IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix(swagger): Add new access control endpoints (#80053)

Browse Source 
There were a few errors that prevented these endpoints (which are the most up-to-date ones) from being present in the openapi spec:
- The `enterprise` tag excluded the endpoints from being generated
- `okRespoonse` typo
- Invalid templating on the parameters
- Missing parameter structs
This commit is contained in:
Julien Duchesne 2024-01-05 08:12:01 -05:00 committed by GitHub
parent 47b986606e
commit 5e74c19628
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 1112 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
pkg/services/accesscontrol/resourcepermissions/api.go
View File

@ -63,6 +63,13 @@ type Assignments struct {
BuiltInRoles bool `json:"builtInRoles"` BuiltInRoles bool `json:"builtInRoles"`
} }
// swagger:parameters getResourceDescription
type GetResourceDescriptionParams struct {
// in:path
// required:true
Resource string `json:"resource"`
}
// swagger:response resourcePermissionsDescription // swagger:response resourcePermissionsDescription
type DescriptionResponse struct { type DescriptionResponse struct {
// in:body // in:body
@ -75,7 +82,7 @@ type Description struct {
Permissions []string `json:"permissions"` Permissions []string `json:"permissions"`
} }
// swagger:route POST /access-control/:resource/description enterprise,access_control getResourceDescription // swagger:route POST /access-control/{resource}/description access_control getResourceDescription
// //
// Get a description of a resource's access control properties. // Get a description of a resource's access control properties.
// //
@ -107,10 +114,21 @@ type resourcePermissionDTO struct {
Permission string `json:"permission"` Permission string `json:"permission"`
} }
// swagger:parameters getResourcePermissions
type GetResourcePermissionsParams struct {
// in:path
// required:true
Resource string `json:"resource"`
// in:path
// required:true
ResourceID string `json:"resourceID"`
}
// swagger:response getResourcePermissionsResponse // swagger:response getResourcePermissionsResponse
type getResourcePermissionsResponse []resourcePermissionDTO type getResourcePermissionsResponse []resourcePermissionDTO
// swagger:route POST /access-control/:resource/:resourceID enterprise,access_control getResourcePermissions // swagger:route POST /access-control/{resource}/{resourceID} access_control getResourcePermissions
// //
// Get permissions for a resource. // Get permissions for a resource.
// //
@ -172,16 +190,35 @@ type setPermissionsCommand struct {
Permissions []accesscontrol.SetResourcePermissionCommand `json:"permissions"` Permissions []accesscontrol.SetResourcePermissionCommand `json:"permissions"`
} }
// swagger:route POST /access-control/:resource/:resourceID/users/:userID enterprise,access_control setResourcePermissionsForUser // swagger:parameters setResourcePermissionsForUser
type SetResourcePermissionsForUserParams struct {
// in:path
// required:true
Resource string `json:"resource"`
// in:path
// required:true
ResourceID string `json:"resourceID"`
// in:path
// required:true
UserID int64 `json:"userID"`
// in:body
// required:true
Body setPermissionCommand
}
// swagger:route POST /access-control/{resource}/{resourceID}/users/{userID} access_control setResourcePermissionsForUser
// //
// Set resource permissions for a user. // Set resource permissions for a user.
// //
// Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a user or a service account. // Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a user or a service account.
// Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`. // Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.
// Refer to the `/access-control/:resource/description` endpoint for allowed Permissions. // Refer to the `/access-control/{resource}/description` endpoint for allowed Permissions.
// //
// Responses: // Responses:
// 200: okRespoonse // 200: okResponse
// 400: badRequestError // 400: badRequestError
// 403: forbiddenError // 403: forbiddenError
// 500: internalServerError // 500: internalServerError
@ -205,16 +242,35 @@ func (a *api) setUserPermission(c *contextmodel.ReqContext) response.Response {
return permissionSetResponse(cmd) return permissionSetResponse(cmd)
} }
// swagger:route POST /access-control/:resource/:resourceID/teams/:teamID enterprise,access_control setResourcePermissionsForTeam // swagger:parameters setResourcePermissionsForTeam
type SetResourcePermissionsForTeamParams struct {
// in:path
// required:true
Resource string `json:"resource"`
// in:path
// required:true
ResourceID string `json:"resourceID"`
// in:path
// required:true
TeamID int64 `json:"teamID"`
// in:body
// required:true
Body setPermissionCommand
}
// swagger:route POST /access-control/{resource}/{resourceID}/teams/{teamID} access_control setResourcePermissionsForTeam
// //
// Set resource permissions for a team. // Set resource permissions for a team.
