openapi: 3.0.1 info: title: IAM Policy API Specification description: This specification describes the endpoints of the IAM Catalog Service. version: 0-SNAPSHOT servers: - url: http://localhost description: local development host tags: - name: IAM Policy Discovery description: Support functions for reading application policy configuration - name: IAM Console Policy Catalog description: Browse catalog service definitions and role template that can be used in applications in IAM Console - name: IAM Console Application Policy Management description: Management functions for application policy configurations in IAM Console - name: IAM Console Application Role Definition Management description: Management functions for application role definitions in IAM Console - name: IAM Console Application Service Definition Management description: Management functions for application service definitions in IAM Console paths: /policy/v1/applications/{application-expression}/~import-policy-config: post: tags: - IAM Console Application Policy Management summary: Import application policy config description: Create or replace all application roles and application service definitions by application expression operationId: importApplicationPolicyConfig parameters: - $ref: '#/components/parameters/application-expression' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationPolicyConfigInV1' application/x-ndjson: schema: $ref: '#/components/schemas/ApplicationPolicyConfigInV1' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ApplicationPolicyConfigV1' application/x-ndjson: schema: $ref: '#/components/schemas/ApplicationPolicyConfigV1' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] /policy/v1/applications/{application-expression}/role-definitions: get: tags: - IAM Console Application Role Definition Management summary: Get application role definitions description: Read application role definitions by application expression operationId: getApplicationRoleDefinitions parameters: - $ref: '#/components/parameters/application-expression' responses: "200": description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationRoleDefinitionV1' application/x-ndjson: schema: type: array items: $ref: '#/components/schemas/ApplicationRoleDefinitionV1' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' security: - iam-console-token: [] put: tags: - IAM Console Application Role Definition Management summary: Upsert application role definitions description: Create or replace application role definitions by application expression operationId: upsertApplicationRoleDefinitions parameters: - $ref: '#/components/parameters/application-expression' - $ref: '#/components/parameters/returnUpdated' requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationRoleDefinitionInV1' application/x-ndjson: schema: type: array items: $ref: '#/components/schemas/ApplicationRoleDefinitionInV1' responses: "200": description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationRoleDefinitionV1' application/x-ndjson: schema: type: array items: $ref: '#/components/schemas/ApplicationRoleDefinitionV1' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] delete: tags: - IAM Console Application Role Definition Management summary: Delete application role definitions description: Remove application role definitions by application expression operationId: deleteApplicationRoleDefinitions parameters: - $ref: '#/components/parameters/application-expression' responses: "204": description: The request is processed and no content was returned "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] /policy/v1/applications/{application-expression}/role-definitions/{role-key}: get: tags: - IAM Console Application Role Definition Management summary: Get application role definition description: Read application role definition by application expression and role key operationId: getApplicationRoleDefinition parameters: - $ref: '#/components/parameters/application-expression' - $ref: '#/components/parameters/role-key' responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ApplicationRoleDefinitionV1' application/x-ndjson: schema: $ref: '#/components/schemas/ApplicationRoleDefinitionV1' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' security: - iam-console-token: [] put: tags: - IAM Console Application Role Definition Management summary: Upsert application role definition description: Create or replace application role definition by application expression and role key operationId: upsertApplicationRoleDefinition parameters: - $ref: '#/components/parameters/application-expression' - $ref: '#/components/parameters/role-key' - $ref: '#/components/parameters/returnUpdated' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationRoleDefinitionInWithoutKeyV1' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ApplicationRoleDefinitionV1' "204": $ref: '#/components/responses/NoContent' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] delete: tags: - IAM Console Application Role Definition Management summary: Delete application role definition description: Remove application role definition by application expression and role key operationId: deleteApplicationRoleDefinition parameters: - $ref: '#/components/parameters/application-expression' - $ref: '#/components/parameters/role-key' responses: "204": description: The request is processed and no content was returned "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] /policy/v1/applications/{application-expression}/service-definitions: get: tags: - IAM Console Application Service Definition Management summary: Get application service definitions description: Read application service definition by application expression operationId: getApplicationServiceDefinitions parameters: - $ref: '#/components/parameters/application-expression' responses: "200": description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationServiceDefinitionV1' application/x-ndjson: schema: type: array items: $ref: '#/components/schemas/ApplicationServiceDefinitionV1' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' security: - iam-console-token: [] put: tags: - IAM Console Application Service Definition Management summary: Upsert application service definitions description: Create or replace application service definitions by application expression operationId: upsertApplicationServiceDefinitions parameters: - $ref: '#/components/parameters/application-expression' - $ref: '#/components/parameters/returnUpdated' requestBody: content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationServiceDefinitionInV1' application/x-ndjson: schema: type: array items: $ref: '#/components/schemas/ApplicationServiceDefinitionInV1' responses: "200": description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/ApplicationServiceDefinitionV1' application/x-ndjson: schema: type: array items: $ref: '#/components/schemas/ApplicationServiceDefinitionV1' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] delete: tags: - IAM Console Application Service Definition Management summary: Delete application service definitions description: Remove application service definitions by application expression operationId: deleteApplicationServiceDefinitions parameters: - $ref: '#/components/parameters/application-expression' responses: "204": description: The request is processed and no content was returned "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] /policy/v1/applications/{application-expression}/service-definitions/{service-definition-key}: get: tags: - IAM Console Application Service Definition Management summary: Get application service definition description: Read application service definition by application expression and service definition key operationId: getApplicationServiceDefinition parameters: - $ref: '#/components/parameters/application-expression' - $ref: '#/components/parameters/service-definition-key' responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ApplicationServiceDefinitionV1' application/x-ndjson: schema: $ref: '#/components/schemas/ApplicationServiceDefinitionV1' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' security: - iam-console-token: [] put: tags: - IAM Console Application Service Definition Management summary: Upsert application service definition description: Create or replace application service definition by application expression and service definition key operationId: upsertApplicationServiceDefinition parameters: - $ref: '#/components/parameters/application-expression' - $ref: '#/components/parameters/service-definition-key' - $ref: '#/components/parameters/returnUpdated' requestBody: content: application/json: schema: $ref: '#/components/schemas/ApplicationServiceDefinitionInWithoutKeyV1' required: true responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/ApplicationServiceDefinitionV1' "204": $ref: '#/components/responses/NoContent' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] delete: tags: - IAM Console Application Service Definition Management summary: Delete application service definition description: Remove application service definition by application expression and service definition key operationId: deleteApplicationServiceDefinition parameters: - $ref: '#/components/parameters/application-expression' - $ref: '#/components/parameters/service-definition-key' responses: "204": description: The request is processed and no content was returned "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' "409": $ref: '#/components/responses/Conflict' security: - iam-console-token: [] /policy/v1/catalog-role-templates: get: tags: - IAM Console Policy Catalog summary: Get catalog role templates description: Read catalog role templates operationId: getCatalogRoleTemplates responses: "200": description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/CatalogRoleTemplateV1' application/x-ndjson: schema: type: array items: $ref: '#/components/schemas/CatalogRoleTemplateV1' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' security: - iam-console-token: [] /policy/v1/catalog-role-templates/{role-template-key}: get: tags: - IAM Console Policy Catalog summary: Get catalog role template description: Read catalog role template by its key operationId: getCatalogRoleTemplate parameters: - $ref: '#/components/parameters/role-template-key' responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/CatalogRoleTemplateV1' "400": $ref: '#/components/responses/BadRequest' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' "404": $ref: '#/components/responses/NotFound' security: - iam-console-token: [] /policy/v1/catalog-service-definitions: get: tags: - IAM Console Policy Catalog summary: Get catalog service definitions description: Read catalog service definitions operationId: getCatalogServiceDefinitions responses: "200": description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/CatalogServiceDefinitionV1' application/x-ndjson: