kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-05 01:45:44 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e8ebf85f59b8d88840989f30bdebdeebafddc19
nomad/website/content/api-docs/acl/roles.mdx
Phil Renaud ef7bccbd40 [ui] ACL Roles in the UI, plus Role, Policy and Token management (#17770) 
* Rename pages to include roles

* Models and adapters

* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)

* combinedPolicies as a concept

* Classic decorator on role adapter

* We added a new request for roles, so the test based on a specific order of requests got fickle fast

* Mirage roles cluster scaffolded

* Acceptance test for roles and policies on the login page

* Update mirage mock for nodes fetch to account for role policies / empty token.policies

* Roles-derived policies checks

* [ui] Access Control with Roles and Tokens (#18413)

* top level policies routes moved into access control

* A few more routes and name cleanup

* Delog and test fixes to account for new url prefix and document titles

* Overview page

* Tokens and Roles routes

* Tokens helios table

* Add a role

* Hacky role page and deletion

* New policy keyboard shortcut and roles breadcrumb nav

* If you leave New Role but havent made any changes, remove the newly-created record from store

* Roles index list and general role route crud

* Roles index actually links to roles now

* Helios button styles for new roles and policies

* Handle when you try to create a new role without having any policies

* Token editing generally

* Create Token functionality

* Cant delete self-token but management token editing and deleting is fine

* Upgrading helios caused codemirror to explode, shimmed

* Policies table fix

* without bang-element condition, modifier would refire over and over

* Token TTL or Time setting

* time will take you on

* Mirage hooks for create and list roles

* Ensure policy names only use allow characters in mirage mocks

* Mirage mocked roles and policies in the default cluster

* log and lintfix

* chromedriver to 2.1.2

* unused unit tests removed

* Nice profile dropdown

* With the HDS accordion, rename our internal component scss ref

* design revisions after discussion

* Tooltip on deleted-policy tokens

* Two-step button peripheral isDeleting gcode removed

* Never to null on token save

* copywrite headers added and empty routefiles removed

* acceptance test fixes for policies endpoint

* Route for updating a token

* Policies testfixes

* Ember on-click-outside modifier upgraded with general ember-modifier upgrade

* Test adjustments to account for new profile header dropdown

* Test adjustments for tokens via policy pages

* Removed an unused route

* Access Control index page tests

* a11y tests

* Tokens index acceptance tests generally

* Lintfix

* Token edit page tests

* Token editing tests

* New token expiration tests

* Roles Index tests

* Role editing policies tests

* A complete set of Access Control Roles tests

* Policies test

* Be more specific about which row to check for expiration time

* Nil check on expirationTime equality

* Management tokens shouldnt show No Roles/Policies, give them their own designation

* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save

* Policy unloading on delete and other todos plus autofocus conditionally re-enabled

