openapi/sources/paths/policies/deactivateTokenIntegrationForEntry.yml - gerrit/www.eclipse.org/ditto - Git at Google

 # Copyright (c) 2021 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
 #
 # This program and the accompanying materials are made available under the
 # terms of the Eclipse Public License 2.0 which is available at
 # http://www.eclipse.org/legal/epl-2.0
 #
 # SPDX-License-Identifier: EPL-2.0
 post:
   summary: Deactivate a subject for this policy entry derived from the token
   description: |-
     **This action only works when authenticated with a Json Web Token (JWT).**

     Based on the authenticated token (JWT), **this policy entry** is checked to match those conditions:
     * the authenticated token is granted the `EXECUTE` permission to perform the `deactivateTokenIntegration` action
     * one of the subject IDs is contained in the authenticated token

     When all conditions match, the calculated subject with information extracted from the authenticated JWT is **removed
     from this policy entry**.

     The injected subjects expire when the JWT expires. The `expiry` timestamp (a string in ISO-8601 format)
     specifies how long the specific subject will have access to the resource secured by the policy.
     The subject will be automatically deleted from the policy once this timestamp is reached.
     To give the subject a chance to prolong the access he can configure a connection to get announcements.
     Policy announcements are published to websockets and connections that have the relevant subject ID.

     The settings under `announcement` control when a policy announcement is published (before expiry or when deleted).
     If the field `requestedAcks` is set, then the announcements are published with at-least-once delivery until
     the acknowledgement requests under labels are fulfilled.
     If a "beforeExpiry" announcement was sent without acknowledgement requests, or the a "beforeExpiry"
     announcement was acknowledged, the "whenDeleted" announcement will not be triggered.
   tags:
     - Policies
   parameters:
     - $ref: '../../parameters/policyIdPathParam.yml'
     - $ref: '../../parameters/labelPathParam.yml'
   responses:
     '204':
       description: The request was successful. The subject was removed.
     '400':
       description: The request could not be completed because the authentication was not performed with a JWT.
     '403':
       description: |-
         The request could not be completed because the user did not have the `EXECUTE` permission on this policy entry.
     '404':
       description: |-
         The request could not be completed because this policy entry did not match the following conditions:
         * containing a a subject ID matching the JWT's authenticated subject
	# Copyright (c) 2021 Contributors to the Eclipse Foundation
	#
	# See the NOTICE file(s) distributed with this work for additional
	# information regarding copyright ownership.
	#
	# This program and the accompanying materials are made available under the
	# terms of the Eclipse Public License 2.0 which is available at
	# http://www.eclipse.org/legal/epl-2.0
	#
	# SPDX-License-Identifier: EPL-2.0
	post:
	summary: Deactivate a subject for this policy entry derived from the token
	description: \|-
	This action only works when authenticated with a Json Web Token (JWT).

	Based on the authenticated token (JWT), this policy entry is checked to match those conditions:
	* the authenticated token is granted the `EXECUTE` permission to perform the `deactivateTokenIntegration` action
	* one of the subject IDs is contained in the authenticated token

	When all conditions match, the calculated subject with information extracted from the authenticated JWT is **removed
	from this policy entry**.

	The injected subjects expire when the JWT expires. The `expiry` timestamp (a string in ISO-8601 format)
	specifies how long the specific subject will have access to the resource secured by the policy.
	The subject will be automatically deleted from the policy once this timestamp is reached.
	To give the subject a chance to prolong the access he can configure a connection to get announcements.
	Policy announcements are published to websockets and connections that have the relevant subject ID.

	The settings under `announcement` control when a policy announcement is published (before expiry or when deleted).
	If the field `requestedAcks` is set, then the announcements are published with at-least-once delivery until
	the acknowledgement requests under labels are fulfilled.
	If a "beforeExpiry" announcement was sent without acknowledgement requests, or the a "beforeExpiry"
	announcement was acknowledged, the "whenDeleted" announcement will not be triggered.
	tags:
	- Policies
	parameters:
	- $ref: '../../parameters/policyIdPathParam.yml'
	- $ref: '../../parameters/labelPathParam.yml'
	responses:
	'204':
	description: The request was successful. The subject was removed.
	'400':
	description: The request could not be completed because the authentication was not performed with a JWT.
	'403':
	description: \|-
	The request could not be completed because the user did not have the `EXECUTE` permission on this policy entry.
	'404':
	description: \|-
	The request could not be completed because this policy entry did not match the following conditions:
	* containing a a subject ID matching the JWT's authenticated subject