schema: type: array items: $ref: '#/components/schemas/CatalogServiceDefinitionV1' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' security: - iam-console-token: [] /policy/v1/role-setup: get: tags: - IAM Policy Discovery summary: Get role setup for current application description: Read all roles for the current application for the given token operationId: getRoleSetup responses: "200": description: OK content: application/json: schema: $ref: '#/components/schemas/RoleSetupV1' "401": $ref: '#/components/responses/Unauthorized' "403": $ref: '#/components/responses/Forbidden' security: - iam-tenant-token: [] components: schemas: ApplicationPolicyConfigInV1: type: object properties: roleDefinitions: maxItems: 100 minItems: 0 type: array description: A list of configured roles for this application items: $ref: '#/components/schemas/ApplicationRoleDefinitionInV1' serviceDefinitions: maxItems: 100 minItems: 0 type: array description: Services that are declared for this application items: $ref: '#/components/schemas/ApplicationServiceDefinitionInV1' ApplicationPolicyConfigV1: required: - applicationId type: object properties: applicationId: type: string description: The globally unique identifier for an application roleDefinitions: type: array description: A list of configured roles for this application items: $ref: '#/components/schemas/ApplicationRoleDefinitionV1' serviceDefinitions: type: array description: Services that are declared for this application items: $ref: '#/components/schemas/ApplicationServiceDefinitionV1' ApplicationRoleDefinitionInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: "The identifier of a role, also know as 'roleKey'" example: ADMINISTRATOR name: maxLength: 64 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." servicePolicies: maxItems: 100 minItems: 0 type: array description: A list of service policies for the given role items: $ref: '#/components/schemas/ServicePolicyInV1' ApplicationRoleDefinitionInWithoutKeyV1: type: object properties: name: maxLength: 64 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." servicePolicies: maxItems: 100 minItems: 0 type: array description: A list of service policies for the given role items: $ref: '#/components/schemas/ServicePolicyInV1' ApplicationRoleDefinitionV1: required: - applicationId - changeId - createdAt - createdBy - key - lastModifiedAt - lastModifiedBy type: object properties: applicationId: type: string description: The globally unique identifier for an application key: type: string description: "The identifier of a role, also know as 'roleKey'" example: ADMINISTRATOR name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." servicePolicies: type: array description: A list of service policies for the given role items: $ref: '#/components/schemas/ServicePolicyV1' createdAt: type: string description: UTC date time when entity was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor lastModifiedAt: type: string description: UTC date time when entity was modified. This string is formatted according to RFC3339. format: date-time lastModifiedBy: type: string description: The globally unique identifier for an actor changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" ApplicationServiceDefinitionInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a service definition by its key example: exercise-tracking-service name: maxLength: 64 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." keyLevelSeparator: type: string description: Specifies any level separator for keys. Can be used in conjunction with key wildcards. permissionDefinitions: maxItems: 100 minItems: 0 type: array description: Permission definitions that are supported by this composition items: $ref: '#/components/schemas/PermissionDefinitionInV1' entityDefinitions: maxItems: 100 minItems: 0 type: array description: Entity definitions that are supported by this composition items: $ref: '#/components/schemas/EntityDefinitionInV1' ruleDefinitions: maxItems: 100 minItems: 0 type: array description: Rule definitions that are supported by this composition items: $ref: '#/components/schemas/RuleDefinitionInV1' ApplicationServiceDefinitionInWithoutKeyV1: type: object properties: name: maxLength: 64 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." keyLevelSeparator: type: string description: Specifies any level separator for keys. Can be used in conjunction with key wildcards. permissionDefinitions: maxItems: 100 minItems: 0 type: array description: Permission definitions that are supported by this composition items: $ref: '#/components/schemas/PermissionDefinitionInV1' entityDefinitions: maxItems: 100 minItems: 0 type: array description: Entity definitions that are supported by this composition items: $ref: '#/components/schemas/EntityDefinitionInV1' ruleDefinitions: maxItems: 100 minItems: 0 type: array description: Rule definitions that are supported by this composition items: $ref: '#/components/schemas/RuleDefinitionInV1' ApplicationServiceDefinitionV1: required: - applicationId - changeId - createdAt - createdBy - key - lastModifiedAt - lastModifiedBy type: object properties: applicationId: type: string description: The globally unique identifier for an application key: type: string description: Identifies a service definition by its key name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." keyLevelSeparator: type: string description: Specifies any level separator for