports.delete` with scope `reports:id:\u003creport ID\u003e`.", + "tags": [ + "reports", + "enterprise" + ], + "summary": "Delete a report.", + "operationId": "deleteReport", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "id", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/saml/acs": { + "post": { + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs assertion Consumer Service (ACS).", + "operationId": "postACS", + "parameters": [ + { + "type": "string", + "name": "RelayState", + "in": "query" + } + ], + "responses": { + "302": { + "description": "" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/saml/metadata": { + "get": { + "produces": [ + "application/xml;application/samlmetadata+xml" + ], + "tags": [ + "saml", + "enterprise" + ], + "summary": "It exposes the SP (Grafana's) metadata for the IdP's consumption.", + "operationId": "getMetadata", + "responses": { + "200": { + "$ref": "#/responses/contentResponse" + } + } + } + }, + "/saml/slo": { + "get": { + "description": "There might be two possible requests:\n1. Logout response (callback) when Grafana initiates single logout and IdP returns response to logout request.\n2. Logout request when another SP initiates single logout and IdP sends logout request to the Grafana,\nor in case of IdP-initiated logout.", + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs Single Logout (SLO) callback.", + "operationId": "getSLO", + "responses": { + "302": { + "description": "" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "description": "There might be two possible requests:\n1. Logout response (callback) when Grafana initiates single logout and IdP returns response to logout request.\n2. Logout request when another SP initiates single logout and IdP sends logout request to the Grafana,\nor in case of IdP-initiated logout.", + "tags": [ + "saml", + "enterprise" + ], + "summary": "It performs Single Logout (SLO) callback.", + "operationId": "postSLO", + "parameters": [ + { + "type": "string", + "name": "SAMLRequest", + "in": "query" + }, + { + "type": "string", + "name": "SAMLResponse", + "in": "query" + } + ], + "responses": { + "302": { + "description": "" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/search": { "get": { "tags": [ @@ -6031,7 +7946,7 @@ "tags": [ "service_accounts" ], - "summary": "# Create service account", + "summary": "Create service account", "operationId": "createServiceAccount", "parameters": [ { @@ -6067,7 +7982,7 @@ "tags": [ "service_accounts" ], - "summary": "# Search service accounts with paging", + "summary": "Search service accounts with paging", "operationId": "searchOrgServiceAccountsWithPaging", "parameters": [ { @@ -6123,7 +8038,7 @@ "tags": [ "service_accounts" ], - "summary": "# Get single serviceaccount by Id", + "summary": "Get single serviceaccount by Id", "operationId": "retrieveServiceAccount", "parameters": [ { @@ -6160,7 +8075,7 @@ "tags": [ "service_accounts" ], - "summary": "# Delete service account", + "summary": "Delete service account", "operationId": "deleteServiceAccount", "parameters": [ { @@ -6194,7 +8109,7 @@ "tags": [ "service_accounts" ], - "summary": "# Update service account", + "summary": "Update service account", "operationId": "updateServiceAccount", "parameters": [ { @@ -6240,7 +8155,7 @@ "tags": [ "service_accounts" ], - "summary": "# Get service account tokens", + "summary": "Get service account tokens", "operationId": "listTokens", "parameters": [ { @@ -6274,7 +8189,7 @@ "tags": [ "service_accounts" ], - "summary": "# CreateNewToken adds a token to a service account", + "summary": "CreateNewToken adds a token to a service account", "operationId": "createToken", "parameters": [ { @@ -6323,7 +8238,7 @@ "tags": [ "service_accounts" ], - "summary": "# DeleteToken deletes service account tokens", + "summary": "DeleteToken deletes service account tokens", "operationId": "deleteToken", "parameters": [ { @@ -6596,6 +8511,135 @@ } } }, + "/teams/{teamId}/groups": { + "get": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Get External Groups.", + "operationId": "getTeamGroupsApi", + "parameters": [ + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/getTeamGroupsApiResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + }, + "post": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Add External Group.", + "operationId": "addTeamGroupApi", + "parameters": [ + { + "name": "body", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/TeamGroupMapping" + } + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, + "/teams/{teamId}/groups/{groupId}": { + "delete": { + "tags": [ + "sync_team_groups", + "enterprise" + ], + "summary": "Remove