-
-
Notifications
You must be signed in to change notification settings - Fork 84
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
2 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"consumes":["application/json"],"produces":["application/json"],"schemes":["http","https"],"swagger":"2.0","info":{"description":"Ory Keto is a cloud native access control server providing best-practice patterns (RBAC, ABAC, ACL, AWS IAM Policies, Kubernetes Roles, ...) via REST APIs.","title":"ORY Keto","contact":{"name":"ORY","url":"https://www.ory.sh","email":"hi@ory.sh"},"license":{"name":"Apache 2.0","url":"https://github.com/ory/keto/blob/master/LICENSE"},"version":"v0.0.0-alpha.46"},"basePath":"/","paths":{"/engines/acp/ory/{flavor}/allowed":{"post":{"description":"Use this endpoint to check if a request is allowed or not. If the request is allowed, a 200 response with\n`{\"allowed\":\"true\"}` will be sent. If the request is denied, a 403 response with `{\"allowed\":\"false\"}` will\nbe sent instead.","consumes":["application/json"],"produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"summary":"Check if a request is allowed","operationId":"doOryAccessControlPoliciesAllow","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"name":"Body","in":"body","schema":{"$ref":"#/definitions/oryAccessControlPolicyAllowedInput"}}],"responses":{"200":{"description":"authorizationResult","schema":{"$ref":"#/definitions/authorizationResult"}},"403":{"description":"authorizationResult","schema":{"$ref":"#/definitions/authorizationResult"}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}}},"/engines/acp/ory/{flavor}/policies":{"get":{"description":"List ORY Access Control Policies","produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"operationId":"listOryAccessControlPolicies","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\"","name":"flavor","in":"path","required":true},{"type":"integer","format":"int64","description":"The maximum amount of policies returned.","name":"limit","in":"query"},{"type":"integer","format":"int64","description":"The offset from where to start looking.","name":"offset","in":"query"},{"type":"string","description":"The subject for whom the policies are to be listed.","name":"subject","in":"query"},{"type":"string","description":"The resource for which the policies are to be listed.","name":"resource","in":"query"},{"type":"string","description":"The action for which policies are to be listed.","name":"action","in":"query"}],"responses":{"200":{"description":"Policies is an array of policies.","schema":{"type":"array","items":{"$ref":"#/definitions/oryAccessControlPolicy"}}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}},"put":{"description":"Upsert an ORY Access Control Policy","consumes":["application/json"],"produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"operationId":"upsertOryAccessControlPolicy","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"name":"Body","in":"body","schema":{"$ref":"#/definitions/oryAccessControlPolicy"}}],"responses":{"200":{"description":"oryAccessControlPolicy","schema":{"$ref":"#/definitions/oryAccessControlPolicy"}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}}},"/engines/acp/ory/{flavor}/policies/{id}":{"get":{"description":"Get an ORY Access Control Policy","produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"operationId":"getOryAccessControlPolicy","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"type":"string","description":"The ID of the ORY Access Control Policy Role.","name":"id","in":"path","required":true}],"responses":{"200":{"description":"oryAccessControlPolicy","schema":{"$ref":"#/definitions/oryAccessControlPolicy"}},"404":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}},"delete":{"description":"Delete an ORY Access Control Policy","produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"operationId":"deleteOryAccessControlPolicy","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"type":"string","description":"The ID of the ORY Access Control Policy Role.","name":"id","in":"path","required":true}],"responses":{"204":{"description":"An empty response"},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}}},"/engines/acp/ory/{flavor}/roles":{"get":{"description":"Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.","produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"summary":"List ORY Access Control Policy Roles","operationId":"listOryAccessControlPolicyRoles","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\"","name":"flavor","in":"path","required":true},{"type":"integer","format":"int64","description":"The maximum amount of policies returned.","name":"limit","in":"query"},{"type":"integer","format":"int64","description":"The offset from where to start looking.","name":"offset","in":"query"},{"type":"string","description":"The member for which the roles are to be listed.","name":"member","in":"query"}],"responses":{"200":{"description":"Roles is an array of roles.","schema":{"type":"array","items":{"$ref":"#/definitions/oryAccessControlPolicyRole"}}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}},"put":{"description":"Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.","consumes":["application/json"],"produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"summary":"Upsert an ORY Access Control Policy Role","operationId":"upsertOryAccessControlPolicyRole","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"name":"Body","in":"body","schema":{"$ref":"#/definitions/oryAccessControlPolicyRole"}}],"responses":{"200":{"description":"oryAccessControlPolicyRole","schema":{"$ref":"#/definitions/oryAccessControlPolicyRole"}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}}},"/engines/acp/ory/{flavor}/roles/{id}":{"get":{"description":"Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.","produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"summary":"Get an ORY Access Control Policy Role","operationId":"getOryAccessControlPolicyRole","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"type":"string","description":"The ID of the ORY Access Control Policy Role.","name":"id","in":"path","required":true}],"responses":{"200":{"description":"oryAccessControlPolicyRole","schema":{"$ref":"#/definitions/oryAccessControlPolicyRole"}},"404":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}},"delete":{"description":"Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.","produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"summary":"Delete an ORY Access Control Policy Role","operationId":"deleteOryAccessControlPolicyRole","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"type":"string","description":"The ID of the ORY Access Control Policy Role.","name":"id","in":"path","required":true}],"responses":{"204":{"description":"An