keys. Can be used in conjunction with key wildcards. permissionDefinitions: type: array description: Permission definitions that are supported by this composition items: $ref: '#/components/schemas/PermissionDefinitionV1' entityDefinitions: type: array description: Entity definitions that are supported by this composition items: $ref: '#/components/schemas/EntityDefinitionV1' ruleDefinitions: type: array description: Rule definitions that are supported by this composition items: $ref: '#/components/schemas/RuleDefinitionV1' createdAt: type: string description: UTC date time when entity was created. This string is formatted according to RFC3339. format: date-time createdBy: type: string description: The globally unique identifier for an actor lastModifiedAt: type: string description: UTC date time when entity was modified. This string is formatted according to RFC3339. format: date-time lastModifiedBy: type: string description: The globally unique identifier for an actor changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" CatalogRoleTemplateV1: required: - changeId - key - vendor type: object properties: key: type: string description: "The identifier of a role, also know as 'roleKey'" example: ADMINISTRATOR name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." vendor: type: string description: The author of the role template servicePolicies: type: array description: A list of service policies for the given role items: $ref: '#/components/schemas/ServicePolicyV1' changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" CatalogServiceDefinitionV1: required: - changeId - key - vendor type: object properties: key: type: string description: Identifies a service definition by its key vendor: type: string description: The author of the service name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." keyLevelSeparator: type: string description: Specifies any level separator for keys. Can be used in conjunction with key wildcards. permissionDefinitions: type: array description: Permission definitions that are supported by this composition items: $ref: '#/components/schemas/PermissionDefinitionV1' entityDefinitions: type: array description: Entity definitions that are supported by this composition items: $ref: '#/components/schemas/EntityDefinitionV1' ruleDefinitions: type: array description: Rule definitions that are supported by this composition items: $ref: '#/components/schemas/RuleDefinitionV1' changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" EntityDefinitionInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a entity definition by its key for a service example: vehicle name: maxLength: 64 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." fields: maxItems: 100 minItems: 0 type: array items: $ref: '#/components/schemas/EntityFieldDefinitionInV1' description: Entity definitions that are supported by this composition EntityDefinitionV1: required: - key type: object properties: key: type: string description: Identifies a entity definition by its key for a service name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." fields: type: array items: $ref: '#/components/schemas/EntityFieldDefinitionV1' description: Entity definitions that are supported by this composition EntityFieldDefinitionInV1: required: - key type: object properties: key: maxLength: 256 minLength: 1 pattern: "^([a-zA-Z0-9-_]{1,64}(\\.[a-zA-Z0-9-_]{1,64})*){1,256}$" type: string description: Identifies a entity field by its key for an entity example: serialNumber name: maxLength: 64 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." projection: $ref: '#/components/schemas/EntityFieldProjectionDefinitionInV1' filter: $ref: '#/components/schemas/EntityFieldFilterDefinitionInV1' EntityFieldDefinitionV1: required: - key type: object properties: key: type: string description: Identifies a entity field by its key for an entity name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." projection: $ref: '#/components/schemas/EntityFieldProjectionDefinitionV1' filter: $ref: '#/components/schemas/EntityFieldFilterDefinitionV1' EntityFieldFilterDefinitionInV1: required: - operators - supportSubfield - valueType type: object properties: valueType: $ref: '#/components/schemas/ValueTypeV1' valueTypeFormat: maxLength: 256 minLength: 0 type: string description: May hold additional meta information which describes the type. Can be used to indicate if a string is a date-time or as a schema reference for an object or array supportSubfield: type: boolean description: Defines if a sub-element of this type can be referenced. This is usually applicable if the type is a complex object or structure. operators: maxItems: 100 minItems: 1 type: array description: Defines which operators that are supported for this specific field items: type: string description: Defines which operators that are supported for this specific field description: Defines any filtering capabilities for a field EntityFieldFilterDefinitionV1: required: - operators - supportSubfield - valueType type: object properties: valueType: type: string description: A hint of the type of a value valueTypeFormat: type: string description: May hold additional meta information which describes the type. Can be used to indicate if a string is a date-time or as a schema reference for an object or array supportSubfield: type: boolean description: Defines if a sub-element of this type can be referenced. This is usually applicable if the type is a complex object or structure. operators: type: array description: Defines which operators that are supported for this specific field items: type: string description: Defines which operators that are supported for this specific field description: Defines any filtering capabilities for a field EntityFieldProjectionDefinitionInV1: required: - supported type: object properties: supported: type: boolean description: If the field is available for projection or not subfieldConditions: type: array description: Defines which fields that could be referenced as a condition when applying subfield projection items: maxLength: 256 minLength: 1 pattern: "^([a-zA-Z0-9-_]{1,64}(\\.