* Invalid policies non-links now a concept for Roles index

* HDS style links to make job.variables.alert links look like links again

* Mirage finding looks weird so making model async in hash even though redundant

* Drop rsvp

* RSVP wasnt the problem, cached lookups were

* remove old todo comments

* de-log
2023-09-27 14:53:09 -04:00

341 lines
9.2 KiB
Plaintext
Raw Blame History

---
layout: api
page_title: ACL Roles - HTTP API
description: The /acl/roles endpoints are used to configure and manage ACL roles.
---
# ACL Roles HTTP API
The `/acl/roles` and `/acl/role/` endpoints are used to manage ACL Roles.
## Create Role
This endpoint creates an ACL Role. The request is always forwarded to the
authoritative region.
| Method | Path | Produces |
| ------ | ----------- | ------------------ |
| `POST` | `/acl/role` | `application/json` |
The table below shows this endpoint's support for
[blocking queries](/nomad/api-docs#blocking-queries) and
[required ACLs](/nomad/api-docs#acls).
| Blocking Queries | ACL Required |
| ---------------- | ------------ |
| `NO` | `management` |
### Parameters
- `Name` `(string: <required>)` - Specifies the human-readable name of the ACL
Role. The name can contain alphanumeric characters, dashes, and underscores.
This name must be unique and must not exceed 128 characters.
- `Description` `(string: <optional>)` - A free form human-readable description
of the ACL Role. It must not exceed 256 characters.
- `Policies` `(array<ACLRolePolicyLink>)` The list of policies that should be
applied to the role. An `ACLRolePolicyLink` is an object with a `"Name"` field
to specify a policy.
### Sample Payload
```json
{
"Name": "example-acl-role",
"Description": "my example ACL Role",
"Policies": [
{
"Name": "example-acl-policy"
}
]
}
```
### Sample Request
```shell-session
$ curl \
--request POST \
--header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \
--data @payload.json \
https://localhost:4646/v1/acl/role
```
### Sample Response
```json
{
"CreateIndex": 26,
"Description": "my example ACL Role",
"ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d",
"ModifyIndex": 26,
"Name": "example-acl-role",
"Policies": [
{
"Name": "example-acl-policy"
}
]
}
```
## Update Role
This endpoint updates an existing ACL Role. The request is always forwarded to the
authoritative region.
| Method | Path | Produces |
| ------ | -------------------- | ------------------ |
| `POST` | `/acl/role/:role_id` | `application/json` |
The table below shows this endpoint's support for
[blocking queries](/nomad/api-docs#blocking-queries) and
[required ACLs](/nomad/api-docs#acls).
| Blocking Queries | ACL Required |
| ---------------- | ------------ |
| `NO` | `management` |
### Parameters
- `ID` `(string: <required>)` - Specifies the ACL Role, by ID, that is being
updated. Must match payload body and request path.
- `Name` `(string: <required>)` - Specifies the human-readable name of the ACL
Role. The name can contain alphanumeric characters, dashes, and underscores.
This name must be unique a must not exceed 128 characters.
- `Description` `(string: <optional>)` - A free form human-readable description
of the ACL Role. It must not exceed 256 characters.
- `Policies` `(array<ACLRolePolicyLink>)` The list of policies that should be
applied to the role. An `ACLRolePolicyLink` is an object with a `"Name"` field
to specify a policy.
### Sample Payload
```json
{
"ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d",
"Name": "example-acl-role",
"Description": "my example ACL Role",
"Policies": [
{
"Name": "example-acl-policy"
}
]
}
```
### Sample Request
```shell-session
$ curl \
--request POST \
--header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \
--data @payload.json \
https://localhost:4646/v1/acl/role/77c50812-fcdd-701b-9f1a-6cf55387b09d
```
### Sample Response
```json
{
"CreateIndex": 26,
"Description": "my example ACL Role",
"ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d",
"ModifyIndex": 26,
"Name": "example-acl-role",
"Policies": [
{
"Name": "example-acl-policy"
}
]
}
```
## List Roles
This endpoint lists all ACL Roles. This lists the roles that have been replicated
to the region, and may lag behind the authoritative region.
| Method | Path | Produces |
| ------ | ------------ | ------------------ |
| `GET` | `/acl/roles` | `application/json` |
The table below shows this endpoint's support for
[blocking queries](/nomad/api-docs#blocking-queries),
[consistency modes](/nomad/api-docs#consistency-modes) and
[required ACLs](/nomad/api-docs#acls).
| Blocking Queries | Consistency Modes | ACL Required |
