Skip to content

Commit 43a1893

Browse files
BenPopeBenPope
authored
Merge pull request #26319 from BenPope/core-10602/sr_authz/swagger
[CORE-10602] schema_registry: Add swagger for ACL management
2 parents 7c4b73a + fd4f6a6 commit 43a1893

File tree

2 files changed

+283
-3
lines changed

2 files changed

+283
-3
lines changed

src/v/pandaproxy/api/api-doc/schema_registry.json

Lines changed: 209 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1226,5 +1226,212 @@
12261226
}
12271227
}
12281228
}
1229-
}
1230-
1229+
},
1230+
"/security/acls": {
1231+
"get": {
1232+
"summary": "List ACLs",
1233+
"description": "Returns a list of rules that match the specified filters.",
1234+
"operationId": "get_security_acls",
1235+
"produces": [
1236+
"application/json"
1237+
],
1238+
"parameters": [
1239+
{
1240+
"name": "principal",
1241+
"in": "query",
1242+
"type": "string",
1243+
"description": "The name of the principal (e.g., user or role). Use \"*\" to represent wildcard."
1244+
},
1245+
{
1246+
"name": "principal_type",
1247+
"in": "query",
1248+
"type": "string",
1249+
"enum": ["USER", "ROLE"],
1250+
"description": "The type of the principal."
1251+
},
1252+
{
1253+
"name": "resource",
1254+
"in": "query",
1255+
"type": "string",
1256+
"description": "The name of the resource. Use \"*\" to represent wildcard."
1257+
},
1258+
{
1259+
"name": "resource_type",
1260+
"in": "query",
1261+
"type": "string",
1262+
"enum": ["GLOBAL", "SUBJECT"],
1263+
"description": "Type of the resource being secured."
1264+
},
1265+
{
1266+
"name": "pattern_type",
1267+
"in": "query",
1268+
"type": "string",
1269+
"enum": ["LITERAL", "PREFIX"],
1270+
"description": "Pattern match type for the resource. Only applies when resource_type is SUBJECT."
1271+
},
1272+
{
1273+
"name": "host",
1274+
"in": "query",
1275+
"type": "string",
1276+
"description": "Originating host for which this rule applies. Use \"*\" to represent wildcard."
1277+
},
1278+
{
1279+
"name": "operation",
1280+
"in": "query",
1281+
"type": "string",
1282+
"enum": ["ALL", "READ", "WRITE", "REMOVE", "DESCRIBE", "DESCRIBE_CONFIGS", "ALTER", "ALTER_CONFIGS"],
1283+
"description": "The operation to allow or deny."
1284+
},
1285+
{
1286+
"name": "permission",
1287+
"in": "query",
1288+
"type": "string",
1289+
"enum": ["ALLOW", "DENY"],
1290+
"description": "Specifies whether the operation is allowed or denied."
1291+
}
1292+
],
1293+
"responses": {
1294+
"200": {
1295+
"description": "List ACLs",
1296+
"schema": {
1297+
"type": "array",
1298+
"items": {
1299+
"$ref": "#/definitions/security_acl"
1300+
}
1301+
},
1302+
"examples": {
1303+
"application/json": [
1304+
{
1305+
"principal": "alice",
1306+
"principal_type": "USER",
1307+
"resource": "model-",
1308+
"resource_type": "SUBJECT",
1309+
"pattern_type": "PREFIX",
1310+
"operation": "READ",
1311+
"permission": "ALLOW",
1312+
"host": "*"
1313+
}
1314+
]
1315+
}
1316+
},
1317+
"401": {
1318+
"description": "Unauthorized",
1319+
"schema": {
1320+
"$ref": "#/definitions/error_body"
1321+
}
1322+
},
1323+
"403": {
1324+
"description": "Forbidden",
1325+
"schema": {
1326+
"$ref": "#/definitions/error_body"
1327+
}
1328+
},
1329+
"500": {
1330+
"description": "Internal Server Error",
1331+
"schema": {
1332+
"$ref": "#/definitions/error_body"
1333+
}
1334+
}
1335+
}
1336+
},
1337+
"post": {
1338+
"summary": "Create ACLs",
1339+
"description": "Create new rules.",
1340+
"operationId": "post_security_acls",
1341+
"parameters": [
1342+
{
1343+
"name": "acls",
1344+
"in": "body",
1345+
"required": true,
1346+
"schema": {
1347+
"type": "array",
1348+
"items": {
1349+
"$ref": "#/definitions/security_acl"
1350+
}
1351+
}
1352+
}
1353+
],
1354+
"consumes": [
1355+
"application/json"
1356+
],
1357+
"produces": [
1358+
"application/json"
1359+
],
1360+
"responses": {
1361+
"201": {
1362+
"description": "ACLs created"
1363+
},
1364+
"400": {
1365+
"description": "Bad request",
1366+
"schema": {
1367+
"$ref": "#/definitions/error_body"
1368+
}
1369+
},
1370+
"401": {
1371+
"description": "Unauthorized",
1372+
"schema": {
1373+
"$ref": "#/definitions/error_body"
1374+
}
1375+
},
1376+
"403": {
1377+
"description": "Forbidden",
1378+
"schema": {
1379+
"$ref": "#/definitions/error_body"
1380+
}
1381+
},
1382+
"500": {
1383+
"description": "Internal Server Error",
1384+
"schema": {
1385+
"$ref": "#/definitions/error_body"
1386+
}
1387+
}
1388+
}
1389+
},
1390+
"delete": {
1391+
"summary": "Delete ACLs",
1392+
"description": "Delete ACL rules exactly matching the given definitions.",
1393+
"operationId": "delete_security_acls",
1394+
"parameters": [
1395+
{
1396+
"name": "acls",
1397+
"in": "body",
1398+
"required": true,
1399+
"schema": {
1400+
"type": "array",
1401+
"items": {
1402+
"$ref": "#/definitions/security_acl"
1403+
}
1404+
}
1405+
}
1406+
],
1407+
"responses": {
1408+
"201": {
1409+
"description": "ACLs deleted"
1410+
},
1411+
"400": {
1412+
"description": "Bad request",
1413+
"schema": {
1414+
"$ref": "#/definitions/error_body"
1415+
}
1416+
},
1417+
"401": {
1418+
"description": "Unauthorized",
1419+
"schema": {
1420+
"$ref": "#/definitions/error_body"
1421+
}
1422+
},
1423+
"403": {
1424+
"description": "Forbidden",
1425+
"schema": {
1426+
"$ref": "#/definitions/error_body"
1427+
}
1428+
},
1429+
"500": {
1430+
"description": "Internal Server Error",
1431+
"schema": {
1432+
"$ref": "#/definitions/error_body"
1433+
}
1434+
}
1435+
}
1436+
}
1437+
}