[a-zA-Z0-9-_]{1,64})*){1,256}$" type: string description: Identifies a entity field by its key for an entity example: serialNumber projectableSubfields: type: array description: Defines which fields that could be configured for field projection when applying subfield projection items: maxLength: 256 minLength: 1 pattern: "^([a-zA-Z0-9-_]{1,64}(\\.[a-zA-Z0-9-_]{1,64})*){1,256}$" type: string description: Identifies a entity field by its key for an entity example: serialNumber description: Definition of the projection capabilities for a field EntityFieldProjectionDefinitionV1: required: - supported type: object properties: supported: type: boolean description: If the field is available for projection or not subfieldConditions: type: array description: Defines which fields that could be referenced as a condition when applying subfield projection items: type: string description: Identifies a entity field by its key for an entity projectableSubfields: type: array description: Defines which fields that could be configured for field projection when applying subfield projection items: type: string description: Identifies a entity field by its key for an entity description: Definition of the projection capabilities for a field ErrorDetailV1: required: - code type: object properties: field: type: string description: A reference to a field or parameter which cannot be processed code: type: string description: "A code which indicated the type of error, documented per service" message: type: string description: "Additional information, intended for developers" description: "Additional error details, usually used for form validation. Documented\ \ per service and endpoint." ErrorV1: required: - errorId type: object properties: errorId: type: string description: "An error identifier for the request, to be provided in troubleshooting." code: type: string description: An error code which describes this error. Documented per service and endpoint. message: type: string description: A human readable message of error. Intended for developers. details: type: array description: "Additional error details, usually used for form validation.\ \ Documented per service and endpoint." items: $ref: '#/components/schemas/ErrorDetailV1' PermissionDefinitionInV1: required: - key - status type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a permission definition by its key for a service example: read name: maxLength: 64 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." status: type: string description: Life cycle status for this permission definition enum: - EXPERIMENTAL - GA - DEPRECATED supportedEntities: maxItems: 100 minItems: 0 type: array description: References to entities that are related to this permission items: $ref: '#/components/schemas/PermissionDefinitionSupportedEntityInV1' supportedRules: maxItems: 100 minItems: 0 type: array description: References to rules that are related to this permission items: $ref: '#/components/schemas/PermissionDefinitionSupportedRuleInV1' description: Permission definitions that are supported by this composition PermissionDefinitionSupportedEntityInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a entity definition by its key for a service example: vehicle description: References to entities that are related to this permission PermissionDefinitionSupportedEntityV1: required: - key type: object properties: key: type: string description: Identifies a entity definition by its key for a service description: References to entities that are related to this permission PermissionDefinitionSupportedRuleInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a rule by its key for a service example: rule-abc presenceHint: type: string description: "This is a configuration hint which details if the rule must,\ \ should be present or if it is optional" enum: - MUST - SHOULD - OPTIONAL description: References to rules that are related to this permission PermissionDefinitionSupportedRuleV1: required: - key type: object properties: key: type: string description: Identifies a rule by its key for a service presenceHint: type: string description: "This is a configuration hint which details if the rule must,\ \ should be present or if it is optional" description: References to rules that are related to this permission PermissionDefinitionV1: required: - key - status type: object properties: key: type: string description: Identifies a permission definition by its key for a service name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." status: type: string description: Life cycle status for this permission definition supportedEntities: type: array description: References to entities that are related to this permission items: $ref: '#/components/schemas/PermissionDefinitionSupportedEntityV1' supportedRules: type: array description: References to rules that are related to this permission items: $ref: '#/components/schemas/PermissionDefinitionSupportedRuleV1' description: Permission definitions that are supported by this composition PermissionEntityConditionInV1: type: object properties: fieldCondition: $ref: '#/components/schemas/PermissionEntityFieldConditionInV1' operator: type: string description: The operator to apply on the configured entries in a condition enum: - AND - OR conditions: maxItems: 100 minItems: 0 type: array description: Any conditions which may filer out any rows of the entity items: $ref: '#/components/schemas/PermissionEntityConditionInV1' description: "An entity filter condition, used for row filtering. Can be nested.