External Group.", + "operationId": "removeTeamGroupApi", + "parameters": [ + { + "type": "string", + "name": "groupId", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int64", + "name": "teamId", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "$ref": "#/responses/okResponse" + }, + "400": { + "$ref": "#/responses/badRequestError" + }, + "401": { + "$ref": "#/responses/unauthorisedError" + }, + "403": { + "$ref": "#/responses/forbiddenError" + }, + "404": { + "$ref": "#/responses/notFoundError" + }, + "500": { + "$ref": "#/responses/internalServerError" + } + } + } + }, "/teams/{team_id}": { "get": { "tags": [ @@ -7739,6 +9783,42 @@ } }, "definitions": { + "ActiveSyncStatusDTO": { + "description": "ActiveSyncStatusDTO holds the information for LDAP background Sync", + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "nextSync": { + "type": "string", + "format": "date-time" + }, + "prevSync": { + "$ref": "#/definitions/SyncResult" + }, + "schedule": { + "type": "string" + } + } + }, + "ActiveUserStats": { + "type": "object", + "properties": { + "active_admins_and_editors": { + "type": "integer", + "format": "int64" + }, + "active_users": { + "type": "integer", + "format": "int64" + }, + "active_viewers": { + "type": "integer", + "format": "int64" + } + } + }, "AddCommand": { "type": "object", "properties": { @@ -7845,6 +9925,25 @@ } } }, + "AddPermissionDTO": { + "type": "object", + "properties": { + "builtinRole": { + "type": "string" + }, + "permission": { + "$ref": "#/definitions/DsPermissionType" + }, + "teamId": { + "type": "integer", + "format": "int64" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, "AddServiceAccountTokenCommand": { "type": "object", "properties": { @@ -7866,6 +9965,25 @@ } } }, + "AddTeamRoleCommand": { + "type": "object", + "properties": { + "roleUid": { + "type": "string" + } + } + }, + "AddUserRoleCommand": { + "type": "object", + "properties": { + "global": { + "type": "boolean" + }, + "roleUid": { + "type": "string" + } + } + }, "Address": { "type": "object", "properties": { @@ -8269,6 +10387,26 @@ } } }, + "BrandingOptionsDTO": { + "type": "object", + "properties": { + "emailFooterLink": { + "type": "string" + }, + "emailFooterMode": { + "type": "string" + }, + "emailFooterText": { + "type": "string" + }, + "emailLogoUrl": { + "type": "string" + }, + "reportLogoUrl": { + "type": "string" + } + } + }, "CalculateDiffTarget": { "type": "object", "properties": { @@ -8301,6 +10439,88 @@ "type": "number", "format": "double" }, + "ConfigDTO": { + "description": "ConfigDTO is model representation in transfer", + "type": "object", + "properties": { + "created": { + "type": "string", + "format": "date-time" + }, + "dashboardId": { + "type": "integer", + "format": "int64" + }, + "dashboardName": { + "type": "string" + }, + "dashboardUid": { + "type": "string" + }, + "dashboards": { + "type": "array", + "items": { + "$ref": "#/definitions/DashboardDTO" + } + }, + "enableCsv": { + "type": "boolean" + }, + "enableDashboardUrl": { + "type": "boolean" + }, + "formats": { + "type": "array", + "items": { + "$ref": "#/definitions/Type" + } + }, + "id": { + "type": "integer", + "format": "int64" + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "options": { + "$ref": "#/definitions/ReportOptionsDTO" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "recipients": { + "type": "string" + }, + "replyTo": { + "type": "string" + }, + "scaleFactor": { + "type": "integer", + "format": "int64" + }, + "schedule": { + "$ref": "#/definitions/ScheduleDTO" + }, + "state": { + "$ref": "#/definitions/State" + }, + "templateVars": { + "type": "object" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, "Correlation": { "description": "Correlation is the model for correlations definitions", "type": "object", @@ -8547,6 +10767,64 @@ } } }, + "CreateOrUpdateConfigCmd": { + "type": "object", + "properties": { + "dashboardId": { + "type": "integer", + "format": "int64" + }, + "dashboardUid": { + "type": "string" + }, + "dashboards": { + "type": "array", + "items": { + "$ref": "#/definitions/DashboardDTO" + } + }, + "enableCsv": { + "type": "boolean" + }, + "enableDashboardUrl": { + "type": "boolean" + }, + "formats": { + "type": "array", + "items": { + "$ref": "#/definitions/Type" + } + }, + "message": { + "type": "string" + }, + "name": { + "type": "string" + }, + "options": { + "$ref": "#/definitions/ReportOptionsDTO" + }, + "recipients": { + "type": "string" + }, + "replyTo": { + "type": "string" + }, + "scaleFactor": { + "type": "integer", + "format": "int64" + }, + "schedule": { + "$ref": "#/definitions/ScheduleDTO" + }, + "state": { + "$ref": "#/definitions/State" + }, + "templateVars": { + "type": "object" + } + } + }, "CreateOrgCommand": { "type": "object", "properties": { @@ -8589,6 +10867,42 @@ } } }, + "CreateRoleForm": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "global": { + "type": "boolean" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "uid": { + "type": "string" + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "CreateServiceAccountForm": { "type": "object", "properties": { @@ -8622,6 +10936,53 @@ } } }, + "CustomPermissionsRecordDTO": { + "type": "object", + "properties": { + "customPermissions": { + "type": "string" + }, + "granteeName": { + "type": "string" + }, + "granteeType": { + "type": "string" + }, + "granteeUrl": { + "type": "string" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "isFolder": { + "type": "boolean" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "orgRole": { + "type": "string" + }, + "slug": { + "type": "string" + }, + "title": { + "type": "string" + }, + "uid": { + "type": "string" + }, + "url": { + "type": "string" + }, + "usersCount": { + "type": "integer", + "format": "int64" + } + } + }, "DashboardACLInfoDTO": { "type": "object", "properties": { @@ -8725,6 +11086,20 @@ } } }, + "DashboardDTO": { + "type": "object", + "properties": { + "dashboard": { + "$ref": "#/definitions/DashboardReportDTO" + }, + "reportVariables": { + "type": "object" + }, + "timeRange": { + "$ref": "#/definitions/TimeRangeDTO" + } + } + }, "DashboardFullWithMeta": { "type": "object", "properties": { @@ -8841,6 +11216,21 @@ } } }, + "DashboardReportDTO": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + }, + "uid": { + "type": "string" + } + } + }, "DashboardSnapshot": { "description": "DashboardSnapshot model", "type": "object", @@ -8961,8 +11351,8 @@ "format": "date-time" }, "createdBy": { - "description": "Since we get created by with left join user table, this can be null technically,\nbut in reality it will always be set, when database is not corrupted.", - "type": "string" + "type": "integer", + "format": "int64" }, "dashboardId": { "type": "integer", @@ -8971,6 +11361,9 @@ "dashboardUid": { "type": "string" }, + "data": { + "$ref": "#/definitions/Json" + }, "id": { "type": "integer", "format": "int64" @@ -8993,7 +11386,7 @@ } }, "DashboardVersionMeta": { - "description": "DashboardVersionMeta extends the dashboard version model with the names\nassociated with the UserIds, overriding the field with the same name from\nthe DashboardVersion model.", + "description": "DashboardVersionMeta extends the DashboardVersionDTO with the names\nassociated with the UserIds, overriding the field with the same name from\nthe DashboardVersionDTO model.", "type": "object", "properties": { "created": { @@ -9192,7 +11585,85 @@ } } }, + "DataSourcePermissionRuleDTO": { + "type": "object", + "properties": { + "builtInRole": { + "type": "string" + }, + "created": { + "type": "string", + "format": "date-time" + }, + "datasourceId": { + "type": "integer", + "format": "int64" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "isManaged": { + "type": "boolean" + }, + "permission": { + "$ref": "#/definitions/DsPermissionType" + }, + "permissionName": { + "type": "string" + }, + "team": { + "type": "string" + }, + "teamAvatarUrl": { + "type": "string" + }, + "teamEmail": { + "type": "string" + }, + "teamId": { + "type": "integer", + "format": "int64" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "userAvatarUrl": { + "type": "string" + }, + "userEmail": { + "type": "string" + }, + "userId": { + "type": "integer", + "format": "int64" + }, + "userLogin": { + "type": "string" + } + } + }, + "DataSourcePermissionsDTO": { + "type": "object", + "properties": { + "datasourceId": { + "type": "integer", + "format": "int64" + }, + "enabled": { + "type": "boolean" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/DataSourcePermissionRuleDTO" + } + } + } + }, "DataTopic": { + "description": "nolint:revive", "type": "string", "title": "DataTopic is used to identify which topic the frame should be assigned to." }, @@ -9205,9 +11676,22 @@ } } }, + "DeleteTokenCommand": { + "type": "object", + "properties": { + "instance": { + "type": "string" + } + } + }, "DsAccess": { "type": "string" }, + "DsPermissionType": { + "description": "Datasource permission\nDescription:\n`0` - No Access\n`1` - Query\n`2` - Edit\nEnum: 0,1,2", + "type": "integer", + "format": "int64" + }, "Duration": { "description": "A Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years.", "type": "integer", @@ -9250,6 +11734,18 @@ } } }, + "FailedUser": { + "description": "FailedUser holds the information of an user that failed", + "type": "object", + "properties": { + "Error": { + "type": "string" + }, + "Login": { + "type": "string" + } + } + }, "Field": { "description": "A Field is essentially a slice of various types with extra properties and methods.