argoproj-labs
diff --git a/‎openapi/ephemeral-access-openapi.yaml
+399 b/‎openapi/ephemeral-access-openapi.yaml
+399
@@ -0,0 +1,399 @@
+components:
+schemas:
+AccessRequestResponseBody:
+additionalProperties: false
+properties:
+$schema:
+description: A URL to the JSON Schema for this object.
+examples:
+- https://example.com/schemas/AccessRequestResponseBody.json
+format: uri
+readOnly: true
+type: string
+expiresAt:
+description: The timestamp the access will expire (RFC3339 format).
+examples:
+- "2024-02-14T18:25:50Z"
+format: date-time
+type: string
+message:
+description: A human readeable description with details about the access request.
+examples:
+- "Click the link to see more details: ..."
+type: string
+name:
+description: The access request name.
+examples:
+- some-accessrequest
+type: string
+namespace:
+description: The access request namespace.
+examples:
+- some-namespace
+type: string
+permission:
+description: The current permission description for the user.
+examples:
+- ReadOnly
+type: string
+requestedAt:
+description: The timestamp the access was requested (RFC3339 format).
+examples:
+- "2024-02-14T18:25:50Z"
+format: date-time
+type: string
+role:
+description: The current role the user is associated with.
+examples:
+- DevOps
+type: string
+status:
+description: The current access request status.
+enum:
+- REQUESTED
+- GRANTED
+- EXPIRED
+- DENIED
+examples:
+- GRANTED
+type: string
+username:
+description: The user associated with the access request.
+examples:
+- [email protected]
+type: string
+required:
+- name
+- namespace
+- username
+- permission
+type: object
+CreateAccessRequestBody:
+additionalProperties: false
+properties:
+$schema:
+description: A URL to the JSON Schema for this object.
+examples:
+- https://example.com/schemas/CreateAccessRequestBody.json
+format: uri
+readOnly: true
+type: string
+appName:
+description: The application to be associated with the access request (format <namespace>:<name>).
+examples:
+- some-namespace:app-name
+type: string
+username:
+description: The user to be associated with the access request.
+examples:
+- [email protected]
+type: string
+required:
+- username
+- appName
+type: object
+ErrorDetail:
+additionalProperties: false
+properties:
+location:
+description: Where the error occurred, e.g. 'body.items[3].tags' or 'path.thing-id'
+type: string
+message:
+description: Error message text
+type: string
+value:
+description: The value at the given location
+type: object
+ErrorModel:
+additionalProperties: false
+properties:
+$schema:
+description: A URL to the JSON Schema for this object.
+examples:
+- https://example.com/schemas/ErrorModel.json
+format: uri
+readOnly: true
+type: string
+detail:
+description: A human-readable explanation specific to this occurrence of the problem.
+examples:
+- Property foo is required but is missing.
+type: string
+errors:
+description: Optional list of individual error details
+items:
+$ref: "#/components/schemas/ErrorDetail"
+type:
+- array
+- "null"
+instance:
+description: A URI reference that identifies the specific occurrence of the problem.
+examples:
+- https://example.com/error-log/abc123
+format: uri
+type: string
+status:
+description: HTTP status code
+examples:
+- 400
+format: int64
+type: integer
+title:
+description: A short, human-readable summary of the problem type. This value should not change between occurrences of the error.
+examples:
+- Bad Request
+type: string
+type:
+default: about:blank
+description: A URI reference to human-readable documentation for the error.
+examples:
+- https://example.com/errors/example
+format: uri
+type: string
+type: object
+ListAccessRequestResponseBody:
+additionalProperties: false
+properties:
+$schema:
+description: A URL to the JSON Schema for this object.
+examples:
+- https://example.com/schemas/ListAccessRequestResponseBody.json
+format: uri
+readOnly: true
+type: string
+items:
+items:
+$ref: "#/components/schemas/AccessRequestResponseBody"
+type:
+- array
+- "null"
+required:
+- items
+type: object
+info:
+title: Ephemeral Access API
+version: 0.0.1
+openapi: 3.1.0
+paths:
+/accessrequests:
+get:
+description: Will retrieve a list of accessrequests respecting the search criteria provided as query params.
+operationId: list-accessrequest
+parameters:
+- description: The trusted ArgoCD username header. This should be automatically sent by Argo CD API server.
+example: [email protected]
+in: header
+name: Argocd-Username
+required: true
+schema:
+description: The trusted ArgoCD username header. This should be automatically sent by Argo CD API server.
+examples:
+- [email protected]
+type: string
+- description: The trusted ArgoCD user groups header. This should be automatically sent by Argo CD API server.
+example: group1,group2
+in: header
+name: Argocd-User-Groups
+required: true
+schema:
+description: The trusted ArgoCD user groups header. This should be automatically sent by Argo CD API server.
+examples:
+- group1,group2
+type: string
+- description: The trusted ArgoCD application header. This should be automatically sent by Argo CD API server.
+example: some-namespace:app-name
+in: header
+name: Argocd-Application-Name
+required: true
+schema:
+description: The trusted ArgoCD application header. This should be automatically sent by Argo CD API server.