empty response"},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}}},"/engines/acp/ory/{flavor}/roles/{id}/members":{"put":{"description":"Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.","consumes":["application/json"],"produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"summary":"Add a member to an ORY Access Control Policy Role","operationId":"addOryAccessControlPolicyRoleMembers","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"type":"string","description":"The ID of the ORY Access Control Policy Role.","name":"id","in":"path","required":true},{"name":"Body","in":"body","schema":{"$ref":"#/definitions/addOryAccessControlPolicyRoleMembersBody"}}],"responses":{"200":{"description":"oryAccessControlPolicyRole","schema":{"$ref":"#/definitions/oryAccessControlPolicyRole"}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}}},"/engines/acp/ory/{flavor}/roles/{id}/members/{member}":{"delete":{"description":"Roles group several subjects into one. Rules can be assigned to ORY Access Control Policy (OACP) by using the Role ID\nas subject in the OACP.","consumes":["application/json"],"produces":["application/json"],"schemes":["http","https"],"tags":["engines"],"summary":"Remove a member from an ORY Access Control Policy Role","operationId":"removeOryAccessControlPolicyRoleMembers","parameters":[{"type":"string","description":"The ORY Access Control Policy flavor. Can be \"regex\", \"glob\", and \"exact\".","name":"flavor","in":"path","required":true},{"type":"string","description":"The ID of the ORY Access Control Policy Role.","name":"id","in":"path","required":true},{"type":"string","description":"The member to be removed.","name":"member","in":"path","required":true}],"responses":{"200":{"description":"An empty response"},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}}},"/health/alive":{"get":{"description":"This endpoint returns a 200 status code when the HTTP server is up running.\nThis status does currently not include checks whether the database connection is working.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.","produces":["application/json"],"tags":["health"],"summary":"Check alive status","operationId":"isInstanceAlive","responses":{"200":{"description":"healthStatus","schema":{"$ref":"#/definitions/healthStatus"}},"500":{"description":"The standard error format","schema":{"type":"object","properties":{"code":{"type":"integer","format":"int64"},"details":{"type":"array","items":{"type":"object","additionalProperties":true}},"message":{"type":"string"},"reason":{"type":"string"},"request":{"type":"string"},"status":{"type":"string"}}}}}}},"/health/ready":{"get":{"description":"This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g.\nthe database) are responsive as well.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.","produces":["application/json"],"tags":["health"],"summary":"Check readiness status","operationId":"isInstanceReady","responses":{"200":{"description":"healthStatus","schema":{"$ref":"#/definitions/healthStatus"}},"503":{"description":"healthNotReadyStatus","schema":{"$ref":"#/definitions/healthNotReadyStatus"}}}}},"/version":{"get":{"description":"This endpoint returns the service version typically notated using semantic versioning.\n\nIf the service supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware that if you are running multiple nodes of this service, the health status will never\nrefer to the cluster state, only to a single instance.","produces":["application/json"],"tags":["version"],"summary":"Get service version","operationId":"getVersion","responses":{"200":{"description":"version","schema":{"$ref":"#/definitions/version"}}}}}},"definitions":{"UUID":{"type":"string","format":"uuid4"},"addOryAccessControlPolicyRoleMembersBody":{"type":"object","properties":{"members":{"description":"The members to be added.","type":"array","items":{"type":"string"}}}},"authorizationResult":{"type":"object","title":"AuthorizationResult is the result of an access control decision. It contains the decision outcome.","required":["allowed"],"properties":{"allowed":{"description":"Allowed is true if the request should be allowed and false otherwise.","type":"boolean"}}},"healthNotReadyStatus":{"type":"object","properties":{"errors":{"description":"Errors contains a list of errors that caused the not ready status.","type":"object","additionalProperties":{"type":"string"}}}},"healthStatus":{"type":"object","properties":{"status":{"description":"Status always contains \"ok\".","type":"string"}}},"oryAccessControlPolicy":{"type":"object","title":"oryAccessControlPolicy specifies an ORY Access Policy document.","properties":{"actions":{"description":"Actions is an array representing all the actions this ORY Access Policy applies to.","type":"array","items":{"type":"string"}},"conditions":{"description":"Conditions represents a keyed object of conditions under which this ORY Access Policy is active.","type":"object","additionalProperties":true},"description":{"description":"Description is an optional, human-readable description.","type":"string"},"effect":{"description":"Effect is the effect of this ORY Access Policy. It can be \"allow\" or \"deny\".","type":"string"},"id":{"description":"ID is the unique identifier of the ORY Access Policy. It is used to query, update, and remove the ORY Access Policy.","type":"string"},"resources":{"description":"Resources is an array representing all the resources this ORY Access Policy applies to.","type":"array","items":{"type":"string"}},"subjects":{"description":"Subjects is an array representing all the subjects this ORY Access Policy applies to.","type":"array","items":{"type":"string"}}}},"oryAccessControlPolicyAllowedInput":{"type":"object","title":"Input for checking if a request is allowed or not.","properties":{"action":{"description":"Action is the action that is requested on the resource.","type":"string"},"context":{"description":"Context is the request's environmental context.","type":"object","additionalProperties":true},"resource":{"description":"Resource is the resource that access is requested to.","type":"string"},"subject":{"description":"Subject is the subject that is requesting access.","type":"string"}}},"oryAccessControlPolicyRole":{"description":"oryAccessControlPolicyRole represents a group of users that share the same role. A role could be an administrator, a moderator, a regular\nuser or some other sort of role.","type":"object","properties":{"id":{"description":"ID is the role's unique id.","type":"string"},"members":{"description":"Members is who belongs to the role.","type":"array","items":{"type":"string"}}}},"version":{"type":"object","properties":{"version":{"description":"Version is the service's version.","type":"string"}}}}} |