// //
// Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a team. // Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a team.
// Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`. // Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.
// Refer to the `/access-control/:resource/description` endpoint for allowed Permissions. // Refer to the `/access-control/{resource}/description` endpoint for allowed Permissions.
// //
// Responses: // Responses:
// 200: okRespoonse // 200: okResponse
// 400: badRequestError // 400: badRequestError
// 403: forbiddenError // 403: forbiddenError
// 500: internalServerError // 500: internalServerError
@ -238,16 +294,35 @@ func (a *api) setTeamPermission(c *contextmodel.ReqContext) response.Response {
return permissionSetResponse(cmd) return permissionSetResponse(cmd)
} }
// swagger:route POST /access-control/:resource/:resourceID/builtInRoles/:builtInRole enterprise,access_control setResourcePermissionsForBuiltInRole // swagger:parameters setResourcePermissionsForBuiltInRole
type SetResourcePermissionsForBuiltInRoleParams struct {
// in:path
// required:true
Resource string `json:"resource"`
// in:path
// required:true
ResourceID string `json:"resourceID"`
// in:path
// required:true
BuiltInRole string `json:"builtInRole"`
// in:body
// required:true
Body setPermissionCommand
}
// swagger:route POST /access-control/{resource}/{resourceID}/builtInRoles/{builtInRole} access_control setResourcePermissionsForBuiltInRole
// //
// Set resource permissions for a built-in role. // Set resource permissions for a built-in role.
// //
// Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a built-in role. // Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a built-in role.
// Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`. // Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.
// Refer to the `/access-control/:resource/description` endpoint for allowed Permissions. // Refer to the `/access-control/{resource}/description` endpoint for allowed Permissions.
// //
// Responses: // Responses:
// 200: okRespoonse // 200: okResponse
// 400: badRequestError // 400: badRequestError
// 403: forbiddenError // 403: forbiddenError
// 500: internalServerError // 500: internalServerError
@ -268,16 +343,31 @@ func (a *api) setBuiltinRolePermission(c *contextmodel.ReqContext) response.Resp
return permissionSetResponse(cmd) return permissionSetResponse(cmd)
} }
// swagger:route POST /access-control/:resource/:resourceID enterprise,access_control setResourcePermissions // swagger:parameters setResourcePermissions
type SetResourcePermissionsParams struct {
// in:path
// required:true
Resource string `json:"resource"`
// in:path
// required:true
ResourceID string `json:"resourceID"`
// in:body
// required:true
Body setPermissionsCommand
}
// swagger:route POST /access-control/{resource}/{resourceID} access_control setResourcePermissions
// //
// Set resource permissions. // Set resource permissions.
// //
// Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to one or many // Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to one or many
// assignment types. Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`. // assignment types. Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.
// Refer to the `/access-control/:resource/description` endpoint for allowed Permissions. // Refer to the `/access-control/{resource}/description` endpoint for allowed Permissions.
// //
// Responses: // Responses:
// 200: okRespoonse // 200: okResponse
// 400: badRequestError // 400: badRequestError
// 403: forbiddenError // 403: forbiddenError
// 500: internalServerError // 500: internalServerError

166
public/api-enterprise-spec.json
View File

@ -318,6 +318,41 @@
} }
} }
}, },
"/access-control/teams/roles/search": {
"post": {
"description": "Lists the roles that have been directly assigned to the given teams.\n\nYou need to have a permission with action `teams.roles:read` and scope `teams:id:*`.",
"tags": [
"access_control",
"enterprise"
],
"summary": "List roles assigned to multiple teams.",
"operationId": "listTeamsRoles",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/RolesSearchQuery"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/listTeamsRolesResponse"
},
"400": {
"$ref": "#/responses/badRequestError"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/access-control/teams/{teamId}/roles": { "/access-control/teams/{teamId}/roles": {
"get": { "get": {
"description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.", "description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.",