+examples:
+- some-namespace:app-name
+type: string
+- description: The trusted ArgoCD project header. This should be automatically sent by Argo CD API server.
+example: some-project-name
+in: header
+name: Argocd-Project-Name
+required: true
+schema:
+description: The trusted ArgoCD project header. This should be automatically sent by Argo CD API server.
+examples:
+- some-project-name
+type: string
+- description: Will search for all access requests for the given username.
+example: [email protected]
+explode: false
+in: query
+name: username
+schema:
+description: Will search for all access requests for the given username.
+examples:
+- [email protected]
+type: string
+- description: Will search for all access requests for the given application (format <namespace>:<name>).
+example: namespace:some-app-name
+explode: false
+in: query
+name: appName
+schema:
+description: Will search for all access requests for the given application (format <namespace>:<name>).
+examples:
+- namespace:some-app-name
+type: string
+responses:
+"200":
+content:
+application/json:
+schema:
+$ref: "#/components/schemas/ListAccessRequestResponseBody"
+description: OK
+default:
+content:
+application/problem+json:
+schema:
+$ref: "#/components/schemas/ErrorModel"
+description: Error
+summary: List AccessRequests
+post:
+description: Will create an access request for the given user and application.
+operationId: create-accessrequest
+parameters:
+- description: The trusted ArgoCD username header. This should be automatically sent by Argo CD API server.
+example: [email protected]
+in: header
+name: Argocd-Username
+required: true
+schema:
+description: The trusted ArgoCD username header. This should be automatically sent by Argo CD API server.
+examples:
+- [email protected]
+type: string
+- description: The trusted ArgoCD user groups header. This should be automatically sent by Argo CD API server.
+example: group1,group2
+in: header
+name: Argocd-User-Groups
+required: true
+schema:
+description: The trusted ArgoCD user groups header. This should be automatically sent by Argo CD API server.
+examples:
+- group1,group2
+type: string
+- description: The trusted ArgoCD application header. This should be automatically sent by Argo CD API server.
+example: some-namespace:app-name
+in: header
+name: Argocd-Application-Name
+required: true
+schema:
+description: The trusted ArgoCD application header. This should be automatically sent by Argo CD API server.
+examples:
+- some-namespace:app-name
+type: string
+- description: The trusted ArgoCD project header. This should be automatically sent by Argo CD API server.
+example: some-project-name
+in: header
+name: Argocd-Project-Name
+required: true
+schema:
+description: The trusted ArgoCD project header. This should be automatically sent by Argo CD API server.
+examples:
+- some-project-name
+type: string
+requestBody:
+content:
+application/json:
+schema:
+$ref: "#/components/schemas/CreateAccessRequestBody"
+required: true
+responses:
+"200":
+content:
+application/json:
+schema:
+$ref: "#/components/schemas/AccessRequestResponseBody"
+description: OK
+default:
+content:
+application/problem+json:
+schema:
+$ref: "#/components/schemas/ErrorModel"
+description: Error
+summary: Create AccessRequest
+/accessrequests/{name}:
+get:
+description: Will retrieve the accessrequest by name
+operationId: get-accessrequest-by-name
+parameters:
+- description: The trusted ArgoCD username header. This should be automatically sent by Argo CD API server.
+example: [email protected]
+in: header
+name: Argocd-Username
+required: true
+schema:
+description: The trusted ArgoCD username header. This should be automatically sent by Argo CD API server.
+examples:
+- [email protected]
+type: string
+- description: The trusted ArgoCD user groups header. This should be automatically sent by Argo CD API server.
+example: group1,group2
+in: header
+name: Argocd-User-Groups
+required: true
+schema:
+description: The trusted ArgoCD user groups header. This should be automatically sent by Argo CD API server.
+examples:
+- group1,group2
+type: string
+- description: The trusted ArgoCD application header. This should be automatically sent by Argo CD API server.
+example: some-namespace:app-name
+in: header
+name: Argocd-Application-Name
+required: true
+schema:
+description: The trusted ArgoCD application header. This should be automatically sent by Argo CD API server.
+examples:
+- some-namespace:app-name
+type: string
+- description: The trusted ArgoCD project header. This should be automatically sent by Argo CD API server.
+example: some-project-name
+in: header
+name: Argocd-Project-Name
+required: true
+schema:
+description: The trusted ArgoCD project header. This should be automatically sent by Argo CD API server.
+examples:
+- some-project-name
+type: string
+- description: The access request name.
+example: some-name
+in: path
+name: name
+required: true
+schema:
+description: The access request name.
+examples:
+- some-name
+type: string
+- description: The namespace to use while searching for the access request.
+example: some-namespace
+explode: false
+in: query
+name: namespace
+schema:
+description: The namespace to use while searching for the access request.
+examples:
+- some-namespace
+type: string
+responses:
+"200":
+content:
+application/json:
+schema:
+$ref: "#/components/schemas/AccessRequestResponseBody"
+description: OK
+default:
+content:
+application/problem+json:
+schema:
+$ref: "#/components/schemas/ErrorModel"
+description: Error
+summary: Get AccessRequest