content/operate/rs/references/rest-api/requests/roles/_index.md
| Method | Path | Description |
|---|---|---|
| GET | /v1/roles | Get all roles |
| GET | /v1/roles/{uid} | Get a single role |
| PUT | /v1/roles/{uid} | Update an existing role |
| POST | /v1/roles | Create a new role |
| DELETE | /v1/roles/{uid} | Delete a role |
GET /v1/roles
Get all roles' details.
| Permission name | Roles |
|---|---|
| [view_all_roles_info]({{< relref "/operate/rs/references/rest-api/permissions#view_all_roles_info" >}}) | admin |
| cluster_member | |
| cluster_viewer | |
| db_member | |
| db_viewer | |
| user_manager |
GET /v1/roles
| Key | Value | Description |
|---|---|---|
| Host | cnm.cluster.fqdn | Domain name |
| Accept | application/json | Accepted media type |
Returns a JSON array of [role objects]({{< relref "/operate/rs/references/rest-api/objects/role" >}}).
[
{
"uid": 1,
"name": "Admin",
"management": "admin"
},
{
"uid": 2,
"name": "Cluster Member",
"management": "cluster_member"
},
{
"uid": 3,
"name": "Cluster Viewer",
"management": "cluster_viewer"
},
{
"uid": 4,
"name": "DB Member",
"management": "db_member"
},
{
"uid": 5,
"name": "DB Viewer",
"management": "db_viewer"
},
{
"uid": 6,
"name": "None",
"management": "none"
},
{
"uid": 17,
"name": "DBA",
"management": "admin"
}
]
| Code | Description |
|---|---|
| 200 OK | No error |
| 501 Not Implemented | Cluster doesn't support roles yet. |
GET /v1/roles/{int: uid}
Get the details of a single role.
| Permission name | Roles |
|---|---|
| [view_role_info]({{< relref "/operate/rs/references/rest-api/permissions#view_role_info" >}}) | admin |
| cluster_member | |
| cluster_viewer | |
| db_member | |
| db_viewer | |
| user_manager |
GET /v1/roles/1
| Key | Value | Description |
|---|---|---|
| Host | cnm.cluster.fqdn | Domain name |
| Accept | application/json | Accepted media type |
| Field | Type | Description |
|---|---|---|
| uid | integer | The role's unique ID. |
Returns a [role object]({{< relref "/operate/rs/references/rest-api/objects/role" >}}).
{
"uid": 17,
"name": "DBA",
"management": "admin"
}
| Code | Description |
|---|---|
| 200 OK | Success. |
| 403 Forbidden | Operation is forbidden. |
| 404 Not Found | Role does not exist. |
| 501 Not Implemented | Cluster doesn't support roles yet. |
PUT /v1/roles/{int: uid}
Update an existing role's details.
| Permission name | Roles |
|---|---|
| [update_role]({{< relref "/operate/rs/references/rest-api/permissions#update_role" >}}) | admin |
| user_manager |
PUT /v1/roles/17
{
"management": "cluster_member"
}
| Key | Value | Description |
|---|---|---|
| Host | cnm.cluster.fqdn | Domain name |
| Accept | application/json | Accepted media type |
| Field | Type | Description |
|---|---|---|
| dry_run | Validate the updated [role object]({{< relref "/operate/rs/references/rest-api/objects/role" >}}) but don't apply the update. |
| Field | Type | Description |
|---|---|---|
| uid | integer | The role's unique ID. |
Include a [role object]({{< relref "/operate/rs/references/rest-api/objects/role" >}}) with updated fields in the request body.
Returns a [role object]({{< relref "/operate/rs/references/rest-api/objects/role" >}}) with the updated fields.
{
"uid": 17,
"name": "DBA",
"management": "cluster_member"
}
Possible error_code values:
| Code | Description |
|---|---|
| unsupported_resource | The cluster is not yet able to handle this resource type. This could happen in a partially upgraded cluster, where some of the nodes are still on a previous version. |
| name_already_exists | An object of the same type and name exists. |
| change_last_admin_role_not_allowed | At least one user with admin role should exist. |
| Code | Description |
|---|---|
| 200 OK | Success, role is created. |
| 400 Bad Request | Bad or missing configuration parameters. |
| 404 Not Found | Attempting to change a non-existant role. |
| 501 Not Implemented | Cluster doesn't support roles yet. |
POST /v1/roles
Create a new role.
| Permission name | Roles |
|---|---|
| [create_role]({{< relref "/operate/rs/references/rest-api/permissions#create_role" >}}) | admin |
| user_manager |
POST /v1/roles
{
"name": "DBA",
"management": "admin"
}
| Key | Value | Description |
|---|---|---|
| Host | cnm.cluster.fqdn | Domain name |
| Accept | application/json | Accepted media type |
| Field | Type | Description |
|---|---|---|
| dry_run | Validate the new [role object]({{< relref "/operate/rs/references/rest-api/objects/role" >}}) but don't apply the update. |
Include a [role object]({{< relref "/operate/rs/references/rest-api/objects/role" >}}) in the request body.
Returns the newly created [role object]({{< relref "/operate/rs/references/rest-api/objects/role" >}}).
{
"uid": 17,
"name": "DBA",
"management": "admin"
}
Possible error_codevalues:
| Code | Description |
|---|---|
| unsupported_resource | The cluster is not yet able to handle this resource type. This could happen in a partially upgraded cluster, where some of the nodes are still on a previous version. |
| name_already_exists | An object of the same type and name exists |
| missing_field | A needed field is missing |
| Code | Description |
|---|---|
| 200 OK | Success, role is created. |
| 400 Bad Request | Bad or missing configuration parameters. |
| 501 Not Implemented | Cluster doesn't support roles yet. |
curl -k -u "[username]:[password]" -X POST \
-H 'Content-Type: application/json' \
-d '{ "name": "DBA", "management": "admin" }' \
https://[host][:port]/v1/roles
import requests
import json
url = "https://[host][:port]/v1/roles"
headers = {
'Content-Type': 'application/json'
}
payload = json.dumps({
"name": "DBA",
"management": "admin"
})
auth=("[username]", "[password]")
response = requests.request("POST", url,
auth=auth, headers=headers, payload=payload, verify=False)
print(response.text)
DELETE /v1/roles/{int: uid}
Delete a role object.
| Permission name | Roles |
|---|---|
| [delete_role]({{< relref "/operate/rs/references/rest-api/permissions#delete_role" >}}) | admin |
| user_manager |
DELETE /v1/roles/1
| Key | Value | Description |
|---|---|---|
| Host | cnm.cluster.fqdn | Domain name |
| Accept | application/json | Accepted media type |
| Field | Type | Description |
|---|---|---|
| uid | integer | The role unique ID. |
Returns a status code to indicate role deletion success or failure.
| Code | Description |
|---|---|
| 200 OK | Success, the role is deleted. |
| 404 Not Found | Role does not exist. |
| 406 Not Acceptable | The request is not acceptable. |
| 501 Not Implemented | Cluster doesn't support roles yet. |