@ -473,6 +508,41 @@
} }
} }
}, },
"/access-control/users/roles/search": {
"post": {
"description": "Lists the roles that have been directly assigned to the given users. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:*`.",
"tags": [
"access_control",
"enterprise"
],
"summary": "List roles assigned to multiple users.",
"operationId": "listUsersRoles",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/RolesSearchQuery"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/listUsersRolesResponse"
},
"400": {
"$ref": "#/responses/badRequestError"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/access-control/users/{userId}/roles": { "/access-control/users/{userId}/roles": {
"get": { "get": {
"description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.", "description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.",
@ -1881,6 +1951,10 @@
"type": "integer", "type": "integer",
"format": "int64" "format": "int64"
}, },
"active_anonymous_devices": {
"type": "integer",
"format": "int64"
},
"active_users": { "active_users": {
"type": "integer", "type": "integer",
"format": "int64" "format": "int64"
@ -6402,6 +6476,32 @@
} }
} }
}, },
"RolesSearchQuery": {
"type": "object",
"properties": {
"includeHidden": {
"type": "boolean"
},
"orgId": {
"type": "integer",
"format": "int64"
},
"teamIds": {
"type": "array",
"items": {
"type": "integer",
"format": "int64"
}
},
"userIds": {
"type": "array",
"items": {
"type": "integer",
"format": "int64"
}
}
}
},
"SSOSettings": { "SSOSettings": {
"type": "object", "type": "object",
"properties": { "properties": {
@ -6716,6 +6816,25 @@
} }
} }
}, },
"SetResourcePermissionCommand": {
"type": "object",
"properties": {
"builtInRole": {
"type": "string"
},
"permission": {
"type": "string"
},
"teamId": {
"type": "integer",
"format": "int64"
},
"userId": {
"type": "integer",
"format": "int64"
}
}
},
"SetRoleAssignmentsCommand": { "SetRoleAssignmentsCommand": {
"type": "object", "type": "object",
"properties": { "properties": {
@ -7064,6 +7183,10 @@
"account": { "account": {
"type": "string" "type": "string"
}, },
"anonymousRatio": {
"type": "integer",
"format": "int64"
},
"company": { "company": {
"type": "string" "type": "string"
}, },
@ -8016,6 +8139,25 @@
"type": "string" "type": "string"
} }
} }
},
"setPermissionCommand": {
"type": "object",
"properties": {
"permission": {
"type": "string"
}
}
},
"setPermissionsCommand": {
"type": "object",
"properties": {
"permissions": {
"type": "array",
"items": {
"$ref": "#/definitions/SetResourcePermissionCommand"
}
}
}
} }
}, },
"responses": { "responses": {
@ -8995,6 +9137,18 @@
} }
} }
}, },
"listTeamsRolesResponse": {
"description": "",
"schema": {
"type": "object",
"additionalProperties": {
"type": "array",
"items": {
"$ref": "#/definitions/RoleDTO"
}
}
}
},
"listTokensResponse": { "listTokensResponse": {
"description": "", "description": "",
"schema": { "schema": {
@ -9004,6 +9158,18 @@
} }
} }
}, },
"listUsersRolesResponse": {
"description": "",
"schema": {
"type": "object",
"additionalProperties": {
"type": "array",
"items": {
"$ref": "#/definitions/RoleDTO"
}
}
}
},
"notFoundError": { "notFoundError": {
"description": "NotFoundError is returned when the requested resource was not found.", "description": "NotFoundError is returned when the requested resource was not found.",
"schema": { "schema": {

398
public/api-merged.json
View File

@ -318,6 +318,41 @@
} }
} }
}, },
"/access-control/teams/roles/search": {
"post": {
"description": "Lists the roles that have been directly assigned to the given teams.\n\nYou need to have a permission with action `teams.roles:read` and scope `teams:id:*`.",
"tags": [
"access_control",
"enterprise"
],
"summary": "List roles assigned to multiple teams.",
"operationId": "listTeamsRoles",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/RolesSearchQuery"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/listTeamsRolesResponse"
},
"400": {
"$ref": "#/responses/badRequestError"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/access-control/teams/{teamId}/roles": { "/access-control/teams/{teamId}/roles": {
"get": { "get": {
"description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.", "description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.",
@ -473,6 +508,41 @@
} }
} }
}, },
"/access-control/users/roles/search": {
"post": {
"description": "Lists the roles that have been directly assigned to the given users. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:*`.",
"tags": [
"access_control",
"enterprise"
],
"summary": "List roles assigned to multiple users.",