src/v/pandaproxy/api/api-doc/schema_registry_definitions.def.json

Lines changed: 74 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,4 +116,77 @@
116116
}
117117
},
118118
}
119-
}
119+
},
120+
"security_acl": {
121+
"type": "object",
122+
"required": [
123+
"principal",
124+
"principal_type",
125+
"resource",
126+
"resource_type",
127+
"pattern_type",
128+
"host",
129+
"operation",
130+
"permission"
131+
],
132+
"properties": {
133+
"principal": {
134+
"type": "string",
135+
"description": "The name of the principal (e.g., User or RedpandaRole). Use \"*\" to represent wildcard."
136+
},
137+
"principal_type": {
138+
"type": "string",
139+
"enum": [
140+
"USER",
141+
"REDPANDA_ROLE"
142+
],
143+
"description": "The type of the principal."
144+
},
145+
"resource": {
146+
"type": "string",
147+
"description": "The name of the resource. Use \"*\" to represent wildcard."
148+
},
149+
"resource_type": {
150+
"type": "string",
151+
"enum": [
152+
"GLOBAL",
153+
"SUBJECT"
154+
],
155+
"description": "Type of the resource being secured."
156+
},
157+
"pattern_type": {
158+
"type": "string",
159+
"enum": [
160+
"LITERAL",
161+
"PREFIX"
162+
],
163+
"description": "Pattern match type for the resource. Only applies when resource_type is SUBJECT."
164+
},
165+
"host": {
166+
"type": "string",
167+
"description": "Originating host for which this rule applies. Use \"*\" to represent wildcard."
168+
},
169+
"operation": {
170+
"type": "string",
171+
"enum": [
172+
"ALL",
173+
"READ",
174+
"WRITE",
175+
"REMOVE",
176+
"DESCRIBE",
177+
"DESCRIBE_CONFIGS",
178+
"ALTER",
179+
"ALTER_CONFIGS"
180+
],
181+
"description": "The operation to allow or deny."
182+
},
183+
"permission": {
184+
"type": "string",
185+
"enum": [
186+
"ALLOW",
187+
"DENY"
188+
],
189+
"description": "Specifies whether the operation is allowed or denied."
190+
}
191+
}
192+
}

0 commit comments

Comments
 (0)