Permission
# List Project Permission Item Definitions
Request
GET /openapi/policy/resource-actions?projectName=<projectKey>&envType=<projectType>
1
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
projectName | string | Project Key | Yes |
envType | string | Project type, free project is pm, other types are k8s | Yes |
Success Response Description
| Parameter Name | Type | Description |
|---|---|---|
resource | string | Operation object |
alias | string | Operation object alias |
rules | []Rules | Operation items |
Operation Item Parameter Description
| Parameter Name | Type | Description |
|---|---|---|
action | string | Operation item definition |
alias | string | Operation item alias |
Success Response Example
[
{
"resource": "Workflow",
"alias": "Workflow",
"rules": [
{
"action": "get_workflow",
"alias": "View"
},
{
"action": "create_workflow",
"alias": "Create"
},
{
"action": "edit_workflow",
"alias": "Edit"
},
{
"action": "delete_workflow",
"alias": "Delete"
},
{
"action": "run_workflow",
"alias": "Execute"
},
{
"action": "debug_workflow",
"alias": "Debug"
}
]
},
{
"resource": "Environment",
"alias": "Test Environment",
"rules": [
{
"action": "get_environment",
"alias": "View"
},
{
"action": "create_environment",
"alias": "Create"
},
{
"action": "config_environment",
"alias": "Configure"
},
{
"action": "manage_environment",
"alias": "Manage Service Instances"
},
{
"action": "delete_environment",
"alias": "Delete"
},
{
"action": "debug_pod",
"alias": "Service Debug"
}
]
},
{
"resource": "ProductionEnvironment",
"alias": "Production Environment",
"rules": [
{
"action": "get_production_environment",
"alias": "View"
},
{
"action": "create_production_environment",
"alias": "Create"
},
{
"action": "config_production_environment",
"alias": "Configure"
},
{
"action": "edit_production_environment",
"alias": "Manage Service Instances"
},
{
"action": "delete_production_environment",
"alias": "Delete"
},
{
"action": "production_debug_pod",
"alias": "Service Debug"
}
]
},
{
"resource": "Service",
"alias": "Test Service",
"rules": [
{
"action": "get_service",
"alias": "View"
},
{
"action": "create_service",
"alias": "Create"
},
{
"action": "edit_service",
"alias": "Edit"
},
{
"action": "delete_service",
"alias": "Delete"
}
]
},
{
"resource": "ProductionService",
"alias": "Production Service",
"rules": [
{
"action": "get_production_service",
"alias": "View"
},
{
"action": "create_production_service",
"alias": "Create"
},
{
"action": "edit_production_service",
"alias": "Edit"
},
{
"action": "delete_production_service",
"alias": "Delete"
}
]
},
{
"resource": "Build",
"alias": "Build",
"rules": [
{
"action": "get_build",
"alias": "View"
},
{
"action": "create_build",
"alias": "Create"
},
{
"action": "edit_build",
"alias": "Edit"
},
{
"action": "delete_build",
"alias": "Delete"
}
]
},
{
"resource": "Test",
"alias": "Test",
"rules": [
{
"action": "get_test",
"alias": "View"
},
{
"action": "create_test",
"alias": "Create"
},
{
"action": "edit_test",
"alias": "Edit"
},
{
"action": "delete_test",
"alias": "Delete"
},
{
"action": "run_test",
"alias": "Execute"
}
]
},
{
"resource": "Scan",
"alias": "Code Scan",
"rules": [
{
"action": "get_scan",
"alias": "View"
},
{
"action": "create_scan",
"alias": "Create"
},
{
"action": "edit_scan",
"alias": "Edit"
},
{
"action": "delete_scan",
"alias": "Delete"
},
{
"action": "run_scan",
"alias": "Execute"
}
]
},
{
"resource": "Delivery",
"alias": "Version Management",
"rules": [
{
"action": "get_delivery",
"alias": "View"
},
{
"action": "create_delivery",
"alias": "Create"
},
{
"action": "delete_delivery",
"alias": "Delete"
}
]
}
]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
# List Project Role Information
Request
GET /openapi/policy/roles?namespace=<projectKey>
1
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Success Response Description
| Parameter Name | Type | Description |
|---|---|---|
id | int | ID |
name | string | Name |
namespace | string | Project unique identifier |
desc | string | Description |
type | string | Type, value custom indicates self-built type |