"operationId": "listUsersRoles",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/RolesSearchQuery"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/listUsersRolesResponse"
},
"400": {
"$ref": "#/responses/badRequestError"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/access-control/users/{userId}/roles": { "/access-control/users/{userId}/roles": {
"get": { "get": {
"description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.", "description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.",
@ -639,6 +709,238 @@
} }
} }
}, },
"/access-control/{resource}/description": {
"post": {
"tags": [
"access_control"
],
"summary": "Get a description of a resource's access control properties.",
"operationId": "getResourceDescription",
"parameters": [
{
"type": "string",
"name": "resource",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"$ref": "#/responses/resourcePermissionsDescription"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/access-control/{resource}/{resourceID}": {
"post": {
"description": "Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to one or many\nassignment types. Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.\nRefer to the `/access-control/{resource}/description` endpoint for allowed Permissions.",
"tags": [
"access_control"
],
"summary": "Set resource permissions.",
"operationId": "setResourcePermissions",
"parameters": [
{
"type": "string",
"name": "resource",
"in": "path",
"required": true
},
{
"type": "string",
"name": "resourceID",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/setPermissionsCommand"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/okResponse"
},
"400": {
"$ref": "#/responses/badRequestError"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/access-control/{resource}/{resourceID}/builtInRoles/{builtInRole}": {
"post": {
"description": "Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a built-in role.\nAllowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.\nRefer to the `/access-control/{resource}/description` endpoint for allowed Permissions.",
"tags": [
"access_control"
],
"summary": "Set resource permissions for a built-in role.",
"operationId": "setResourcePermissionsForBuiltInRole",
"parameters": [
{
"type": "string",
"name": "resource",
"in": "path",
"required": true
},
{
"type": "string",
"name": "resourceID",
"in": "path",
"required": true
},
{
"type": "string",
"name": "builtInRole",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/setPermissionCommand"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/okResponse"
},
"400": {
"$ref": "#/responses/badRequestError"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/access-control/{resource}/{resourceID}/teams/{teamID}": {
"post": {
"description": "Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a team.\nAllowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.\nRefer to the `/access-control/{resource}/description` endpoint for allowed Permissions.",
"tags": [
"access_control"
],
"summary": "Set resource permissions for a team.",
"operationId": "setResourcePermissionsForTeam",
"parameters": [
{
"type": "string",
"name": "resource",
"in": "path",
"required": true
},
{
"type": "string",
"name": "resourceID",
"in": "path",
"required": true
},
{
"type": "integer",
"format": "int64",
"name": "teamID",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/setPermissionCommand"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/okResponse"
},
"400": {
"$ref": "#/responses/badRequestError"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/access-control/{resource}/{resourceID}/users/{userID}": {
"post": {
"description": "Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a user or a service account.\nAllowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.\nRefer to the `/access-control/{resource}/description` endpoint for allowed Permissions.",
"tags": [
"access_control"
],
"summary": "Set resource permissions for a user.",
"operationId": "setResourcePermissionsForUser",
"parameters": [
{
"type": "string",
"name": "resource",
"in": "path",
"required": true
},
{
"type": "string",
"name": "resourceID",
"in": "path",
"required": true
},
{
"type": "integer",
"format": "int64",
"name": "userID",
"in": "path",
"required": true
},
{
"name": "Body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/setPermissionCommand"
}
}
],
"responses": {
"200": {
"$ref": "#/responses/okResponse"
},
"400": {
"$ref": "#/responses/badRequestError"
},
"403": {
"$ref": "#/responses/forbiddenError"
},
"500": {
"$ref": "#/responses/internalServerError"
}
}
}
},