\nSee NewField() for supported types.\n\nThe slice data in the Field is a not exported, so methods on the Field are used to to manipulate its data.", "type": "object", @@ -9734,6 +12230,23 @@ "format": "int64", "title": "InspectType is a type for the Inspect property of a Notice." }, + "Item": { + "type": "object", + "title": "Item defines model for Item.", + "properties": { + "title": { + "description": "Title is an unused property -- it will be removed in the future", + "type": "string" + }, + "type": { + "$ref": "#/definitions/ItemType" + }, + "value": { + "description": "Value depends on type and describes the playlist item.\n\ndashboard_by_id: The value is an internal numerical identifier set by Grafana. This\nis not portable as the numerical identifier is non-deterministic between different instances.\nWill be replaced by dashboard_by_uid in the future. (deprecated)\ndashboard_by_tag: The value is a tag which is set on any number of dashboards. All\ndashboards behind the tag will be added to the playlist.\ndashboard_by_uid: The value is the dashboard UID", + "type": "string" + } + } + }, "ItemDTO": { "type": "object", "properties": { @@ -9808,6 +12321,10 @@ } } }, + "ItemType": { + "type": "string", + "title": "Type of the item." + }, "Json": { "type": "object" }, @@ -10295,6 +12812,12 @@ "type": "boolean" } }, + "authLabels": { + "type": "array", + "items": { + "type": "string" + } + }, "avatarUrl": { "type": "string" }, @@ -10333,6 +12856,9 @@ "PatchAnnotationsCmd": { "type": "object", "properties": { + "data": { + "$ref": "#/definitions/Json" + }, "id": { "type": "integer", "format": "int64" @@ -10466,6 +12992,26 @@ } } }, + "Permission": { + "type": "object", + "title": "Permission is the model for access control permissions.", + "properties": { + "action": { + "type": "string" + }, + "created": { + "type": "string", + "format": "date-time" + }, + "scope": { + "type": "string" + }, + "updated": { + "type": "string", + "format": "date-time" + } + } + }, "PermissionType": { "type": "integer", "format": "int64" @@ -10525,25 +13071,30 @@ }, "PlaylistItem": { "type": "object", - "title": "PlaylistItem defines model for playlist.Item.", "properties": { + "Id": { + "type": "integer", + "format": "int64" + }, + "PlaylistId": { + "type": "integer", + "format": "int64" + }, + "order": { + "type": "integer", + "format": "int64" + }, "title": { - "description": "Title is an unused property -- it will be removed in the future", "type": "string" }, "type": { - "$ref": "#/definitions/PlaylistItemType" + "type": "string" }, "value": { - "description": "Value depends on type and describes the playlist item.\n\ndashboard_by_id: The value is an internal numerical identifier set by Grafana. This\nis not portable as the numerical identifier is non-deterministic between different instances.\nWill be replaced by dashboard_by_uid in the future. (deprecated)\ndashboard_by_tag: The value is a tag which is set on any number of dashboards. All\ndashboards behind the tag will be added to the playlist.\ndashboard_by_uid: The value is the dashboard UID", "type": "string" } } }, - "PlaylistItemType": { - "type": "string", - "title": "Type of the item." - }, "Playlists": { "type": "array", "items": { @@ -10635,6 +13186,20 @@ } } }, + "PrometheusRemoteWriteTargetJSON": { + "type": "object", + "properties": { + "data_source_uid": { + "type": "string" + }, + "id": { + "type": "string" + }, + "remote_write_path": { + "type": "string" + } + } + }, "QueryDataResponse": { "description": "It is the return type of a QueryData call.", "type": "object", @@ -10876,6 +13441,86 @@ } } }, + "RecordingRuleJSON": { + "description": "RecordingRuleJSON is the external representation of a recording rule", + "type": "object", + "properties": { + "active": { + "type": "boolean" + }, + "count": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "dest_data_source_uid": { + "type": "string" + }, + "id": { + "type": "string" + }, + "interval": { + "type": "integer", + "format": "int64" + }, + "name": { + "type": "string" + }, + "prom_name": { + "type": "string" + }, + "queries": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": {} + } + }, + "range": { + "type": "integer", + "format": "int64" + }, + "target_ref_id": { + "type": "string" + } + } + }, + "ReportEmailDTO": { + "type": "object", + "properties": { + "email": { + "type": "string" + }, + "emails": { + "description": "Comma-separated