\ \ Either the 'fieldCondition' attribute is populated or the 'operator' and\ \ 'conditions' attribute." PermissionEntityConditionV1: type: object properties: fieldCondition: $ref: '#/components/schemas/PermissionEntityFieldConditionV1' operator: type: string description: The operator to apply on the configured entries in a condition conditions: type: array description: Any conditions which may filer out any rows of the entity items: $ref: '#/components/schemas/PermissionEntityConditionV1' description: "An entity filter condition, used for row filtering. Can be nested.\ \ Either the 'fieldCondition' attribute is populated or the 'operator' and\ \ 'conditions' attribute." PermissionEntityFieldConditionInV1: required: - field - operator type: object properties: field: maxLength: 256 minLength: 1 pattern: "^([a-zA-Z0-9-_]{1,64}(\\.[a-zA-Z0-9-_]{1,64})*){1,256}$" type: string description: Identifies a entity field by its key for an entity example: serialNumber description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." path: type: string description: For fields of type 'object' this field specifies how to traverse this object to an underlying attribute operator: type: string description: The operation to apply to the given field and any provided values values: maxItems: 100 minItems: 0 type: array description: Values to be used in conjunction with the operator to determine if the field condition is true or false items: type: string description: Values to be used in conjunction with the operator to determine if the field condition is true or false description: Condition that is applied to a field of the current database row PermissionEntityFieldConditionV1: required: - field - operator type: object properties: field: type: string description: Identifies a entity field by its key for an entity description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." path: type: string description: For fields of type 'object' this field specifies how to traverse this object to an underlying attribute operator: type: string description: The operation to apply to the given field and any provided values values: type: array description: Values to be used in conjunction with the operator to determine if the field condition is true or false items: type: string description: Values to be used in conjunction with the operator to determine if the field condition is true or false description: Condition that is applied to a field of the current database row PermissionEntityFieldProjectionInV1: required: - field - mode type: object properties: field: maxLength: 256 minLength: 1 pattern: "^([a-zA-Z0-9-_]{1,64}(\\.[a-zA-Z0-9-_]{1,64})*){1,256}$" type: string description: Identifies a entity field by its key for an entity example: serialNumber description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." mode: $ref: '#/components/schemas/ProjectionModeTypeV1' subfieldProjections: maxItems: 100 minItems: 0 type: array description: Projection options for subfields items: $ref: '#/components/schemas/PermissionEntityFieldSubfieldProjectionInV1' description: Projection options for the fields of the entity PermissionEntityFieldProjectionV1: required: - field - mode type: object properties: field: type: string description: Identifies a entity field by its key for an entity description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." mode: type: string description: Indicates if the field shall be included in the result. Defaults to INCLUDE if omitted. default: INCLUDE subfieldProjections: type: array description: Projection options for subfields items: $ref: '#/components/schemas/PermissionEntityFieldSubfieldProjectionV1' description: Projection options for the fields of the entity PermissionEntityFieldSubfieldConditionInV1: required: - field - operator - values type: object properties: field: maxLength: 256 minLength: 1 pattern: "^([a-zA-Z0-9-_]{1,64}(\\.[a-zA-Z0-9-_]{1,64})*){1,256}$" type: string description: Identifies a entity field by its key for an entity example: serialNumber operator: type: string description: The operation to apply to the given field and any provided values default: ANY_OF enum: - ANY_OF - NONE_OF values: maxItems: 100 minItems: 1 type: array description: A set of values where one should match the underlying field value items: type: string description: A set of values where one should match the underlying field value description: Defines a field and matching value that are to match in order for subfield entry to be included in a subfield projection PermissionEntityFieldSubfieldConditionV1: required: - field - operator - values type: object properties: field: type: string description: Identifies a entity field by its key for an entity operator: type: string description: The operation to apply to the given field and any provided values values: type: array description: A set of values where one should match the underlying field value items: type: string description: A set of values where one should match the underlying field value description: Defines a field and matching value that are to match in order for subfield entry to be included in a subfield projection PermissionEntityFieldSubfieldProjectionInV1: type: object properties: filter: $ref: '#/components/schemas/PermissionEntityFieldSubfieldConditionInV1' includeSubfields: maxItems: 100 minItems: 0 type: array description: Subfields to include items: maxLength: 256 minLength: 1 pattern: "^([a-zA-Z0-9-_]{1,64}(\\.