"/admin/ldap-sync-status": { "/admin/ldap-sync-status": {
"get": { "get": {
"description": "You need to have a permission with action `ldap.status:read`.", "description": "You need to have a permission with action `ldap.status:read`.",
@ -11126,6 +11428,10 @@
"type": "integer", "type": "integer",
"format": "int64" "format": "int64"
}, },
"active_anonymous_devices": {
"type": "integer",
"format": "int64"
},
"active_users": { "active_users": {
"type": "integer", "type": "integer",
"format": "int64" "format": "int64"
@ -18287,6 +18593,32 @@
} }
} }
}, },
"RolesSearchQuery": {
"type": "object",
"properties": {
"includeHidden": {
"type": "boolean"
},
"orgId": {
"type": "integer",
"format": "int64"
},
"teamIds": {
"type": "array",
"items": {
"type": "integer",
"format": "int64"
}
},
"userIds": {
"type": "array",
"items": {
"type": "integer",
"format": "int64"
}
}
}
},
"Route": { "Route": {
"description": "A Route is a node that contains definitions of how to handle alerts. This is modified\nfrom the upstream alertmanager in that it adds the ObjectMatchers property.", "description": "A Route is a node that contains definitions of how to handle alerts. This is modified\nfrom the upstream alertmanager in that it adds the ObjectMatchers property.",
"type": "object", "type": "object",
@ -18929,6 +19261,25 @@
} }
} }
}, },
"SetResourcePermissionCommand": {
"type": "object",
"properties": {
"builtInRole": {
"type": "string"
},
"permission": {
"type": "string"
},
"teamId": {
"type": "integer",
"format": "int64"
},
"userId": {
"type": "integer",
"format": "int64"
}
}
},
"SetRoleAssignmentsCommand": { "SetRoleAssignmentsCommand": {
"type": "object", "type": "object",
"properties": { "properties": {
@ -19755,6 +20106,10 @@
"account": { "account": {
"type": "string" "type": "string"
}, },
"anonymousRatio": {
"type": "integer",
"format": "int64"
},
"company": { "company": {
"type": "string" "type": "string"
}, },
@ -21342,6 +21697,25 @@
} }
} }
}, },
"setPermissionCommand": {
"type": "object",
"properties": {
"permission": {
"type": "string"
}
}
},
"setPermissionsCommand": {
"type": "object",
"properties": {
"permissions": {
"type": "array",
"items": {
"$ref": "#/definitions/SetResourcePermissionCommand"
}
}
}
},
"silence": { "silence": {
"description": "Silence silence", "description": "Silence silence",
"type": "object", "type": "object",
@ -22432,6 +22806,18 @@
} }
} }
}, },
"listTeamsRolesResponse": {
"description": "(empty)",
"schema": {
"type": "object",
"additionalProperties": {
"type": "array",
"items": {
"$ref": "#/definitions/RoleDTO"
}
}
}
},
"listTokensResponse": { "listTokensResponse": {
"description": "(empty)", "description": "(empty)",
"schema": { "schema": {
@ -22441,6 +22827,18 @@
} }
} }
}, },
"listUsersRolesResponse": {
"description": "(empty)",
"schema": {
"type": "object",
"additionalProperties": {
"type": "array",
"items": {
"$ref": "#/definitions/RoleDTO"
}
}
}
},
"notFoundError": { "notFoundError": {
"description": "NotFoundError is returned when the requested resource was not found.", "description": "NotFoundError is returned when the requested resource was not found.",
"schema": { "schema": {

444
public/openapi3.json
View File

@ -1437,6 +1437,22 @@
}, },
"description": "(empty)" "description": "(empty)"
}, },
"listTeamsRolesResponse": {
"content": {
"application/json": {
"schema": {
"additionalProperties": {
"items": {
"$ref": "#/components/schemas/RoleDTO"
},
"type": "array"
},
"type": "object"
}
}
},
"description": "(empty)"
},
"listTokensResponse": { "listTokensResponse": {
"content": { "content": {
"application/json": { "application/json": {
@ -1450,6 +1466,22 @@
}, },
"description": "(empty)" "description": "(empty)"
}, },
"listUsersRolesResponse": {
"content": {
"application/json": {
"schema": {
"additionalProperties": {
"items": {
"$ref": "#/components/schemas/RoleDTO"
},
"type": "array"
},
"type": "object"
}
}
},
"description": "(empty)"
},
"notFoundError": { "notFoundError": {
"content": { "content": {
"application/json": { "application/json": {
@ -1997,6 +2029,10 @@
"format": "int64", "format": "int64",
"type": "integer" "type": "integer"
}, },
"active_anonymous_devices": {
"format": "int64",
"type": "integer"
},
"active_users": { "active_users": {
"format": "int64", "format": "int64",
"type": "integer" "type": "integer"
@ -9158,6 +9194,32 @@
}, },
"type": "object" "type": "object"
}, },
"RolesSearchQuery": {
"properties": {
"includeHidden": {
"type": "boolean"
},
"orgId": {
"format": "int64",
"type": "integer"
},
"teamIds": {
"items": {
"format": "int64",
"type": "integer"
},
"type": "array"
},
"userIds": {
"items": {