list of emails to which to send the report to.", + "type": "string" + }, + "id": { + "description": "Send the report to the emails specified in the report. Required if emails is not present.", + "type": "string", + "format": "int64" + }, + "useEmailsFromReport": { + "description": "Send the report to the emails specified in the report. Required if emails is not present.", + "type": "boolean" + } + } + }, + "ReportOptionsDTO": { + "type": "object", + "properties": { + "layout": { + "type": "string" + }, + "orientation": { + "type": "string" + }, + "timeRange": { + "$ref": "#/definitions/TimeRangeDTO" + } + } + }, "Responses": { "description": "The QueryData method the QueryDataHandler method will set the RefId\nproperty on the DataResponses' frames based on these RefIDs.", "type": "object", @@ -10902,6 +13547,79 @@ } } }, + "RoleAssignmentsDTO": { + "type": "object", + "properties": { + "role_uid": { + "type": "string" + }, + "service_accounts": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "teams": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "users": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, + "RoleDTO": { + "type": "object", + "properties": { + "created": { + "type": "string", + "format": "date-time" + }, + "delegatable": { + "type": "boolean" + }, + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "uid": { + "type": "string" + }, + "updated": { + "type": "string", + "format": "date-time" + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "SaveDashboardCommand": { "type": "object", "properties": { @@ -11002,6 +13720,29 @@ } } }, + "SearchOrgUsersQueryResult": { + "type": "object", + "properties": { + "orgUsers": { + "type": "array", + "items": { + "$ref": "#/definitions/OrgUserDTO" + } + }, + "page": { + "type": "integer", + "format": "int64" + }, + "perPage": { + "type": "integer", + "format": "int64" + }, + "totalCount": { + "type": "integer", + "format": "int64" + } + } + }, "SearchTeamQueryResult": { "type": "object", "properties": { @@ -11161,6 +13902,49 @@ } } }, + "SetRoleAssignmentsCommand": { + "type": "object", + "properties": { + "service_accounts": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "teams": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "users": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, + "SetUserRolesCommand": { + "type": "object", + "properties": { + "global": { + "type": "boolean" + }, + "includeHidden": { + "type": "boolean" + }, + "roleUids": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, "SettingsBag": { "type": "object", "additionalProperties": { @@ -11170,6 +13954,29 @@ } } }, + "SettingsDTO": { + "type": "object", + "properties": { + "branding": { + "$ref": "#/definitions/BrandingOptionsDTO" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "userId": { + "type": "integer", + "format": "int64" + } + } + }, + "State": { + "type": "string" + }, "Status": { "type": "integer", "format": "int64" @@ -11182,6 +13989,39 @@ } } }, + "SyncResult": { + "type": "object", + "title": "SyncResult holds the result of a sync with LDAP. This gives us information on which users were updated and how.", + "properties": { + "Elapsed": { + "$ref": "#/definitions/Duration" + }, + "FailedUsers": { + "type": "array", + "items": { + "$ref": "#/definitions/FailedUser" + } + }, + "MissingUserIds": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + }, + "Started": { + "type": "string", + "format": "date-time" + }, + "UpdatedUserIds": { + "type": "array", + "items": { + "type": "integer", + "format": "int64" + } + } + } + }, "TagsDTO": { "type": "object", "title": "TagsDTO is the frontend DTO for Tag.", @@ -11230,6 +14070,30 @@ } } }, + "TeamGroupDTO": { + "type": "object", + "properties": { + "groupId": { + "type": "string" + }, + "orgId": { + "type": "integer", + "format": "int64" + }, + "teamId": { + "type": "integer", + "format": "int64" + } + } + }, + "TeamGroupMapping": { + "type": "object", + "properties": { + "groupId": { + "type": "string" + } + } + }, "TeamMemberDTO": { "type": "object", "properties": { @@ -11365,6 +14229,104 @@ "description": "ThresholdsMode absolute or