Success Response Example
[
{
"id": 51,
"name": "dev",
"namespace": "test-k8skv-2",
"desc": "",
"type": "custom"
},
{
"id": 1,
"name": "project-admin",
"namespace": "test-k8skv-2",
"desc": "",
"type": "system"
},
{
"id": 2,
"name": "read-only",
"namespace": "test-k8skv-2",
"desc": "",
"type": "system"
},
{
"id": 3,
"name": "read-project-only",
"namespace": "test-k8skv-2",
"desc": "",
"type": "system"
}
]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Get Project Role Details
Request
GET /openapi/policy/roles/:name?namespace=<projectKey>
1
Path Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
name | string | Role name | Yes |
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Success Response Description
| Parameter Name | Type | Description |
|---|---|---|
id | int | ID |
name | string | Name |
namespace | string | Project unique identifier |
rules | []Rule | Permission list |
desc | string | Description |
type | string | Type, value custom indicates self-built type |
Rule Parameter Description
| Parameter Name | Type | Description |
|---|---|---|
resource | string | Operation object |
verbs | []string | Permission items, specific values refer to permission definition interface |
Success Response Example
{
"id": 51,
"name": "dev",
"namespace": "test-k8skv-2",
"desc": "",
"type": "custom",
"rules": [
{
"resource": "Test",
"verbs": [
"get_test"
]
},
{
"resource": "Scan",
"verbs": [
"get_scan"
]
},
{
"resource": "Delivery",
"verbs": [
"get_delivery"
]
},
{
"resource": "Workflow",
"verbs": [
"get_workflow",
"run_workflow"
]
},
{
"resource": "ProductionEnvironment",
"verbs": [
"get_production_environment"
]
},
{
"resource": "Service",
"verbs": [
"get_service"
]
},
{
"resource": "ProductionService",
"verbs": [
"get_production_service"
]
},
{
"resource": "Build",
"verbs": [
"get_build"
]
},
{
"resource": "Environment",
"verbs": [
"get_environment"
]
}
]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# Create Project Role
Request
POST /openapi/policy/roles?namespace=<projectKey>
1
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Body Parameter Description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
name | Role name | string | Yes |
namespace | Project Key | string | Yes |
actions | Permission items | []string | Yes |
Body Parameter Example
{
"name": "test",
"actions":
[
"get_test",
"create_test",
"edit_test"
],
"namespace": "test-k8skv-2"
}
1
2
3
4
5
6
7
8
9
10
2
3
4
5
6
7
8
9
10
Success Response Example
{
"message": "success"
}
1
2
3
2
3
# Edit Project Role
Request
PUT /openapi/policy/roles/:name?namespace=<projectKey>
1
Path Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
name | string | Role name | Yes |
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Body Parameter Description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
actions | Permission items | []string | Yes |
Body Parameter Example
{
"actions":
[
"create_test",
"edit_test",
"get_test",
"get_build"
]
}
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
Success Response Example
{
"message": "success"
}
1
2
3
2
3
# Delete Project Role
Request
DELETE /openapi/policy/roles/:name?namespace=<projectKey>
1
Path Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
name | string | Role name | Yes |
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Body Parameter Description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
actions | Permission items | []string | Yes |
Body Parameter Example
{
"actions":
[
"create_test",
"edit_test",
"get_test",
"get_build"
]
}
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
Success Response Example
{
"message": "success"
}
1
2
3
2
3
# List Project Members
Request
GET /openapi/policy/role-bindings?namespace=<projectKey>
1
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Success Response Description
| Parameter Name | Type | Description |
|---|---|---|
binding_type | string | Member type, user for user, group for user group |
user_info | UserInfo(#userinfo-1) | User member information, effective when binding_type value is user |