[a-zA-Z0-9-_]{1,64})*){1,256}$" type: string description: Identifies a entity field by its key for an entity example: serialNumber description: Projection options for subfields PermissionEntityFieldSubfieldProjectionV1: type: object properties: filter: $ref: '#/components/schemas/PermissionEntityFieldSubfieldConditionV1' includeSubfields: type: array description: Subfields to include items: type: string description: Identifies a entity field by its key for an entity description: Projection options for subfields PermissionEntityInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a entity definition by its key for a service example: vehicle description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." projection: $ref: '#/components/schemas/PermissionEntityProjectionInV1' filterCondition: $ref: '#/components/schemas/PermissionEntityConditionInV1' description: Any projections or filters that are applied to respective entities PermissionEntityProjectionInV1: type: object properties: fieldProjections: maxItems: 100 minItems: 0 type: array description: Projection options for the fields of the entity items: $ref: '#/components/schemas/PermissionEntityFieldProjectionInV1' description: Projection configuration for an entity PermissionEntityProjectionV1: type: object properties: fieldProjections: type: array description: Projection options for the fields of the entity items: $ref: '#/components/schemas/PermissionEntityFieldProjectionV1' description: Projection configuration for an entity PermissionEntityV1: required: - key type: object properties: key: type: string description: Identifies a entity definition by its key for a service description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." projection: $ref: '#/components/schemas/PermissionEntityProjectionV1' filterCondition: $ref: '#/components/schemas/PermissionEntityConditionV1' description: Any projections or filters that are applied to respective entities PermissionInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a permission definition by its key for a service example: read description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." entities: maxItems: 100 minItems: 0 type: array description: Any projections or filters that are applied to respective entities items: $ref: '#/components/schemas/PermissionEntityInV1' rules: maxItems: 100 minItems: 0 type: array description: Any rules that are applied when processing requests items: $ref: '#/components/schemas/PermissionRuleInV1' description: List of configured permissions PermissionRuleInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a rule by its key for a service example: rule-abc description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." operator: type: string description: The operation to apply for any provided values values: maxItems: 100 minItems: 0 type: array description: Values configured for this rule items: type: string description: Values configured for this rule description: Any rules that are applied when processing requests PermissionRuleV1: required: - key type: object properties: key: type: string description: Identifies a rule by its key for a service description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." operator: type: string description: The operation to apply for any provided values values: type: array description: Values configured for this rule items: type: string description: Values configured for this rule description: Any rules that are applied when processing requests PermissionV1: required: - key type: object properties: key: type: string description: Identifies a permission definition by its key for a service description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." entities: type: array description: Any projections or filters that are applied to respective entities items: $ref: '#/components/schemas/PermissionEntityV1' rules: type: array description: Any rules that are applied when processing requests items: $ref: '#/components/schemas/PermissionRuleV1' description: List of configured permissions ProjectionModeTypeV1: type: string description: Indicates if the field shall be included in the result. Defaults to INCLUDE if omitted. default: INCLUDE enum: - INCLUDE - EXCLUDE RoleSetupV1: required: - applicationId - changeId type: object properties: applicationId: type: string description: The globally unique identifier for an application roles: type: array description: A list of configured roles for this application items: $ref: '#/components/schemas/RoleV1' changeId: type: string description: Text representation of changeId sequence number example: "7380283282446876762" RoleV1: required: - key type: object properties: key: type: string description: "The identifier of a role, also know as 'roleKey'" example: ADMINISTRATOR name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." servicePolicies: type: array description: A list of service policies for the given role items: $ref: '#/components/schemas/ServicePolicyV1' description: A list of configured roles for this application RuleDefinitionInV1: required: - key type: object properties: key: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a rule by its key for a service example: rule-abc name: maxLength: 64 type: string description: "A name, usually for an entity" example: John Doe description: maxLength: 4096 type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." supportedValueType: $ref: '#/components/schemas/ValueTypeV1' supportedValueTypeFormat: maxLength: 256 minLength: 0 type: string description: May hold additional meta information which describes the type. Can be used to indicate if a string is a date-time or as a schema reference for an object or array supportedValues: maxItems: 100 minItems: 0 type: array items: type: string supportedOperators: maxItems: 100 minItems: 0 type: array items: type: string description: Rule definitions that are supported by this composition RuleDefinitionV1: required: - key type: object properties: key: type: string description: Identifies a rule by its key for a service name: type: string description: "A name, usually for an entity" example: John Doe description: type: string description: "A description, usually for an entity" example: "Lorem ipsum dolor sit amet, consectetur adipiscing elit." supportedValueType: type: string description: A hint of the type of a value supportedValueTypeFormat: type: string description: May hold additional meta information which describes the type. Can be used to indicate if a string is a date-time or as a schema reference for an object or array supportedValues: type: array items: type: string supportedOperators: type: array items: type: string description: Rule definitions that are supported by this composition ServicePolicyInV1: required: - permissions - serviceDefinitionKey - serviceDefinitionSource type: object properties: serviceDefinitionSource: type: string description: The service definition source describes the origin of the definition enum: - APPLICATION - CATALOG serviceDefinitionKey: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a service definition by its key example: exercise-tracking-service permissions: maxItems: 100 minItems: 1 type: array description: List of configured permissions items: $ref: '#/components/schemas/PermissionInV1' description: A list of service policies for the given role ServicePolicyV1: required: - permissions - serviceDefinitionKey - serviceDefinitionSource type: object properties: serviceDefinitionSource: type: string description: The service policy schema source describes the origin of the schema serviceDefinitionKey: type: string description: Identifies a service definition by its key permissions: type: array description: List of configured permissions items: $ref: '#/components/schemas/PermissionV1' description: A list of service policies for the given role ValueTypeV1: type: string description: A hint of the type of a value enum: - STRING - INTEGER - NUMBER - BOOLEAN - OBJECT - ARRAY responses: NoContent: description: The request is processed and no content was returned BadRequest: description: "The request is malformed, see error data for additional information" content: application/json: schema: $ref: '#/components/schemas/ErrorV1' Unauthorized: description: The request did not have valid authentication credentials content: application/json: schema: $ref: '#/components/schemas/ErrorV1' Forbidden: description: The requester is not authorized to perform this action content: application/json: schema: $ref: '#/components/schemas/ErrorV1' NotFound: description: The resource could not be found content: application/json: schema: $ref: '#/components/schemas/ErrorV1' Conflict: description: "The request could not be processed due to a conflict in state,\ \ see error data for additional information" content: application/json: schema: $ref: '#/components/schemas/ErrorV1' parameters: application-expression: name: application-expression in: path required: true schema: pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: "Used to identify a specific applicationId. The available options\ \ are: \n* '{applicationId}' - direct applicationId reference" returnUpdated: name: returnUpdated in: query description: To return the entity after successful update or not schema: type: boolean default: false role-key: name: role-key in: path required: true schema: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: "The identifier of a role, also know as 'roleKey'" example: ADMINISTRATOR role-template-key: name: role-template-key in: path required: true schema: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: "The identifier of a role, also know as 'roleKey'" example: ADMINISTRATOR service-definition-key: name: service-definition-key in: path required: true schema: maxLength: 64 minLength: 1 pattern: "^[a-zA-Z0-9-_.]{1,64}$" type: string description: Identifies a service definition by its key example: exercise-tracking-service securitySchemes: iam-console-token: type: http scheme: bearer bearerFormat: IAM issued jwt token for the IAM console application iam-tenant-token: type: http scheme: bearer bearerFormat: IAM issued jwt token for a generic application