percentage", "type": "string" }, + "TimeRangeDTO": { + "type": "object", + "properties": { + "from": { + "type": "string" + }, + "to": { + "type": "string" + } + } + }, + "Token": { + "type": "object", + "properties": { + "account": { + "type": "string" + }, + "company": { + "type": "string" + }, + "details_url": { + "type": "string" + }, + "exp": { + "type": "integer", + "format": "int64" + }, + "iat": { + "type": "integer", + "format": "int64" + }, + "included_users": { + "type": "integer", + "format": "int64" + }, + "iss": { + "type": "string" + }, + "jti": { + "type": "string" + }, + "lexp": { + "type": "integer", + "format": "int64" + }, + "lic_exp_warn_days": { + "type": "integer", + "format": "int64" + }, + "lid": { + "type": "string" + }, + "limit_by": { + "type": "string" + }, + "max_concurrent_user_sessions": { + "type": "integer", + "format": "int64" + }, + "nbf": { + "type": "integer", + "format": "int64" + }, + "prod": { + "type": "array", + "items": { + "type": "string" + } + }, + "slug": { + "type": "string" + }, + "status": { + "$ref": "#/definitions/TokenStatus" + }, + "sub": { + "type": "string" + }, + "tok_exp_warn_days": { + "type": "integer", + "format": "int64" + }, + "trial": { + "type": "boolean" + }, + "trial_exp": { + "type": "integer", + "format": "int64" + }, + "update_days": { + "type": "integer", + "format": "int64" + }, + "usage_billing": { + "type": "boolean" + } + } + }, "TokenDTO": { "type": "object", "properties": { @@ -11407,6 +14369,10 @@ } } }, + "TokenStatus": { + "type": "integer", + "format": "int64" + }, "TrimDashboardCommand": { "type": "object", "properties": { @@ -11429,6 +14395,9 @@ } } }, + "Type": { + "type": "string" + }, "UpdateAlertNotificationCommand": { "type": "object", "properties": { @@ -11506,6 +14475,9 @@ "UpdateAnnotationsCmd": { "type": "object", "properties": { + "data": { + "$ref": "#/definitions/Json" + }, "id": { "type": "integer", "format": "int64" @@ -11766,6 +14738,39 @@ } } }, + "UpdateRoleCommand": { + "type": "object", + "properties": { + "description": { + "type": "string" + }, + "displayName": { + "type": "string" + }, + "global": { + "type": "boolean" + }, + "group": { + "type": "string" + }, + "hidden": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + "version": { + "type": "integer", + "format": "int64" + } + } + }, "UpdateServiceAccountForm": { "type": "object", "properties": { @@ -11795,7 +14800,7 @@ "Email": { "type": "string" }, - "Id": { + "ID": { "type": "integer", "format": "int64" }, @@ -12050,6 +15055,21 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "addPermissionResponse": { + "description": "", + "schema": { + "type": "object", + "properties": { + "message": { + "type": "string" + }, + "permissionId": { + "type": "integer", + "format": "int64" + } + } + } + }, "adminCreateUserResponse": { "description": "", "schema": { @@ -12099,6 +15119,16 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "contentResponse": { + "description": "", + "schema": { + "type": "array", + "items": { + "type": "integer", + "format": "uint8" + } + } + }, "createCorrelationResponse": { "description": "", "schema": { @@ -12194,6 +15224,27 @@ "$ref": "#/definitions/Playlist" } }, + "createReportResponse": { + "description": "", + "schema": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int64" + }, + "message": { + "type": "string" + } + } + } + }, + "createRoleResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/RoleDTO" + } + }, "createServiceAccountResponse": { "description": "", "schema": { @@ -12378,6 +15429,12 @@ } } }, + "getAccessControlStatusResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/Status" + } + }, "getAlertNotificationChannelResponse": { "description": "", "schema": { @@ -12417,6 +15474,21 @@ } } }, + "getAllPermissionseResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/DataSourcePermissionsDTO" + } + }, + "getAllRolesResponse": { + "description": "", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + }, "getAnnotationByIDResponse": { "description": "", "schema": { @@ -12468,6 +15540,15 @@ "$ref": "#/definitions/OrgDetailsDTO" } }, + "getCustomPermissionsReportResponse": { + "description": "", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/CustomPermissionsRecordDTO" + } + } + }, "getDashboardPermissionsListResponse": { "description": "", "schema": { @@ -12569,6 +15650,12 @@ "$ref": "#/definitions/LibraryElementSearchResponse" } }, + "getLicenseTokenResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/Token" + } + }, "getOrgByIDResponse": { "description": "", "schema": { @@ -12628,7 +15715,7 @@ "schema": { "type": "array", "items": { - "$ref": "#/definitions/PlaylistItem" + "$ref": "#/definitions/Item" } } }, @@ -12677,6 +15764,39 @@ } } }, + "getReportResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/ConfigDTO" + } + }, + "getReportSettingsResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/SettingsDTO" + } + }, + "getReportsResponse": { + "description": "", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/ConfigDTO" + } + } + }, + "getRoleAssignmentsResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/RoleAssignmentsDTO" + } + }, + "getRoleResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/RoleDTO" + } + }, "getSharingOptionsResponse": { "description": "", "schema": { @@ -12712,12 +15832,30 @@ } } }, + "getStatusResponse": { + "description": "" + }, + "getSyncStatusResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/ActiveSyncStatusDTO" + } + }, "getTeamByIDResponse": { "description": "", "schema": { "$ref": "#/definitions/TeamDTO" } }, + "getTeamGroupsApiResponse": { + "description": "", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/TeamGroupDTO" + } + } + }, "getTeamMembersResponse": { "description": "", "schema": { @@ -12781,6 +15919,36 @@ "$ref": "#/definitions/ErrorResponseBody" } }, + "listBuiltinRolesResponse": { + "description": "", + "schema": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + } + }, + "listRecordingRulesResponse": { + "description": "", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RecordingRuleJSON" + } + } + }, + "listRolesResponse": { + "description": "", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDTO" + } + } + }, "listSortOptionsResponse": { "description": "", "schema": { @@ -12941,6 +16109,9 @@ } } }, + "postRenewLicenseTokenResponse": { + "description": "" + }, "preconditionFailedError": { "description": "PreconditionFailedError", "schema": { @@ -12953,6 +16124,24 @@ "$ref": "#/definitions/QueryDataResponse" } }, + "recordingRuleResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/RecordingRuleJSON" + } + }, + "recordingRuleWriteTargetResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/PrometheusRemoteWriteTargetJSON" + } + }, + "refreshLicenseStatsResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/ActiveUserStats" + } + }, "retrieveServiceAccountResponse": { "description": "", "schema": { @@ -12974,6 +16163,12 @@ "$ref": "#/definitions/SearchOrgServiceAccountsResult" } }, + "searchOrgUsersResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/SearchOrgUsersQueryResult" + } + }, "searchOrgsResponse": { "description": "", "schema": { @@ -13007,6 +16202,12 @@ "$ref": "#/definitions/SearchUserQueryResult" } }, + "setRoleAssignmentsResponse": { + "description": "", + "schema": { + "$ref": "#/definitions/RoleAssignmentsDTO" + } + }, "testAlertResponse": { "description": "", "schema": { diff --git a/public/openapi3.json b/public/openapi3.json index 1a1661abe8b..f8166a3a17f 100644 --- a/public/openapi3.json +++ b/public/openapi3.json @@ -942,7 +942,7 @@ "application/json": { "schema": { "items": { - "$ref": "#/components/schemas/PlaylistItem" + "$ref": "#/components/schemas/Item" }, "type": "array" } @@ -1587,6 +1587,16 @@ }, "description": "(empty)" }, + "searchOrgUsersResponse": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SearchOrgUsersQueryResult" + } + } + }, + "description": "(empty)" + }, "searchOrgsResponse": { "content": { "application/json": { @@ -2648,6 +2658,60 @@ "title": "Authorization contains HTTP authorization credentials.", "type": "object" }, + "BacktestConfig": { + "properties": { + "annotations": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "condition": { + "type": "string" + }, + "data": { + "items": { + "$ref": "#/components/schemas/AlertQuery" + }, + "type": "array" + }, + "for": { + "$ref": "#/components/schemas/Duration" + }, + "from": { + "format": "date-time", + "type": "string" + }, + "interval": { + "$ref": "#/components/schemas/Duration" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" + }, + "no_data_state": { + "enum": [ + "Alerting", + "NoData", + "OK" + ], + "type": "string" + }, + "title": { + "type": "string" + }, + "to": { + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "BacktestResult": { + "$ref": "#/components/schemas/Frame" + }, "BasicAuth": { "properties": { "password": { @@ -3662,8 +3726,8 @@ "type": "string" }, "createdBy": { - "description": "Since we get created by with left join user table, this can be null technically,\nbut in reality it will always be set, when database is not corrupted.", - "type": "string" + "format": "int64", + "type": "integer" }, "dashboardId": { "format": "int64", @@ -3672,6 +3736,9 @@ "dashboardUid": { "type": "string" }, + "data": { + "$ref": "#/components/schemas/Json" + }, "id": { "format": "int64", "type": "integer" @@ -3695,7 +3762,7 @@ "type": "object" }, "DashboardVersionMeta": { - "description": "DashboardVersionMeta extends the dashboard version model with the names\nassociated with the UserIds, overriding the field with the same name from\nthe DashboardVersion model.", + "description": "DashboardVersionMeta extends the DashboardVersionDTO with the names\nassociated with the UserIds, overriding the field with the same name from\nthe DashboardVersionDTO model.", "properties": { "created": { "format": "date-time", @@ -3972,6 +4039,7 @@ "type": "object" }, "DataTopic": { + "description": "nolint:revive", "title": "DataTopic is used to identify which topic the frame should be assigned to.", "type": "string" }, @@ -5247,6 +5315,23 @@ "title": "InspectType is a type for the Inspect property of a Notice.", "type": "integer" }, + "Item": { + "properties": { + "title": { + "description": "Title is an unused property -- it will be removed in the future", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/ItemType" + }, + "value": { + "description": "Value depends on type and describes the playlist item.