"format": "int64",
"type": "integer"
},
"type": "array"
}
},
"type": "object"
},
"Route": { "Route": {
"description": "A Route is a node that contains definitions of how to handle alerts. This is modified\nfrom the upstream alertmanager in that it adds the ObjectMatchers property.", "description": "A Route is a node that contains definitions of how to handle alerts. This is modified\nfrom the upstream alertmanager in that it adds the ObjectMatchers property.",
"properties": { "properties": {
@ -9799,6 +9861,25 @@
}, },
"type": "object" "type": "object"
}, },
"SetResourcePermissionCommand": {
"properties": {
"builtInRole": {
"type": "string"
},
"permission": {
"type": "string"
},
"teamId": {
"format": "int64",
"type": "integer"
},
"userId": {
"format": "int64",
"type": "integer"
}
},
"type": "object"
},
"SetRoleAssignmentsCommand": { "SetRoleAssignmentsCommand": {
"properties": { "properties": {
"service_accounts": { "service_accounts": {
@ -10624,6 +10705,10 @@
"account": { "account": {
"type": "string" "type": "string"
}, },
"anonymousRatio": {
"format": "int64",
"type": "integer"
},
"company": { "company": {
"type": "string" "type": "string"
}, },
@ -12212,6 +12297,25 @@
}, },
"type": "object" "type": "object"
}, },
"setPermissionCommand": {
"properties": {
"permission": {
"type": "string"
}
},
"type": "object"
},
"setPermissionsCommand": {
"properties": {
"permissions": {
"items": {
"$ref": "#/components/schemas/SetResourcePermissionCommand"
},
"type": "array"
}
},
"type": "object"
},
"silence": { "silence": {
"description": "Silence silence", "description": "Silence silence",
"properties": { "properties": {
@ -12644,6 +12748,42 @@
] ]
} }
}, },
"/access-control/teams/roles/search": {
"post": {
"description": "Lists the roles that have been directly assigned to the given teams.\n\nYou need to have a permission with action `teams.roles:read` and scope `teams:id:*`.",
"operationId": "listTeamsRoles",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RolesSearchQuery"
}
}
},
"required": true,
"x-originalParamName": "body"
},
"responses": {
"200": {
"$ref": "#/components/responses/listTeamsRolesResponse"
},
"400": {
"$ref": "#/components/responses/badRequestError"
},
"403": {
"$ref": "#/components/responses/forbiddenError"
},
"500": {
"$ref": "#/components/responses/internalServerError"
}
},
"summary": "List roles assigned to multiple teams.",
"tags": [
"access_control",
"enterprise"
]
}
},
"/access-control/teams/{teamId}/roles": { "/access-control/teams/{teamId}/roles": {
"get": { "get": {
"description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.", "description": "You need to have a permission with action `teams.roles:read` and scope `teams:id:\u003cteam ID\u003e`.",
@ -12812,6 +12952,42 @@
] ]
} }
}, },
"/access-control/users/roles/search": {
"post": {
"description": "Lists the roles that have been directly assigned to the given users. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:*`.",
"operationId": "listUsersRoles",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RolesSearchQuery"
}
}
},
"required": true,
"x-originalParamName": "body"
},
"responses": {
"200": {
"$ref": "#/components/responses/listUsersRolesResponse"
},
"400": {
"$ref": "#/components/responses/badRequestError"
},
"403": {
"$ref": "#/components/responses/forbiddenError"
},
"500": {
"$ref": "#/components/responses/internalServerError"
}
},
"summary": "List roles assigned to multiple users.",
"tags": [
"access_control",
"enterprise"
]
}
},
"/access-control/users/{userId}/roles": { "/access-control/users/{userId}/roles": {
"get": { "get": {
"description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.", "description": "Lists the roles that have been directly assigned to a given user. The list does not include built-in roles (Viewer, Editor, Admin or Grafana Admin), and it does not include roles that have been inherited from a team.\n\nYou need to have a permission with action `users.roles:read` and scope `users:id:\u003cuser ID\u003e`.",
@ -12996,6 +13172,274 @@
] ]
} }
}, },
"/access-control/{resource}/description": {
"post": {
"operationId": "getResourceDescription",
"parameters": [
{
"in": "path",
"name": "resource",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"$ref": "#/components/responses/resourcePermissionsDescription"
},
"403": {
"$ref": "#/components/responses/forbiddenError"
},
"500": {
"$ref": "#/components/responses/internalServerError"
}
},
"summary": "Get a description of a resource's access control properties.",
"tags": [
"access_control"
]
}
},
"/access-control/{resource}/{resourceID}": {
"post": {