| ---------------- | ----------------- | -------------------------------------------------------------------------------------------------------------------------- |
| `YES` | `all` | `management` for all roles.<br />Output when given a non-management token will be limited to the roles on the token itself |
### Parameters
- `prefix` `(string: "")` - Specifies a string to filter ACL Roles based on an
ID prefix. This is specified as a query string parameter. Because the value
is decoded to bytes, the prefix must have an even number of hexadecimal
characters (`0-9a-f`).
### Sample Request
```shell-session
$ curl \
--header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \
https://localhost:4646/v1/acl/roles
```
```shell-session
$ curl \
--header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \
https://localhost:4646/v1/acl/roles?prefix=25ba81
```
### Sample Response
```json
[
{
"CreateIndex": 26,
"Description": "my example ACL Role",
"ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d",
"ModifyIndex": 26,
"Name": "example-acl-role",
"Policies": [
{
"Name": "example-acl-policy"
}
]
}
]
```
## Read Role by ID
This endpoint reads an ACL Role with the given ID. This queries the role that
has been replicated to the region, and may lag behind the authoritative region.
| Method | Path | Produces |
| ------ | -------------------- | ------------------ |
| `GET` | `/acl/role/:role_id` | `application/json` |
The table below shows this endpoint's support for
[blocking queries](/nomad/api-docs#blocking-queries),
[consistency modes](/nomad/api-docs#consistency-modes) and
[required ACLs](/nomad/api-docs#acls).
| Blocking Queries | Consistency Modes | ACL Required |
| ---------------- | ----------------- | ----------------------------------------- |
| `YES` | `all` | `management` or token with access to role |
### Parameters
- `:role_id` `(string: <required>)` - Specifies the ID of the ACL Role. This is
specified as part of the path.
### Sample Request
```shell-session
$ curl \
--header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \
https://localhost:4646/v1/acl/role/77c50812-fcdd-701b-9f1a-6cf55387b09d
```
### Sample Response
```json
{
"CreateIndex": 26,
"Description": "my example ACL Role",
"ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d",
"ModifyIndex": 26,
"Name": "example-acl-role",
"Policies": [
{
"Name": "example-acl-policy"
}
]
}
```
## Read Role by Name
This endpoint reads an ACL Role with the given name. This queries the role that
has been replicated to the region, and may lag behind the authoritative region.
| Method | Path | Produces |
| ------ | --------------------------- | ------------------ |
| `GET` | `/acl/role/name/:role_name` | `application/json` |
The table below shows this endpoint's support for
[blocking queries](/nomad/api-docs#blocking-queries),
[consistency modes](/nomad/api-docs#consistency-modes) and
[required ACLs](/nomad/api-docs#acls).
| Blocking Queries | Consistency Modes | ACL Required |
| ---------------- | ----------------- | ----------------------------------------- |
| `YES` | `all` | `management` or token with access to role |
### Parameters
- `:role_name` `(string: <required>)` - Specifies the Name of the ACL Role. This is
specified as part of the path.
### Sample Request
```shell-session
$ curl \
--header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \
https://localhost:4646/v1/acl/role/name/example-acl-role
```
### Sample Response
```json
{
"CreateIndex": 26,
"Description": "my example ACL Role",
"ID": "77c50812-fcdd-701b-9f1a-6cf55387b09d",
"ModifyIndex": 26,
"Name": "example-acl-role",
"Policies": [
{
"Name": "example-acl-policy"
}
]
}
```
## Delete Role
This endpoint deletes the ACL role as identified by the ID. This request is
always forwarded to the authoritative region.
| Method | Path | Produces |
| -------- | -------------------- | -------------- |
| `DELETE` | `/acl/role/:role_id` | `(empty body)` |
The table below shows this endpoint's support for
[blocking queries](/nomad/api-docs#blocking-queries) and
[required ACLs](/nomad/api-docs#acls).
| Blocking Queries | ACL Required |
| ---------------- | ------------ |
| `NO` | `management` |
### Parameters
- `role_id` `(string: <required>)` - Specifies the ID of role to delete and is
specified as part of the path.
### Sample Request
```shell-session
$ curl \
--request DELETE \
--header "X-Nomad-Token: <NOMAD_TOKEN_SECRET_ID>" \
https://localhost:4646/v1/acl/role/77c50812-fcdd-701b-9f1a-6cf55387b09d
```
Reference in New Issue View Git Blame Copy Permalink