\n\ndashboard_by_id: The value is an internal numerical identifier set by Grafana. This\nis not portable as the numerical identifier is non-deterministic between different instances.\nWill be replaced by dashboard_by_uid in the future. (deprecated)\ndashboard_by_tag: The value is a tag which is set on any number of dashboards. All\ndashboards behind the tag will be added to the playlist.\ndashboard_by_uid: The value is the dashboard UID", + "type": "string" + } + }, + "title": "Item defines model for Item.", + "type": "object" + }, "ItemDTO": { "properties": { "alertId": { @@ -5321,6 +5406,10 @@ }, "type": "object" }, + "ItemType": { + "title": "Type of the item.", + "type": "string" + }, "Json": { "type": "object" }, @@ -6070,6 +6159,12 @@ }, "type": "object" }, + "authLabels": { + "items": { + "type": "string" + }, + "type": "array" + }, "avatarUrl": { "type": "string" }, @@ -6195,6 +6290,9 @@ }, "PatchAnnotationsCmd": { "properties": { + "data": { + "$ref": "#/components/schemas/Json" + }, "id": { "format": "int64", "type": "integer" @@ -6411,25 +6509,30 @@ }, "PlaylistItem": { "properties": { + "Id": { + "format": "int64", + "type": "integer" + }, + "PlaylistId": { + "format": "int64", + "type": "integer" + }, + "order": { + "format": "int64", + "type": "integer" + }, "title": { - "description": "Title is an unused property -- it will be removed in the future", "type": "string" }, "type": { - "$ref": "#/components/schemas/PlaylistItemType" + "type": "string" }, "value": { - "description": "Value depends on type and describes the playlist item.\n\ndashboard_by_id: The value is an internal numerical identifier set by Grafana. This\nis not portable as the numerical identifier is non-deterministic between different instances.\nWill be replaced by dashboard_by_uid in the future. (deprecated)\ndashboard_by_tag: The value is a tag which is set on any number of dashboards. All\ndashboards behind the tag will be added to the playlist.\ndashboard_by_uid: The value is the dashboard UID", "type": "string" } }, - "title": "PlaylistItem defines model for playlist.Item.", "type": "object" }, - "PlaylistItemType": { - "title": "Type of the item.", - "type": "string" - }, "Playlists": { "items": { "$ref": "#/components/schemas/Playlist" @@ -7868,6 +7971,29 @@ }, "type": "object" }, + "SearchOrgUsersQueryResult": { + "properties": { + "orgUsers": { + "items": { + "$ref": "#/components/schemas/OrgUserDTO" + }, + "type": "array" + }, + "page": { + "format": "int64", + "type": "integer" + }, + "perPage": { + "format": "int64", + "type": "integer" + }, + "totalCount": { + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, "SearchTeamQueryResult": { "properties": { "page": { @@ -9034,6 +9160,9 @@ }, "UpdateAnnotationsCmd": { "properties": { + "data": { + "$ref": "#/components/schemas/Json" + }, "id": { "format": "int64", "type": "integer" @@ -9356,7 +9485,7 @@ "Email": { "type": "string" }, - "Id": { + "ID": { "format": "int64", "type": "integer" }, @@ -17890,6 +18019,46 @@ ] } }, + "/orgs/{org_id}/users/search": { + "get": { + "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `org.users:read` with scope `users:*`.", + "operationId": "searchOrgUsers", + "parameters": [ + { + "in": "path", + "name": "org_id", + "required": true, + "schema": { + "format": "int64", + "type": "integer" + } + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/searchOrgUsersResponse" + }, + "401": { + "$ref": "#/components/responses/unauthorisedError" + }, + "403": { + "$ref": "#/components/responses/forbiddenError" + }, + "500": { + "$ref": "#/components/responses/internalServerError" + } + }, + "security": [ + { + "basic": [] + } + ], + "summary": "Search Users in Organization.", + "tags": [ + "orgs" + ] + } + }, "/orgs/{org_id}/users/{user_id}": { "delete": { "description": "If you are running Grafana Enterprise and have Fine-grained access control enabled\nyou need to have a permission with action: `org.users:remove` with scope `users:*`.",