"description": "Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to one or many\nassignment types. Allowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.\nRefer to the `/access-control/{resource}/description` endpoint for allowed Permissions.",
"operationId": "setResourcePermissions",
"parameters": [
{
"in": "path",
"name": "resource",
"required": true,
"schema": {
"type": "string"
}
},
{
"in": "path",
"name": "resourceID",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setPermissionsCommand"
}
}
},
"required": true,
"x-originalParamName": "Body"
},
"responses": {
"200": {
"$ref": "#/components/responses/okResponse"
},
"400": {
"$ref": "#/components/responses/badRequestError"
},
"403": {
"$ref": "#/components/responses/forbiddenError"
},
"500": {
"$ref": "#/components/responses/internalServerError"
}
},
"summary": "Set resource permissions.",
"tags": [
"access_control"
]
}
},
"/access-control/{resource}/{resourceID}/builtInRoles/{builtInRole}": {
"post": {
"description": "Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a built-in role.\nAllowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.\nRefer to the `/access-control/{resource}/description` endpoint for allowed Permissions.",
"operationId": "setResourcePermissionsForBuiltInRole",
"parameters": [
{
"in": "path",
"name": "resource",
"required": true,
"schema": {
"type": "string"
}
},
{
"in": "path",
"name": "resourceID",
"required": true,
"schema": {
"type": "string"
}
},
{
"in": "path",
"name": "builtInRole",
"required": true,
"schema": {
"type": "string"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setPermissionCommand"
}
}
},
"required": true,
"x-originalParamName": "Body"
},
"responses": {
"200": {
"$ref": "#/components/responses/okResponse"
},
"400": {
"$ref": "#/components/responses/badRequestError"
},
"403": {
"$ref": "#/components/responses/forbiddenError"
},
"500": {
"$ref": "#/components/responses/internalServerError"
}
},
"summary": "Set resource permissions for a built-in role.",
"tags": [
"access_control"
]
}
},
"/access-control/{resource}/{resourceID}/teams/{teamID}": {
"post": {
"description": "Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a team.\nAllowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.\nRefer to the `/access-control/{resource}/description` endpoint for allowed Permissions.",
"operationId": "setResourcePermissionsForTeam",
"parameters": [
{
"in": "path",
"name": "resource",
"required": true,
"schema": {
"type": "string"
}
},
{
"in": "path",
"name": "resourceID",
"required": true,
"schema": {
"type": "string"
}
},
{
"in": "path",
"name": "teamID",
"required": true,
"schema": {
"format": "int64",
"type": "integer"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setPermissionCommand"
}
}
},
"required": true,
"x-originalParamName": "Body"
},
"responses": {
"200": {
"$ref": "#/components/responses/okResponse"
},
"400": {
"$ref": "#/components/responses/badRequestError"
},
"403": {
"$ref": "#/components/responses/forbiddenError"
},
"500": {
"$ref": "#/components/responses/internalServerError"
}
},
"summary": "Set resource permissions for a team.",
"tags": [
"access_control"
]
}
},
"/access-control/{resource}/{resourceID}/users/{userID}": {
"post": {
"description": "Assigns permissions for a resource by a given type (`:resource`) and `:resourceID` to a user or a service account.\nAllowed resources are `datasources`, `teams`, `dashboards`, `folders`, and `serviceaccounts`.\nRefer to the `/access-control/{resource}/description` endpoint for allowed Permissions.",
"operationId": "setResourcePermissionsForUser",
"parameters": [
{
"in": "path",
"name": "resource",
"required": true,
"schema": {
"type": "string"
}
},
{
"in": "path",
"name": "resourceID",
"required": true,
"schema": {
"type": "string"
}
},
{
"in": "path",
"name": "userID",
"required": true,
"schema": {
"format": "int64",
"type": "integer"
}
}
],
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/setPermissionCommand"
}
}
},
"required": true,
"x-originalParamName": "Body"
},
"responses": {
"200": {
"$ref": "#/components/responses/okResponse"
},
"400": {
"$ref": "#/components/responses/badRequestError"
},
"403": {
"$ref": "#/components/responses/forbiddenError"
},
"500": {
"$ref": "#/components/responses/internalServerError"
}
},
"summary": "Set resource permissions for a user.",
"tags": [
"access_control"
]
}
},
"/admin/ldap-sync-status": { "/admin/ldap-sync-status": {
"get": { "get": {
"description": "You need to have a permission with action `ldap.status:read`.", "description": "You need to have a permission with action `ldap.status:read`.",