2.0/openapi/sources/paths/policies/subjects.yml

# Copyright (c) 2020 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Eclipse Public License 2.0 which is available at
# http://www.eclipse.org/legal/epl-2.0
#
# SPDX-License-Identifier: EPL-2.0
get:
  summary: Retrieve all Subjects for a specific Label of a specific policy
  description: |-
    Returns all subject entries of the policy identified by the
    `policyId` path parameter, and by the `label`
    path parameter.
  tags:
    - Policies
  parameters:
    - $ref: '../../parameters/policyIdPathParam.yml'
    - $ref: '../../parameters/labelPathParam.yml'
    - $ref: '../../parameters/ifMatchHeaderParamHash.yml'
    - $ref: '../../parameters/ifNoneMatchHeaderParam.yml'
    - $ref: '../../parameters/timeoutParam.yml'
  responses:
    '200':
      description: The request successfully returned. The subjects are returned.
      headers:
        ETag:
          description: |-
            The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format
            "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]".
          schema:
            type: string
      content:
        application/json:
          schema:
            $ref: '../../schemas/policies/subjects.yml'
    '304':
      $ref: '../../responses/notModified.yml'
    '400':
      description: |-
        The request could not be completed. Possible reasons:

           * the `policyId` does not conform to the namespaced entity ID notation (see [Ditto documentation on namespaced entity IDs](https://www.eclipse.org/ditto/basic-namespaces-and-names.html#namespaced-id))
      content:
        application/json:
          schema:
            $ref: '../../schemas/errors/advancedError.yml'
    '401':
      description: The request could not be completed due to missing authentication.
      content:
        application/json:
          schema:
            $ref: '../../schemas/errors/advancedError.yml'
    '404':
      description: |-
        The request could not be completed. The policy with the given ID or
        the policy entry was not found in the context of the authenticated
        user.
      content:
        application/json:
          schema:
            $ref: '../../schemas/errors/advancedError.yml'
    '412':
      $ref: '../../responses/preconditionFailed.yml'
put:
  summary: Create or modify all Subjects for a specific Label of a specific policy
  description: |-
    Create or modify at once ALL subjects of the policy entry identified
    by the `policyId` path parameter, and by the `label` path parameter.

    ### Example - delete all subjects
    To delete all subjects set an empty body { }

    ### Example - entities authenticated by nginx
    To add a user authenticated via pre-authentication at nginx:

    ```
    {
      "nginx:ID-user": {
        "type": "pre authenticated user from nginx"
      }
    }
    ```
  tags:
    - Policies
  parameters:
    - $ref: '../../parameters/policyIdPathParam.yml'
    - $ref: '../../parameters/labelPathParam.yml'
    - $ref: '../../parameters/ifMatchHeaderParamHash.yml'
    - $ref: '../../parameters/ifNoneMatchHeaderParam.yml'
    - $ref: '../../parameters/timeoutParam.yml'
    - $ref: '../../parameters/responseRequiredParam.yml'
  responses:
    '204':
      description: The Subjects were successfully created or updated.
      headers:
        ETag:
          description: |-
            The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format
            "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]".
          schema:
            type: string
    '400':
      description: |-
        The request could not be completed. Possible reasons:

           * the `policyId` does not conform to the namespaced entity ID notation (see [Ditto documentation on namespaced entity IDs](https://www.eclipse.org/ditto/basic-namespaces-and-names.html#namespaced-id))
         * the JSON body of the policy subjects to be created/modified is invalid
      content:
        application/json:
          schema:
            $ref: '../../schemas/errors/advancedError.yml'
    '401':
      description: The request could not be completed due to missing authentication.
      content:
        application/json:
          schema:
            $ref: '../../schemas/errors/advancedError.yml'
    '403':
      description: |-
        The request could not be completed. Possible reasons:
        * the caller has insufficient permissions.
          You need `WRITE` permission on the `policy:/entries/{label}/subjects` resource,
          without any revoke in a deeper path of the policy resource.
      content:
        application/json:
          schema:
            $ref: '../../schemas/errors/advancedError.yml'
    '404':
      description: |-
        The request could not be completed. The policy with the given ID was
        not found in the context of the authenticated user.
      content:
        application/json:
          schema:
            $ref: '../../schemas/errors/advancedError.yml'
    '412':
      $ref: '../../responses/preconditionFailed.yml'
    '413':
      $ref: '../../responses/entityTooLarge.yml'
  requestBody:
    content:
      application/json:
        schema:
          $ref: '../../schemas/policies/subjects.yml'
    description: |-
      JSON representation of the Subjects.


      Use the placeholder `{{ request:subjectId }}` in order to let the
      backend insert the authenticated subjectId of the HTTP request.
    required: true