group_info | UserInfo(#groupinfo-1) | User group member information, effective when binding_type value is group |
roles | []string | Assigned roles |
User Member Parameter Description
| Parameter Name | Description | Type |
|---|---|---|
uid | UID | string |
name | Username | string |
accout | Account name | string |
User Group Member Parameter Description
| Parameter Name | Description | Type |
|---|---|---|
group_id | Group ID | string |
name | User group name | string |
Success Response Example
[
{
"binding_type": "user",
"user_info": {
"identity_type": "system",
"uid": "d456d705-73a9-11ee-98cf-56ef622fc735",
"account": "demo",
"username": "demo"
},
"roles": [
"prod-test",
"read-project-only"
]
},
{
"binding_type": "user",
"user_info": {
"identity_type": "system",
"uid": "290a3f01-73aa-11ee-98cf-56ef622fc735",
"account": "leo",
"username": "leo"
},
"roles": [
"read-project-only"
]
},
{
"binding_type": "group",
"group_info": {
"group_id": "98256be6-6e53-11ee-a205-9653dd3e9c32",
"name": "XX"
},
"roles": [
"read-project-only"
]
},
{
"binding_type": "group",
"group_info": {
"group_id": "cce58580-5131-11ee-b458-4a4088364d94",
"name": "All Users"
},
"roles": [
"read-project-only"
]
}
]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Add Project Members
Request
POST /openapi/policy/role-bindings?namespace=<projectKey>
1
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Body Parameter Description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
role | Role type | string | Yes |
identities | Member data list | []identities | Yes |
Body Parameter Example
Member Data Parameter Description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
identity_type | Member type | string user or group | Yes |
gid | User group ID | string | Required when adding user group |
uid | User ID | string | Required when adding user |
{
"role": "read-project-only",
"identities":
[
{
"identity_type": "group",
"gid": "98256be6-6e53-11ee-a205-9653dd3e9c32"
},
{
"identity_type": "group",
"gid": "cce58580-5131-11ee-b458-4a4088364d94"
},
{
"identity_type": "user",
"uid": "ddd405d5-5131-11ee-b458-4a4088364d94"
}
]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Success Response Example
{
"message": "success"
}
1
2
3
2
3
# Update Project Member Roles
Request
POST /openapi/policy/role-bindings/user/:uid?namespace=<projectKey>
1
Path Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
uid | string | User ID | Yes |
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Body Parameter Description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
roles | Role list | []string | Yes |
Body Parameter Example
{
"roles":
[
"prod-test",
"read-project-only",
"lilian"
]
}
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
Success Response Example
{
"message": "success"
}
1
2
3
2
3
# Delete Project Member
Request
DELETE /openapi/policy/role-bindings/user/:uid?namespace=<projectKey>
1
Path Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
uid | string | User ID | Yes |
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Success Response Example
{
"message": "success"
}
1
2
3
2
3
# Update Project User Group Member Roles
Request
POST /openapi/policy/role-bindings/group/:gid?namespace=<projectKey>
1
Path Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
gid | string | User group ID | Yes |
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Body Parameter Description
| Parameter Name | Description | Type | Required |
|---|---|---|---|
roles | Role list | []string | Yes |
Body Parameter Example
{
"roles":
[
"prod-test",
"read-project-only",
"lilian"
]
}
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
Success Response Example
{
"message": "success"
}
1
2
3
2
3
# Delete Project User Group Member
Request
DELETE /openapi/policy/role-bindings/group/:gid?namespace=<projectKey>
1
Path Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
gid | string | User group ID | Yes |
Query Parameter Description
| Parameter Name | Type | Description | Required |
|---|---|---|---|
namespace | string | Project Key | Yes |
Success Response Example
{
"message": "success"
}
1
2
3
2
3
