| # Copyright (c) 2020 Contributors to the Eclipse Foundation |
| # |
| # See the NOTICE file(s) distributed with this work for additional |
| # information regarding copyright ownership. |
| # |
| # This program and the accompanying materials are made available under the |
| # terms of the Eclipse Public License 2.0 which is available at |
| # http://www.eclipse.org/legal/epl-2.0 |
| # |
| # SPDX-License-Identifier: EPL-2.0 |
| get: |
| summary: Retrieve all Subjects for a specific Label of a specific policy |
| description: |- |
| Returns all subject entries of the policy identified by the |
| `policyId` path parameter, and by the `label` |
| path parameter. |
| tags: |
| - Policies |
| parameters: |
| - $ref: '../../parameters/policyIdPathParam.yml' |
| - $ref: '../../parameters/labelPathParam.yml' |
| - $ref: '../../parameters/ifMatchHeaderParamHash.yml' |
| - $ref: '../../parameters/ifNoneMatchHeaderParam.yml' |
| - $ref: '../../parameters/timeoutParam.yml' |
| responses: |
| '200': |
| description: The request successfully returned. The subjects are returned. |
| headers: |
| ETag: |
| description: |- |
| The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format |
| "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". |
| schema: |
| type: string |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/policies/subjects.yml' |
| '304': |
| $ref: '../../responses/notModified.yml' |
| '400': |
| description: |- |
| The request could not be completed. Possible reasons: |
| |
| * the `policyId` does not conform to the namespaced entity ID notation (see [Ditto documentation on namespaced entity IDs](https://www.eclipse.org/ditto/basic-namespaces-and-names.html#namespaced-id)) |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/errors/advancedError.yml' |
| '401': |
| description: The request could not be completed due to missing authentication. |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/errors/advancedError.yml' |
| '404': |
| description: |- |
| The request could not be completed. The policy with the given ID or |
| the policy entry was not found in the context of the authenticated |
| user. |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/errors/advancedError.yml' |
| '412': |
| $ref: '../../responses/preconditionFailed.yml' |
| put: |
| summary: Create or modify all Subjects for a specific Label of a specific policy |
| description: |- |
| Create or modify at once ALL subjects of the policy entry identified |
| by the `policyId` path parameter, and by the `label` path parameter. |
| |
| ### Example - delete all subjects |
| To delete all subjects set an empty body { } |
| |
| ### Example - entities authenticated by nginx |
| To add a user authenticated via pre-authentication at nginx: |
| |
| ``` |
| { |
| "nginx:ID-user": { |
| "type": "pre authenticated user from nginx" |
| } |
| } |
| ``` |
| tags: |
| - Policies |
| parameters: |
| - $ref: '../../parameters/policyIdPathParam.yml' |
| - $ref: '../../parameters/labelPathParam.yml' |
| - $ref: '../../parameters/ifMatchHeaderParamHash.yml' |
| - $ref: '../../parameters/ifNoneMatchHeaderParam.yml' |
| - $ref: '../../parameters/timeoutParam.yml' |
| - $ref: '../../parameters/responseRequiredParam.yml' |
| responses: |
| '204': |
| description: The Subjects were successfully created or updated. |
| headers: |
| ETag: |
| description: |- |
| The (current server-side) ETag for this (sub-)resource. For top-level resources it is in the format |
| "rev:[revision]", for sub-resources it has the format "hash:[calculated-hash]". |
| schema: |
| type: string |
| '400': |
| description: |- |
| The request could not be completed. Possible reasons: |
| |
| * the `policyId` does not conform to the namespaced entity ID notation (see [Ditto documentation on namespaced entity IDs](https://www.eclipse.org/ditto/basic-namespaces-and-names.html#namespaced-id)) |
| * the JSON body of the policy subjects to be created/modified is invalid |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/errors/advancedError.yml' |
| '401': |
| description: The request could not be completed due to missing authentication. |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/errors/advancedError.yml' |
| '403': |
| description: |- |
| The request could not be completed. Possible reasons: |
| * the caller has insufficient permissions. |
| You need `WRITE` permission on the `policy:/entries/{label}/subjects` resource, |
| without any revoke in a deeper path of the policy resource. |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/errors/advancedError.yml' |
| '404': |
| description: |- |
| The request could not be completed. The policy with the given ID was |
| not found in the context of the authenticated user. |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/errors/advancedError.yml' |
| '412': |
| $ref: '../../responses/preconditionFailed.yml' |
| '413': |
| $ref: '../../responses/entityTooLarge.yml' |
| requestBody: |
| content: |
| application/json: |
| schema: |
| $ref: '../../schemas/policies/subjects.yml' |
| description: |- |
| JSON representation of the Subjects. |
| |
| |
| Use the placeholder `{{ request:subjectId }}` in order to let the |
| backend insert the authenticated subjectId of the HTTP request. |
| required: true |